« previous next »
Pages: [1] 2

Author Topic: Task Manager & Regedit inaccessible  (Read 2702 times)

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« on: December 09, 2008, 01:38:50 PM »
i cant open my task manager & registry editor. everytime i tried, it always show "Task Manager has been disabled by your administrator." for task manager. same goes for reg editor. i have formatted this comp before coz of same prob coz i was thinking it is virus or worm and it was okay for a while. now it came back and i dont like to reformat this again coz its too much work. also, before i reformatted this it always shows .exe in my drive folders. for example: i made a folder named "abc". then when i reboot i see abc folder as abc.exe. i stated this because it seems to be the same problem(not sure) as before. it starts from inaccessiblilty of task manager ang reg editor.
EDIT: it also seems my comp is slower than usual.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:33 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
E:\Debug\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3129 bytes

thanks.
« Last Edit: December 09, 2008, 01:53:18 PM by Evil Klown »
Logged

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #1 on: December 09, 2008, 01:44:43 PM »
additional info: sometimes there is a pop-up saying "Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" and i cant get rid of it unless i click ok or cancel for like 25x... i dont knw if this is related...
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #2 on: December 09, 2008, 02:32:19 PM »
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Can you post Both those logs please

NOTE: If you do get an error message trying to post those logs back to the forum
Can you simply upload them, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box
A copy of the files can also be found in this location
C:\rsit folder
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #3 on: December 09, 2008, 07:52:00 PM »
yeah i got the error msg... so i put it as attachment...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 08:41:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:53 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\Blizzard Installer Bootstrap - 0169eb00\Installer.exe
E:\Download\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3183 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Garena_setup.exe"="F:\Garena_setup.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE:*:Enabled:ipsec"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe:*:Enabled:ipsec"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:39 ----SHD---- C:\RECYCLER
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----SH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 00:29:39 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------
« Last Edit: December 09, 2008, 07:55:15 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #4 on: December 09, 2008, 07:58:07 PM »
Download ComboFix from one of these locations:

[color=\"#0000ff\"]Link 1[/color]
[color=\"#0000ff\"]Link 2[/color]

[color=\"#ff0000\"]* IMPORTANT !!! Save ComboFix.exe to your Desktop
[/color]
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #5 on: December 09, 2008, 08:17:06 PM »
i forgot to mention that before i reformatted this i tried to use combofix and it worked for like an hour then after that im back to inaccessible task manager and regedit...

ComboFix 08-12-07.04 - KhaoZ 2008-12-10  9:07:47.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.659 [GMT -8:00]
Running from: c:\documents and settings\KhaoZ\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


(((((((((((((((((((((((((   Files Created from 2008-11-10 to 2008-12-10  )))))))))))))))))))))))))))))))
.

2008-12-10 08:41 . 2008-12-10 08:41   <DIR>   d--------   C:\rsit
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\program files\DNA
2008-12-10 02:18 . 2008-12-10 02:18   <DIR>   d--------   c:\program files\BitTorrent
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\DNA
2008-12-10 02:04 . 2008-12-10 02:04   <DIR>   d--------   c:\documents and settings\KhaoZ\Incomplete
2008-12-10 02:04 . 2008-12-10 02:06   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29 . 2008-12-10 01:29   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\program files\Yahoo!
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-10 01:01 . 2008-12-10 01:30   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-10 00:59 . 2008-12-10 00:59   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:36 . 2008-12-10 00:36   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35 . 2008-12-10 00:37   <DIR>   d--------   c:\program files\Winamp
2008-12-10 00:35 . 2008-12-10 00:38   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-10 00:25 . 2008-12-10 00:24   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-10 00:25 . 2008-12-10 00:24   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-10 00:24 . 2008-12-10 00:24   <DIR>   d--------   c:\program files\Java
2008-12-10 00:12 . 2008-12-10 00:12   0   --a------   c:\windows\nsreg.dat
2008-12-09 23:08 . 2008-10-03 09:41   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-09 23:08 . 2007-04-17 01:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-09 23:08 . 2007-03-07 21:10   991,232   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-09 23:08 . 2008-08-25 23:24   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-09 23:08 . 2008-08-25 23:24   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-09 23:08 . 2008-08-25 23:24   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-09 23:08 . 2008-08-25 23:24   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-09 23:08 . 2008-08-25 23:24   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-09 23:08 . 2008-08-25 00:38   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a------   c:\windows\system32\drivers\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a--c---   c:\windows\system32\dllcache\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a------   c:\windows\system32\drivers\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a--c---   c:\windows\system32\dllcache\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a------   c:\windows\system32\drivers\DMusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a--c---   c:\windows\system32\dllcache\dmusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a------   c:\windows\system32\drivers\splitter.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a--c---   c:\windows\system32\dllcache\splitter.sys
2008-12-09 22:59 . 2008-09-04 09:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-12-09 22:58 . 2008-08-14 02:11   2,189,184   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-09 22:58 . 2008-08-14 02:09   2,145,280   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,066,048   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,023,936   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-09 22:58 . 2008-10-15 08:34   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-12-09 22:57 . 2008-09-15 04:12   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-12-09 22:57 . 2008-08-14 02:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-12-09 22:54 . 2008-05-01 06:33   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-12-09 22:53 . 2008-04-11 11:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-12-09 22:53 . 2008-09-08 02:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-12-09 22:51 . 2008-06-13 03:05   272,128   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-09 22:50 . 2008-05-08 06:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\scripting
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\en
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\bits
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\l2schemas
2008-12-09 18:38 . 2008-12-09 18:38   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-09 18:27 . 2004-08-03 22:29   701,440   ---------   c:\windows\system32\drivers\ati2mtag.sys
2008-12-09 18:05 . 2008-12-09 18:05   13,646   --a------   c:\windows\system32\wpa.bak
2008-12-09 18:03 . 2007-08-10 20:46   26,488   --a------   c:\windows\system32\spupdsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 01:42   ---------   d-----w   c:\program files\microsoft frontpage
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:12   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4429040]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 218520]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Apps\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=


*Newly Created Service* - ASC3360PR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\KhaoZ\Application Data\Mozilla\Firefox\Profiles\n68xeo5o.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 09:09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-10  9:12:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-12-10 17:12:33

Pre-Run: 29,386,903,552 bytes free
Post-Run: 29,606,670,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

159   --- E O F ---   2008-12-10 07:14:56
« Last Edit: December 09, 2008, 08:29:15 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #6 on: December 09, 2008, 08:19:55 PM »
This log from ComboFix you posted, is it a recent one?
If not, I want you to delete your copy of ComboFix
Redownload so you have the latest and follow the instructions i posted, then include a new log from ComboFix.txt

We'll get the rest of it after, I can see why task manager and regedit are inaccessible
We'll deal with it later
« Last Edit: December 09, 2008, 08:20:51 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #7 on: December 09, 2008, 08:21:53 PM »
thats the laters sir taken just moments ago... the old files were deleted when i reformatted...

EDIT: uhh, i deleted my ie7 shortcut from desktop and after combofix its on the desktop again. is it coz of combofix ? also, task manager is locked again...
« Last Edit: December 09, 2008, 08:25:52 PM by Evil Klown »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #8 on: December 09, 2008, 08:27:17 PM »
the RSIT log and combofix log didn't match up

Can you do the following
Run RSIT.exe again, this time only post the log that opens>>Log.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #9 on: December 09, 2008, 08:34:13 PM »
i think i knw why it didnt match up... is it because i run combofix from desktop and rsit from drive e ?? now both from desktop...

also sir, i dont have any antivirus so anything you can recommend ? a free one would be nice...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 09:28:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (81%) free of 35 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:38 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3126 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------
« Last Edit: December 09, 2008, 08:38:16 PM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #10 on: December 09, 2008, 09:02:56 PM »
Quote
i dont have any antivirus so anything you can recommend ? a free one would be nice...
Don't worry, I was going to link you to one fairly soon  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Can you do the following please
Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    [color=\"#0000FF\"]
    :Processes
    explorer.exe
    firefox.exe
    somxhj.exe
    winhmiy.exe
    KhaoZ.exe
    :Services
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\somxhj.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winybmlw.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winhmiy.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-
    "DisableRegistryTools"=-
    :Files
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
    :Commands
    [Purity]
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    [/color]


    ======================================================
  • Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
In your case it should be the D: drive
I'll need to see that log later

Before posting that log

Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935
Save the installer to desktop

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

1. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

2. Post the log from OTMoveit3

3. Can you again run RSIT.exe and post it's new log, again, you may have to upload ONLY this one

Keep me informed how things are now running
Also, can you let me know what drive is represented by the E:\ drive please

P.s. I had to edit the script for OTMoveit, not to worry if you have already started
It was just a registry change, that won't do no harm if you missed it
« Last Edit: December 09, 2008, 09:08:17 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #11 on: December 09, 2008, 09:40:56 PM »
ok... big problem... i cant install the AV software... it suddenly disappears when i start installing/extracting files... i tried it like a few times and it still the same.. no problem downloading the AV installer except it wont install... i got OTMoveIt3 though...

C: is for major programs
D: games and some apps
E: as of now its where most of my downloads are at...

i think the problem started from D: coz i installed a program from a back up dvd that i made before reformatting. also, task manager still is locked...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 10:33:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3082 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 10:07:56 ----D---- C:\_OTMoveIt
2008-12-10 10:05:59 ----SHD---- C:\RECYCLER
2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------
« Last Edit: December 09, 2008, 09:47:10 PM by guestolo »
Logged

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #12 on: December 09, 2008, 09:43:26 PM »
it seems i cant make the log for OTMoveIt3 as an attachment...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Process somxhj.exe killed successfully.
Process winhmiy.exe killed successfully.
Unable to kill process: KhaoZ.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe moved successfully.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_100756

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_a4.dat not found!
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #13 on: December 09, 2008, 09:44:00 PM »
Oh, I see,
do you recognize this file

E:\Debug\KhaoZ.exe


I think it's part of the problem
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #14 on: December 09, 2008, 09:47:18 PM »
[quote name=\'guestolo\' post=\'449558\' date=\'Dec 9 2008, 07:44 PM\']Oh, I see,
do you recognize this file

E:\Debug\KhaoZ.exe


I think it's part of the problem[/quote]

i have an E:\Debug folder but i dont recognize that one... i see it in that folder though... it has the hijackthis icon...should i delete it ??
« Last Edit: December 09, 2008, 09:54:00 PM by Evil Klown »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #15 on: December 09, 2008, 11:41:13 PM »
Sorry about that, helping another user

Can you do the following please
  • Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    [color=\"#0000FF\"]
    :Processes
    explorer.exe
    firefox.exe
    winnqyid.exe
    winmhbn.exe
    :Services
    asc3360pr
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\somxhj.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winybmlw.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winhmiy.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\xjtjtg.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\qkwd.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winbbgwy.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winnqyid.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winkbxxn.exe"=-
    "C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winmhbn.exe"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=-
    "DisableRegistryTools"=-
    :Files
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe
    C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe
    :Commands
    [Purity]
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    [/color]


    ======================================================
  • Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
In your case it should be the D: drive
I'll need to see that log later

Try installing/running Avira again, any luck

Post back fresh logs as you posted ealier
« Last Edit: December 09, 2008, 11:43:51 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #16 on: December 10, 2008, 12:10:40 AM »
avira is still the same... wont install... sometimes i just got up to "i accept" part then vanish...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Unable to kill process: winnqyid.exe
Unable to kill process: winmhbn.exe
========== SERVICES/DRIVERS ==========
Unable to stop service asc3360pr .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_77c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_130535

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz not found!
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe moved successfully.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_77c.dat not found!

EDIT: attachemnt for latest rsit log.txt...
« Last Edit: December 10, 2008, 12:13:49 AM by Evil Klown »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #17 on: December 10, 2008, 12:19:34 AM »
I'm hoping a lot of legit files are not infected
Can you do the following please

Please do a scan with [color=\"#3333FF\"]Kaspersky Online Scanner[/color]

[color=\"green\"]Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.[/color]

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file and give the file a name
  • Save the file to your desktop.
  • Copy and paste that information in your next post
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Evil Klown

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Task Manager & Regedit inaccessible
« Reply #18 on: December 10, 2008, 12:24:27 AM »
its says:
"Address Not Found
Firefox can't find the server at www.kaspersky.com.
The browser could not find the host server for the provided address.
    * Did you make a mistake when typing the domain? (e.g. "ww.mozilla.org" instead of "www.mozilla.org")
    * Are you certain this domain address exists?  Its registration may have expired.
    * Are you unable to browse other sites?  Check your network connection and DNS server settings.
    * Is your computer or network protected by a firewall or proxy?  Incorrect settings can interfere with Web browsing."
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Task Manager & Regedit inaccessible
« Reply #19 on: December 10, 2008, 12:31:30 AM »
Can I check the following
Open Hijackthis>>Open Misc tools section
Open the HOSTS FILE MANAGER
Select to "Open in Notepad"

Copy/paste back here the contents please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1] 2
« previous next »