Solved userinit.exe application error - blue screen

myfama · 2008/08/02

[Resolved] userinit.exe application error - blue screen

Hi Gentlemen,

I'm new here. I got a problem with my Windows XP which it denied logon to Windows and error message read as "userinit.exe application error..." was displayed 2 times. When I click on OK, the desktop turn out into blue screen. I can only use Ctrl+Alt+Del to access the Task Manager.

I've tried to boot in Safe Mode with few options but still got the same error message. I have never tried boot from the XP CD, if this method will help, where can I get the step by step guidance.

I would much appreciate if anybody can guide me in sort out the problem without need to reformat the harddisk since I've so many datawork files and many application softwares being installed which will requires long hours setup if need to reformat the harddisk.

fama

IvanH · 2008/08/02

I've got the same problem as yours about 16-40 hours ago.

It seems that using XP CD-ROM doesn't work either. In my case, the XP CD boots up, but then it says the hard drive cannot be found. So, I cannot assess to the userinit.exe and see if it is infected.

My system is being protected by Norton 360 but before the problem happening, the PC has run a scheduled RegCure v.15. So far, RegCure has no response yet.

Myfama, if you want to try, press [F2] while cold booting your PC, ensuring the boot up starts from CD/DVD, before anything else, such as hard drive or FDD. save it and reboot. Then put the Windows XP CD-ROM in the CD/DVD drive. Your PC should then boot from the Windows CD. Then see what's happen.

Does anyone have a clue about the userinit.exe problem, or any solution? At least, I want to assess the hard drive (without removing it from the case).

noahdfear · 2008/08/02

Welcome to WindowsBBS fama

You said you can open task manager, so click File>New Task (Run), type the following command then hit Enter.

%systemroot%\system32\restore\rstrui.exe

It should open the System Restore console. Try restoring your computer to a time prior to the problem.

Ivan, you could try the same, but I'd like to know if this is the same computer which you just worked on in the Malware Removal forum?

IvanH · 2008/08/03

Hi Noahdfear,

1.
I have tried restore point from Task Manager to the one before RegCure. After reboot, the preblem remains the same.

2.
This computer is a different computer.

What next can I try?

noahdfear · 2008/08/03

Try another restore point prior to that one, if available.

IvanH · 2008/08/03

I have tried all available restore points. None of them works.

It's strange to me why I cannot access to the hard drive when I boot up from the WinXP-CD. FYI, this is SATA II hard drive, an upgrade that cloned from an IDE hard drive with higher capacity. That means, the Windows XP has been originally installed on an IDE hard drive. Will it mean Windows XP Pro SP2 WinXP-CD does not support SATA II, so it cannot recognize the SATA II hard drive?

PeteC · 2008/08/03

It's strange to me why I cannot access to the hard drive when I boot up from the WinXP-CD
Click to expand...

XP does not, for the most part support SATA drives and it is necessary to load these drivers from a floppy when requested having pressed F6 of the second blue install screen to install SCSI or third party drivers. The drivers should be provided on the motherboard CD with instructions as to how to use.

Your IDE clone does not have the SATA drivers installed I guess.

No floppy .....

http://news.softpedia.com/news/Install-Windows-XP-On-SATA-Without-a-Floppy-F6-47807.shtml

noahdfear · 2008/08/03

From the Task Manager, New Task, type iexplore.exe and hit enter to see if IE will run. If it does, download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Use the Browse button from New Task to locate and select dss.exe to run it.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

You can access the extra log via the Applications tab, right click and select Switch To (in case you want to close it).

myfama · 2008/08/03

"noahdfear said: ↑

Welcome to WindowsBBS fama

You said you can open task manager, so click File>New Task (Run), type the following command then hit Enter.

%systemroot%\system32\restore\rstrui.exe

It should open the System Restore console. Try restoring your computer to a time prior to the problem.

Ivan, you could try the same, but I'd like to know if this is the same computer which you just worked on in the Malware Removal forum?
Click to expand...

Thank you for welcoming message.

I've tried to run the said command but I couldn't see any respond when clicking on any other dates than today and I've waited for almost 10minutes.

FYI, I still can access to windows via the task manager but the screen remain in blue and when browsing the internet using I.E, it always direct me to one site with this message, "Insecure Internet activity. Threat of virus attack ". I've no idea if this message is genuinely sent by Microsoft or not.
But sometimes I managed to access the desired website and later get interrupted again with the same message.

Another things, I found that Antivirus XP 2008 being installed on my machine and it frequently running by itself with pop-up screen while surfing internet.
I couldn't use 'Add/remove programme' to remove the software since the following message occured, "rundll32.exe -Application Error ".

myfama · 2008/08/03

I've run the dss.exe and below is the copy from main.txt.
---------------
Deckard's System Scanner v20071014.68
Run by Fairuz Azmi on 2008-08-03 17:40:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-08-03 09:40:45 UTC - RP325 - Deckard's System Scanner Restore Point
1: 2008-08-02 15:14:36 UTC - RP324 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 17:43:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Oracle\Ora92\bin\omtsreco.exe
C:\Oracle\Ora92\bin\agntsrvc.exe
C:\Oracle\Ora92\bin\TNSLSNR.EXE
C:\WINDOWS\system32\cmd.exe
C:\Oracle\Ora92\bin\oracle.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Oracle\Ora92\bin\dbsnmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Analog Devices\ADSL USB MODEM\DSLMON.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\ingresII\ingres\vdba\ivm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Documents and Settings\Fairuz Azmi\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imis-203/amps/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {007C0568-5EEB-45A1-BE86-10AA7BEAB6BB} - C:\WINDOWS\system32\xxyawuvW.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {231C8D87-F631-494F-A268-852480AEC930} - C:\WINDOWS\system32\rnonnhlf.dll
O2 - BHO: (no name) - {47FC5CAC-CDFF-4D0F-9368-4B633BD1C83F} - C:\WINDOWS\system32\yayXQgGy.dll
O2 - BHO: QXK Olive - {59D7AC76-FEE5-4B08-A97C-79AAED487514} - C:\WINDOWS\nfavxwdbfvm.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {42bffb61-2940-201a-7994-febe15d8efcc} - {ccfe8d51-ebef-4997-a102-049216bffb24} - C:\WINDOWS\system32\euwdlp.dll
O2 - BHO: IEHelper Class - {D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3} - C:\WINDOWS\system32\EdenUtil.dll
O2 - BHO: (no name) - {D808B9F0-7652-440B-9F59-F67499B55379} - C:\WINDOWS\system32\rnonnhlf.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [lphcgngj0et27] C:\WINDOWS\system32\lphcgngj0et27.exe
O4 - HKLM\..\Run: [SMrhclngj0et27] C:\Program Files\rhclngj0et27\rhclngj0et27.exe
O4 - HKLM\..\Run: [BMcf2d925a] Rundll32.exe "C:\WINDOWS\system32\ntovenhe.dll ",s
O4 - HKLM\..\Run: [cc1ea1c6] rundll32.exe "C:\WINDOWS\system32\llkrvhna.dll ",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
O4 - Global Startup: Ingres Visual Manager [ II ].lnk = C:\WINDOWS\system32\ingwrap.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Orbit.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://imis-203 (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDF} (CS Order Entry Control (AIB)) - http://download.excelforce.com.my/aib/cab/csoex_aib.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194242816093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jumboplay.bluehyppo.com/class/DragonbackCtl.ocx
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/aib/cab/cswx.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{266B33C0-BD6F-4258-8E77-52CC43AF3D94}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: euwdlp.dll
O20 - Winlogon Notify: xxyawuvW - C:\WINDOWS\system32\xxyawuvW.dll
O23 - Service: ADEListener - Eden Technology Pty Limited - C:\WINDOWS\system32\ADEListener.exe
O23 - Service: AMPS Email Processor - Unknown owner - C:\WINDOWS\system32\EmailProcessor.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSDFileWatcher - Unknown owner - C:\WINDOWS\system32\FSDFileWatcher.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Computer Associates - C:\ingresII\ingres\bin\servproc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\Ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\Oracle\Ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\bin\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\Oracle\Ora92\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\Oracle\Ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\Oracle\Ora92\bin\encsvc.exe
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\Oracle\Ora92\bin\agntsvc.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\Oracle\Ora92\BIN\TNSLSNR
O23 - Service: OracleServiceFAMPS - Oracle Corporation - C:\Oracle\Ora92\bin\oracle.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCAMS_FileWatcher - Unknown owner - C:\WINDOWS\system32\SCAMS_FileWatcher.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

--
End of file - 20412 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1 "
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1 "
.pif - piffile - shell\open\command - "%1" %* "
.scr - scrfile - shell\open\command - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 adiusbaw (ADSL USB MODEM WAN ADAPTER) - c:\windows\system32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>
R3 DXEC02 - c:\windows\system32\drivers\dxec02.sys <Not Verified; Knowles Acoustics; DXEC.02 Speech Enhancement>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 adiusbae (ADSL USB MODEM LAN ADAPTER) - c:\windows\system32\drivers\adiusbae.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Ingres_Database_II (Ingres Intelligent Database [II]) - "c:\ingresii\ingres\bin\servproc.exe" <Not Verified; Computer Associates; Ingres 2.6/0305>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 OracleMTSRecoveryService - c:\oracle\ora92\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
R2 OracleOraHome92Agent - c:\oracle\ora92\bin\agntsrvc.exe <Not Verified; Oracle Corporation; >
R2 OracleOraHome92TNSListener - c:\oracle\ora92\bin\tnslsnr (file missing)
R2 OracleServiceFAMPS - c:\oracle\ora92\bin\oracle.exe famps <Not Verified; Oracle Corporation; >
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

S3 ADEListener - c:\windows\system32\adelistener.exe <Not Verified; Eden Technology Pty Limited; Eden Technology ADEListener>
S3 AMPS Email Processor - c:\windows\system32\emailprocessor.exe
S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA License Server) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" <Not Verified; Computer Associates; Computer Associates lic98rmtd>
S3 FSDFileWatcher - c:\windows\system32\fsdfilewatcher.exe
S3 OracleOraHome92ClientCache - c:\oracle\ora92\bin\onrsd.exe
S3 OracleOraHome92HTTPServer - "c:\oracle\ora92\apache\apache\apache.exe" --ntservice
S3 OracleOraHome92PagingServer - c:\oracle\ora92/bin/pagntsrv.exe
S3 OracleOraHome92SNMPPeerEncapsulator - c:\oracle\ora92\bin\encsvc.exe
S3 OracleOraHome92SNMPPeerMasterAgent - c:\oracle\ora92\bin\agntsvc.exe
S3 SCAMS_FileWatcher - c:\windows\system32\scams_filewatcher.exe
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\36E85C38434FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\36E85C38434FC000
Service: NIC1394

-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 21:26:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 16:55:16 0 d-------- C:\Program Files\Crawler
2008-08-03 16:54:43 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Spyware Terminator
2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-03 16:54:34 0 d-------- C:\Program Files\Spyware Terminator
2008-08-03 15:39:46 0 d-------- C:\Program Files\rhclngj0et27
2008-08-03 15:33:14 60928 --a------ C:\WINDOWS\system32\blphcgngj0et27.scr
2008-08-03 03:21:55 80896 --a------ C:\WINDOWS\system32\llkrvhna.dll
2008-08-03 03:19:36 100864 --a------ C:\WINDOWS\system32\wrbzlb.dll
2008-08-03 03:19:31 100864 --a------ C:\WINDOWS\system32\dbwjysqy.dll
2008-08-03 03:19:19 90624 --a------ C:\WINDOWS\system32\ntovenhe.dll
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-02 15:33:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-02 15:33:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-02 15:33:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-08-02 15:33:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-02 15:32:35 0 d-------- C:\WINDOWS\CSC
2008-08-02 03:49:37 118784 --a------ C:\WINDOWS\system32\rnonnhlf.dll
2008-08-02 03:46:37 118784 --a------ C:\WINDOWS\system32\aiuuehgu.dll
2008-08-02 03:43:36 118784 --a------ C:\WINDOWS\system32\gyhtltay.dll
2008-08-02 03:40:36 118784 --a------ C:\WINDOWS\system32\csbkauku.dll
2008-08-02 03:37:36 118784 --a------ C:\WINDOWS\system32\gklblosr.dll
2008-08-02 03:34:37 118784 --a------ C:\WINDOWS\system32\tsmcelmy.dll
2008-08-02 03:33:58 80896 --a------ C:\WINDOWS\system32\kwdoioib.dll
2008-08-02 03:27:05 80896 --a------ C:\WINDOWS\system32\pcmkwdoi.dll
2008-08-02 03:25:44 118784 --a------ C:\WINDOWS\system32\mkmhhknp.dll
2008-08-02 03:24:10 102400 --a------ C:\WINDOWS\system32\dajsem.dll
2008-08-02 03:24:05 102400 --a------ C:\WINDOWS\system32\pjpoaonb.dll
2008-08-02 03:22:42 102400 --a------ C:\WINDOWS\system32\euwdlp.dll
2008-08-02 03:22:37 102400 --a------ C:\WINDOWS\system32\lbpjpoao.dll
2008-08-02 03:19:40 90624 --a------ C:\WINDOWS\system32\tgdbrrex.dll
2008-08-02 03:04:14 118784 --a------ C:\WINDOWS\system32\nkwtedqu.dll
2008-08-02 03:01:51 90624 --a------ C:\WINDOWS\system32\pwdqbtjj.dll
2008-08-02 03:01:04 345 --ahs---- C:\WINDOWS\system32\StDKlUtv.ini2
2008-08-02 03:00:28 247296 --a------ C:\WINDOWS\system32\vtUlKDtS.dll
2008-08-02 02:35:05 0 d-------- C:\Documents and Settings\ingres\Application Data\Lavasoft
2008-08-02 02:27:21 0 d-------- C:\Documents and Settings\ingres\Application Data\Macromedia
2008-08-02 02:18:52 0 d-------- C:\Documents and Settings\ingres\Application Data\Logitech
2008-08-02 02:13:35 0 dr-h----- C:\Documents and Settings\ingres\Recent
2008-08-01 16:20:47 95232 --a------ C:\WINDOWS\system32\vopcsx.dll
2008-08-01 16:20:45 95232 --a------ C:\WINDOWS\system32\diwyufow.dll
2008-08-01 16:14:48 90112 --a------ C:\WINDOWS\system32\tpvqmads.dll
2008-08-01 10:13:12 95232 --a------ C:\WINDOWS\system32\tgabxt.dll
2008-08-01 10:13:10 95232 --a------ C:\WINDOWS\system32\bwicmfxe.dll
2008-08-01 10:13:01 90112 --a------ C:\WINDOWS\system32\opgjyrce.dll
2008-08-01 10:11:50 34176 --a------ C:\WINDOWS\system32\ssqQkLba.dll
2008-08-01 10:11:49 34176 --a------ C:\WINDOWS\system32\nnnOheDV.dll
2008-08-01 10:11:39 407826 --ahs---- C:\WINDOWS\system32\yGgQXyay.ini2
2008-08-01 10:11:26 246272 --a------ C:\WINDOWS\system32\yayXQgGy.dll
2008-08-01 10:09:04 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\rhclngj0et27
2008-08-01 10:06:38 348160 --a------ C:\WINDOWS\nfavxwdbfvm.dll
2008-08-01 10:06:25 0 d-------- C:\Program Files\Intelore
2008-08-01 10:06:13 110080 --a------ C:\WINDOWS\system32\lphcgngj0et27.exe
2008-08-01 10:05:59 34816 --a------ C:\WINDOWS\system32\efcAQGAT.dll
2008-08-01 10:05:58 34816 --a------ C:\WINDOWS\system32\xxyawuvW.dll
2008-07-29 11:07:43 0 d--h----- C:\WINDOWS\PIF
2008-07-28 12:55:44 0 dr-h----- C:\Documents and Settings\Fairuz Azmi\Recent
2008-07-19 12:11:31 0 d-------- C:\WINDOWS\Sun
2008-07-19 12:11:31 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Sun
2008-07-19 12:10:44 0 d-------- C:\Program Files\Sun
2008-07-19 12:09:30 0 d-------- C:\Program Files\Java
2008-07-19 12:04:31 0 d-------- C:\Program Files\Common Files\Java
2008-07-16 23:34:14 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Logitech
2008-07-16 23:27:26 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-16 23:26:22 0 d-------- C:\Program Files\Logitech
2008-07-16 23:26:14 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-16 23:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-15 12:48:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-15 03:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-04 14:59:09 0 d-------- C:\Documents and Settings\ingres\Application Data\DivX
2008-07-04 14:59:05 0 d-------- C:\Documents and Settings\ingres\Application Data\Media Player Classic

-- Find3M Report ---------------------------------------------------------------

2008-08-03 17:39:50 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
2008-08-03 15:35:26 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
2008-08-03 15:33:29 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-29 00:32:52 0 d-------- C:\Program Files\Novativa Streamster
2008-07-23 16:55:28 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
2008-07-19 12:04:31 0 d-------- C:\Program Files\Common Files
2008-07-16 23:26:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 00:28:09 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio
2008-06-18 17:19:24 0 d-------- C:\Program Files\uTorrent
2008-05-07 08:57:14 146293 --a------ C:\WINDOWS\system32\nvModes.dat

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-08-03 17:44:21 ------------

Admin. · 2008/08/03

"myfama said: ↑

Another things, I found that Antivirus XP 2008 being installed on my machine and it frequently running by itself with pop-up screen while surfing internet.
I couldn't use 'Add/remove programme' to remove the software since the following message occured, "rundll32.exe -Application Error ".
Click to expand...

Since that's Malware, I've moved the thread to the Malware removal forum.

noahdfear · 2008/08/03

Malware indeed! Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

myfama · 2008/08/03

ComboFix 08-08-02.01 - Fairuz Azmi 2008-08-04 0:06:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1120 [GMT 8:00]
Running from: C:\Documents and Settings\Fairuz Azmi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Fairuz Azmi\Application Data\macromedia\Flash Player\#SharedObjects\JEUK2X8L\interclick.com
C:\Documents and Settings\Fairuz Azmi\Application Data\macromedia\Flash Player\#SharedObjects\JEUK2X8L\interclick.com\ud.sol
C:\Documents and Settings\Fairuz Azmi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Fairuz Azmi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Fairuz Azmi\Application Data\rhclngj0et27
C:\fairuz.txt
C:\Program Files\rhclngj0et27
C:\WINDOWS\BMcf2d925a.txt
C:\WINDOWS\BMcf2d925a.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\nfavxwdbfvm.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiuuehgu.dll
C:\WINDOWS\system32\anhvrkll.ini
C:\WINDOWS\system32\bioiodwk.ini
C:\WINDOWS\system32\bwicmfxe.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\csbkauku.dll
C:\WINDOWS\system32\dajsem.dll
C:\WINDOWS\system32\dbwjysqy.dll
C:\WINDOWS\system32\diwyufow.dll
C:\WINDOWS\system32\efcAQGAT.dll
C:\WINDOWS\system32\euwdlp.dll
C:\WINDOWS\system32\gklblosr.dll
C:\WINDOWS\system32\gyhtltay.dll
C:\WINDOWS\system32\iodwkmcp.ini
C:\WINDOWS\system32\kwdoioib.dll
C:\WINDOWS\system32\lbpjpoao.dll
C:\WINDOWS\system32\llkrvhna.dll
C:\WINDOWS\system32\lmfncpti.ini
C:\WINDOWS\system32\lphcgngj0et27.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkmhhknp.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkwtedqu.dll
C:\WINDOWS\system32\nnnOheDV.dll
C:\WINDOWS\system32\ntovenhe.dll
C:\WINDOWS\system32\opgjyrce.dll
C:\WINDOWS\system32\pchfcgkf.ini
C:\WINDOWS\system32\pcmkwdoi.dll
C:\WINDOWS\system32\pjpoaonb.dll
C:\WINDOWS\system32\pwdqbtjj.dll
C:\WINDOWS\system32\rnonnhlf.dll
C:\WINDOWS\system32\ssqQkLba.dll
C:\WINDOWS\system32\StDKlUtv.ini
C:\WINDOWS\system32\StDKlUtv.ini2
C:\WINDOWS\system32\tgabxt.dll
C:\WINDOWS\system32\tgdbrrex.dll
C:\WINDOWS\system32\tpvqmads.dll
C:\WINDOWS\system32\tsmcelmy.dll
C:\WINDOWS\system32\vopcsx.dll
C:\WINDOWS\system32\vtUlKDtS.dll
C:\WINDOWS\system32\wrbzlb.dll
C:\WINDOWS\system32\xxyawuvW.dll
C:\WINDOWS\system32\yayXQgGy.dll
C:\WINDOWS\system32\yGgQXyay.ini
C:\WINDOWS\system32\yGgQXyay.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 17:40 . 2008-08-03 17:40 <DIR> d-------- C:\Deckard
2008-08-03 16:55 . 2008-08-03 16:55 <DIR> d-------- C:\Program Files\Crawler
2008-08-03 16:54 . 2008-08-03 23:59 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-03 16:54 . 2008-08-03 23:59 <DIR> d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Spyware Terminator
2008-08-03 16:54 . 2008-08-03 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-03 16:54 . 2008-08-03 16:54 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-02 15:33 . 2007-11-05 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-08-02 15:33 . 2008-08-02 15:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-02 02:43 . 2007-04-16 23:52 984,576 --a------ C:\WINDOWS\system32\AAK.dll
2008-08-02 02:43 . 2004-08-04 18:00 616,960 --a------ C:\WINDOWS\system32\AAD.DLL
2008-08-02 02:43 . 2008-08-02 02:44 255 --a------ C:\WINDOWS\system32\ad_away.lic
2008-08-02 02:35 . 2008-08-02 02:43 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Lavasoft
2008-08-02 02:18 . 2008-08-02 02:18 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Logitech
2008-08-01 10:37 . 2008-08-01 10:37 0 --a------ C:\WINDOWS\system32\11.tmp
2008-08-01 10:15 . 2008-08-01 12:15 354 --ahs---- C:\WINDOWS\system32\vsoiynhw.ini
2008-08-01 10:06 . 2008-08-01 10:06 <DIR> d-------- C:\Program Files\Intelore
2008-07-29 11:07 . 2008-07-29 11:07 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-19 12:11 . 2008-07-19 12:11 <DIR> d-------- C:\WINDOWS\Sun
2008-07-19 12:10 . 2008-07-19 12:10 <DIR> d-------- C:\Program Files\Sun
2008-07-19 12:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-19 12:09 . 2008-07-19 12:10 <DIR> d-------- C:\Program Files\Java
2008-07-19 12:04 . 2008-07-19 12:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-18 16:51 . 2006-04-28 09:58 69,120 --a------ C:\2330_001_H8000 02_HH.doc
2008-07-16 23:34 . 2008-07-16 23:34 <DIR> d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Logitech
2008-07-16 23:30 . 2008-07-16 23:30 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-16 23:29 . 2008-07-16 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-16 23:29 . 2008-07-16 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-16 23:28 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-07-16 23:28 . 2007-04-11 15:33 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-07-16 23:28 . 2007-04-11 15:32 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-07-16 23:28 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-07-16 23:28 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-07-16 23:28 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-07-16 23:28 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-07-16 23:28 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-16 23:27 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-16 23:27 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-16 23:27 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-16 23:27 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Program Files\Logitech
2008-07-16 23:26 . 2008-07-16 23:27 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-16 23:25 . 2008-07-16 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-15 03:03 . 2008-07-15 03:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-09 07:50 . 2006-03-03 17:50 134,144 --a------ C:\4812_001 3M 03 HH.doc
2008-07-09 07:50 . 2006-03-03 17:50 47,104 --a------ C:\4812_001 3M 02 HH.doc
2008-07-09 07:45 . 2006-11-09 11:37 434,688 --a------ C:\4812_001 AR 02 CP.doc
2008-07-09 07:45 . 2006-03-03 17:50 46,080 --a------ C:\4812_001 12M02 HH.doc
2008-07-09 07:44 . 2006-03-03 17:50 97,280 --a------ C:\4812_001 MY04 HH.doc
2008-07-04 14:59 . 2008-07-04 14:59 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Media Player Classic
2008-07-04 14:59 . 2008-07-04 14:59 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\DivX
2008-07-03 11:28 . 2006-03-03 17:57 146,432 --a------ C:\5880_006_6M13AR hh.doc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 16:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-03 16:01 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
2008-08-03 16:01 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
2008-08-02 06:06 --------- d-----w C:\Documents and Settings\ingres\Application Data\Orbit
2008-07-31 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-28 16:32 --------- d-----w C:\Program Files\Novativa Streamster
2008-07-23 08:55 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
2008-07-16 15:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 16:28 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 09:19 --------- d-----w C:\Program Files\uTorrent
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 06:12 --------- d-----w C:\Documents and Settings\ingres\Application Data\AdobeUM
2008-06-07 06:09 --------- d-----w C:\Documents and Settings\ingres\Application Data\Windows Desktop Search
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-02-23 18:49 5,819 ----a-w C:\Program Files\install.log
2007-12-04 02:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
2003-07-17 15:56 143431 -ra------ C:\WINDOWS\system32\EdenUtil.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:00 15360]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-01-05 23:53 219952]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"mpt "= "c:\WINDOWS\system32\mpt.exe" [2008-07-15 03:03 58594]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]
"IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 22:57 8429568]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 22:57 81920]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"KADxMain "= "C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 14:05 282624]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]
"OrderReminder "= "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 17:00 98304]
"pdfFactory Pro Dispatcher v2 "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 22:31 483328]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz "= "nwiz.exe" [2007-05-11 22:57 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey "= "nvHotkey.dll" [2007-05-11 22:57 67584 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp "= "stsystra.exe" [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Fairuz Azmi\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 12:37:56 217194]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 18:28:28 622653]
DSLMON.lnk - C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe [2007-11-07 00:54:35 929889]
Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 23:27:25 692224]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-05-23 16:44:26 1678536]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=euwdlp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Oracle\\Ora92\\Apache\\Apache\\Apache.exe "=
"C:\\Program Files\\uTorrent\\uTorrent.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 02:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 02:35]
R2 Ingres_Database_II;Ingres Intelligent Database [II];C:\IngresII\ingres\bin\servproc.exe [2003-05-14 19:03]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 03:29]
R2 OracleOraHome92Agent;OracleOraHome92Agent;C:\Oracle\Ora92\bin\agntsrvc.exe [2002-04-26 17:29]
R2 OracleServiceFAMPS;OracleServiceFAMPS;c:\oracle\ora92\bin\ORACLE.EXE FAMPS []
S3 ADEListener;ADEListener;C:\WINDOWS\system32\ADEListener.exe [2006-04-05 15:55]
S3 adiusbae;ADSL USB MODEM LAN ADAPTER;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\emailprocessor.exe [2007-03-06 13:58]
S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 03:27]
S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 03:41]
S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\fsdfilewatcher.exe [2005-11-07 12:57]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\Oracle\Ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;C:\Oracle\Ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;C:\Oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;C:\Oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher;C:\WINDOWS\system32\SCAMS_FileWatcher.exe [2007-11-05 13:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b5e7e2-a465-11dc-941a-001c239b40f5}]
\Shell\Auto\command - project.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL project.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5166f761-4e53-11dd-95fd-001c26f066af}]
\Shell\AutoRun\command - yp.bat
\Shell\explore\Command - yp.bat
\Shell\open\Command - yp.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{613bf76b-4bf4-11dd-95f0-001c26f066af}]
\Shell\Autoplay\Command - xmss.exe
\Shell\AutoRun\command - xmss.exe
\Shell\Explore\Command - xmss.exe
\Shell\Open\Command - xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e51cb76-47d9-11dd-95e3-001c26f066af}]
\Shell\Autoplay\Command - F:\xmss.exe
\Shell\AutoRun\command - F:\xmss.exe
\Shell\Explore\Command - F:\xmss.exe
\Shell\Open\Command - F:\xmss.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce48071e-ca43-11dc-947c-001c26f066af}]
\Shell\AutoRun\command - wscript.exe xiao.vbs
\Shell\find\Command - wscript.exe xiao.vbs
\Shell\open\Command - wscript.exe xiao.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d9fffa-f0c5-11dc-94e9-001c26f066af}]
\Shell\AutoRun\command - F:\h2.com
\Shell\explore\Command - F:\h2.com
\Shell\open\Command - F:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cb4db3-a591-11dc-941d-001c239b40f5}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
\Shell\Explore\command - F:\Flash.10.Setup.exe
\Shell\Open\command - F:\Flash.10.Setup.exe
\Shell\Scan for Viruses\command - F:\Scanner.exe
.
Contents of the 'Scheduled Tasks' folder

2008-06-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphcgngj0et27 - C:\WINDOWS\system32\lphcgngj0et27.exe
HKLM-Run-SMrhclngj0et27 - C:\Program Files\rhclngj0et27\rhclngj0et27.exe
HKLM-Run-BMcf2d925a - C:\WINDOWS\system32\ntovenhe.dll
HKLM-Run-cc1ea1c6 - C:\WINDOWS\system32\llkrvhna.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://imis-203/amps/
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Crawler Search - tbr:iemenu
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O18 -: Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O16 -: {1FAF427B-1EE5-43D3-A023-3009142AFCDF} - hxxp://download.excelforce.com.my/aib/cab/csoex_aib.cab
C:\WINDOWS\Downloaded Program Files\csoex_aib.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\csoex_aib.ocx

O16 -: {B9B2EE1A-E314-4338-A305-BE845EACB112} - hxxp://download.excelforce.com.my/aib/cab/cswx.cab
C:\WINDOWS\Downloaded Program Files\cswx.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\cswx.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 00:32:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92PagingServer]
"ImagePath "= "C:\Oracle\Ora92/bin/pagntsrv.exe "

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92TNSListener]
"ImagePath "= "C:\Oracle\Ora92\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Oracle\Ora92\bin\omtsreco.exe
C:\Oracle\Ora92\bin\TNSLSNR.EXE
C:\Oracle\Ora92\bin\oracle.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Oracle\Ora92\bin\dbsnmp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\ingresII\ingres\bin\iigcn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\ingresII\ingres\bin\iigcc.exe
C:\ingresII\ingres\bin\iigworad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\ingresII\ingres\vdba\ivm.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-08-04 0:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 16:39:19

Pre-Run: 29,670,264,832 bytes free
Post-Run: 29,561,290,752 bytes free

377 --- E O F --- 2008-07-31 16:09:23

noahdfear · 2008/08/03

Do you know what these similarly named documents are residing in the drive root?

C:\4812_001 3M 03 HH.doc
C:\4812_001 3M 03 HH.doc
C:\4812_001 3M 02 HH.doc
C:\4812_001 AR 02 CP.doc
C:\4812_001 12M02 HH.doc
C:\4812_001 MY04 HH.doc
C:\5880_006_6M13AR hh.doc

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.windowsbbs.com/malware-virus-removal/75632-userinit-exe-application-error-blue-screen.html#post409329

Suspect::[22]
C:\WINDOWS\system32\vsoiynhw.ini
C:\WINDOWS\system32\EdenUtil.dll
C:\WINDOWS\system32\euwdlp.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b5e7e2-a465-11dc-941a-001c239b40f5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5166f761-4e53-11dd-95fd-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{613bf76b-4bf4-11dd-95f0-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e51cb76-47d9-11dd-95e3-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce48071e-ca43-11dc-947c-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d9fffa-f0c5-11dc-94e9-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cb4db3-a591-11dc-941d-001c239b40f5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" "
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
Thanks!

Is your desktop back now?

myfama · 2008/08/03

"noahdfear said: ↑
Do you know what these similarly named documents are residing in the drive root?

C:\4812_001 3M 03 HH.doc
C:\4812_001 3M 03 HH.doc
C:\4812_001 3M 02 HH.doc
C:\4812_001 AR 02 CP.doc
C:\4812_001 12M02 HH.doc
C:\4812_001 MY04 HH.doc
C:\5880_006_6M13AR hh.doc

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.windowsbbs.com/malware-virus-removal/75632-userinit-exe-application-error-blue-screen.html#post409329

Suspect::[22]
C:\WINDOWS\system32\vsoiynhw.ini
C:\WINDOWS\system32\EdenUtil.dll
C:\WINDOWS\system32\euwdlp.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b5e7e2-a465-11dc-941a-001c239b40f5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5166f761-4e53-11dd-95fd-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{613bf76b-4bf4-11dd-95f0-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e51cb76-47d9-11dd-95e3-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce48071e-ca43-11dc-947c-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d9fffa-f0c5-11dc-94e9-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cb4db3-a591-11dc-941d-001c239b40f5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" "
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D615BD7D-5ED0-4F29-B8CB-5DC5C1F39AE3}]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send.
Thanks!

Is your desktop back now?
Click to expand...
Yes, those files are residing in my C:\ drive and is kept for temporary purpose only.

Big thanks, my machine back to normal. However I cannot see Symantec Antivirus icon on the tray and when lauched the AV from Start Menu, the following error message occured, "Symantec Antivirus Corporate Edition - An error occured while loading savrt32.dll ". So I can't take control on the AV (currently turned ON). Any suggestion on this?

Thanks again and I owe you big time.

noahdfear · 2008/08/03

Please post the logs requested in my last post.

myfama · 2008/08/03

ComboFix 08-08-02.01 - Fairuz Azmi 2008-08-04 7:23:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1212 [GMT 8:00]
Running from: C:\Documents and Settings\Fairuz Azmi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fairuz Azmi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 17:40 . 2008-08-03 17:40 <DIR> d-------- C:\Deckard
2008-08-03 16:55 . 2008-08-03 16:55 <DIR> d-------- C:\Program Files\Crawler
2008-08-03 16:54 . 2008-08-04 02:24 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-08-03 16:54 . 2008-08-04 07:12 <DIR> d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Spyware Terminator
2008-08-03 16:54 . 2008-08-04 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-03 16:54 . 2008-08-03 16:54 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-02 15:33 . 2007-11-05 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-08-02 15:33 . 2008-08-02 15:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-02 02:43 . 2007-04-16 23:52 984,576 --a------ C:\WINDOWS\system32\AAK.dll
2008-08-02 02:43 . 2004-08-04 18:00 616,960 --a------ C:\WINDOWS\system32\AAD.DLL
2008-08-02 02:43 . 2008-08-02 02:44 255 --a------ C:\WINDOWS\system32\ad_away.lic
2008-08-02 02:35 . 2008-08-02 02:43 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Lavasoft
2008-08-02 02:18 . 2008-08-02 02:18 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Logitech
2008-08-01 10:37 . 2008-08-01 10:37 0 --a------ C:\WINDOWS\system32\11.tmp
2008-08-01 10:15 . 2008-08-01 12:15 354 --ahs---- C:\WINDOWS\system32\vsoiynhw.ini
2008-08-01 10:06 . 2008-08-01 10:06 <DIR> d-------- C:\Program Files\Intelore
2008-07-29 11:07 . 2008-07-29 11:07 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-19 12:11 . 2008-07-19 12:11 <DIR> d-------- C:\WINDOWS\Sun
2008-07-19 12:10 . 2008-07-19 12:10 <DIR> d-------- C:\Program Files\Sun
2008-07-19 12:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-19 12:09 . 2008-07-19 12:10 <DIR> d-------- C:\Program Files\Java
2008-07-19 12:04 . 2008-07-19 12:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-18 16:51 . 2006-04-28 09:58 69,120 --a------ C:\2330_001_H8000 02_HH.doc
2008-07-16 23:34 . 2008-07-16 23:34 <DIR> d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Logitech
2008-07-16 23:30 . 2008-07-16 23:30 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-16 23:29 . 2008-07-16 23:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-16 23:29 . 2008-07-16 23:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-16 23:28 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-07-16 23:28 . 2007-04-11 15:33 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-07-16 23:28 . 2007-04-11 15:32 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-07-16 23:28 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-07-16 23:28 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-07-16 23:28 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-07-16 23:28 . 2007-04-11 15:33 28,688 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-07-16 23:28 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-07-16 23:27 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-16 23:27 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-16 23:27 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-16 23:27 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Program Files\Logitech
2008-07-16 23:26 . 2008-07-16 23:27 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-16 23:26 . 2008-07-16 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-16 23:25 . 2008-07-16 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-15 03:03 . 2008-07-15 03:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-09 07:50 . 2006-03-03 17:50 134,144 --a------ C:\4812_001 3M 03 HH.doc
2008-07-09 07:50 . 2006-03-03 17:50 47,104 --a------ C:\4812_001 3M 02 HH.doc
2008-07-09 07:45 . 2006-11-09 11:37 434,688 --a------ C:\4812_001 AR 02 CP.doc
2008-07-09 07:45 . 2006-03-03 17:50 46,080 --a------ C:\4812_001 12M02 HH.doc
2008-07-09 07:44 . 2006-03-03 17:50 97,280 --a------ C:\4812_001 MY04 HH.doc
2008-07-04 14:59 . 2008-07-04 14:59 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\Media Player Classic
2008-07-04 14:59 . 2008-07-04 14:59 <DIR> d-------- C:\Documents and Settings\ingres\Application Data\DivX
2008-07-03 11:28 . 2006-03-03 17:57 146,432 --a------ C:\5880_006_6M13AR hh.doc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:20 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
2008-08-03 17:24 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
2008-08-03 16:29 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-02 06:06 --------- d-----w C:\Documents and Settings\ingres\Application Data\Orbit
2008-07-31 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-28 16:32 --------- d-----w C:\Program Files\Novativa Streamster
2008-07-23 08:55 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
2008-07-16 15:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 16:28 --------- d-----w C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 09:19 --------- d-----w C:\Program Files\uTorrent
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 06:12 --------- d-----w C:\Documents and Settings\ingres\Application Data\AdobeUM
2008-06-07 06:09 --------- d-----w C:\Documents and Settings\ingres\Application Data\Windows Desktop Search
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-02-23 18:49 5,819 ----a-w C:\Program Files\install.log
2007-12-04 02:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-04_ 0.39.03.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-19 15:13:01 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe
+ 2008-08-03 16:41:46 25,214 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe
- 2008-02-19 15:13:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-03 16:41:46 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-02-19 15:13:01 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-03 16:41:46 40,960 ----a-r C:\WINDOWS\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-03 16:31:05 231,053 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-03 17:25:07 231,051 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-08-03 17:21:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:00 15360]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [2008-01-05 23:53 219952]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"mpt "= "c:\WINDOWS\system32\mpt.exe" [2008-07-15 03:03 58594]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]
"IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 22:57 8429568]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 22:57 81920]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"KADxMain "= "C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 14:05 282624]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 14:23 1191936]
"OrderReminder "= "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 17:00 98304]
"pdfFactory Pro Dispatcher v2 "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 22:31 483328]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-03 16:54 1809408]
"nwiz "= "nwiz.exe" [2007-05-11 22:57 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey "= "nvHotkey.dll" [2007-05-11 22:57 67584 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp "= "stsystra.exe" [2007-05-06 17:10 405504 C:\WINDOWS\stsystra.exe]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Fairuz Azmi\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 12:37:56 217194]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 18:28:28 622653]
DSLMON.lnk - C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe [2007-11-07 00:54:35 929889]
Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-16 23:27:25 692224]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-05-23 16:44:26 1678536]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Oracle\\Ora92\\Apache\\Apache\\Apache.exe "=
"C:\\Program Files\\uTorrent\\uTorrent.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 02:31]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-03 16:54]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 02:35]
R2 Ingres_Database_II;Ingres Intelligent Database [II];C:\IngresII\ingres\bin\servproc.exe [2003-05-14 19:03]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 03:29]
R2 OracleOraHome92Agent;OracleOraHome92Agent;C:\Oracle\Ora92\bin\agntsrvc.exe [2002-04-26 17:29]
R2 OracleServiceFAMPS;OracleServiceFAMPS;c:\oracle\ora92\bin\ORACLE.EXE FAMPS []
S3 ADEListener;ADEListener;C:\WINDOWS\system32\ADEListener.exe [2006-04-05 15:55]
S3 adiusbae;ADSL USB MODEM LAN ADAPTER;C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\emailprocessor.exe [2007-03-06 13:58]
S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 03:27]
S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 03:41]
S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\fsdfilewatcher.exe [2005-11-07 12:57]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\Oracle\Ora92\BIN\ONRSD.EXE [2002-04-26 19:34]
S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;C:\Oracle\Ora92\Apache\Apache\apache.exe [2002-04-18 22:02]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;C:\Oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 08:23]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;C:\Oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 08:23]
S3 SCAMS_FileWatcher;SCAMS_FileWatcher;C:\WINDOWS\system32\SCAMS_FileWatcher.exe [2007-11-05 13:50]

*Newly Created Service* - CATCHME
*Newly Created Service* - SP_RSDRV2
.
Contents of the 'Scheduled Tasks' folder

2008-06-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 07:26:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\OracleOraHome92PagingServer]
"ImagePath "= "C:\Oracle\Ora92/bin/pagntsrv.exe "

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\OracleOraHome92TNSListener]
"ImagePath "= "C:\Oracle\Ora92\BIN\TNSLSNR "
.
Completion time: 2008-08-04 7:27:31
ComboFix-quarantined-files.txt 2008-08-03 23:27:04
ComboFix2.txt 2008-08-03 16:39:24

Pre-Run: 29,529,534,464 bytes free
Post-Run: 29,530,140,672 bytes free

217 --- E O F --- 2008-07-31 16:09:23

myfama · 2008/08/03

Deckard's System Scanner v20071014.68
Run by Fairuz Azmi on 2008-08-04 07:39:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-04 07:41:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Oracle\Ora92\bin\omtsreco.exe
C:\Oracle\Ora92\bin\agntsrvc.exe
C:\Oracle\Ora92\bin\TNSLSNR.EXE
C:\Oracle\Ora92\bin\oracle.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Oracle\Ora92\bin\dbsnmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Analog Devices\ADSL USB MODEM\DSLMON.exe
C:\ingresII\ingres\vdba\ivm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fairuz Azmi\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe
O4 - Global Startup: Ingres Visual Manager [ II ].lnk = C:\WINDOWS\system32\ingwrap.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Orbit.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://imis-203 (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDF} (CS Order Entry Control (AIB)) - http://download.excelforce.com.my/aib/cab/csoex_aib.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194242816093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jumboplay.bluehyppo.com/class/DragonbackCtl.ocx
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/aib/cab/cswx.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{266B33C0-BD6F-4258-8E77-52CC43AF3D94}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: ADEListener - Eden Technology Pty Limited - C:\WINDOWS\system32\ADEListener.exe
O23 - Service: AMPS Email Processor - Unknown owner - C:\WINDOWS\system32\EmailProcessor.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSDFileWatcher - Unknown owner - C:\WINDOWS\system32\FSDFileWatcher.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Computer Associates - C:\ingresII\ingres\bin\servproc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\Ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\Oracle\Ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\bin\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\Oracle\Ora92\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\Oracle\Ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\Oracle\Ora92\bin\encsvc.exe
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\Oracle\Ora92\bin\agntsvc.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\Oracle\Ora92\BIN\TNSLSNR
O23 - Service: OracleServiceFAMPS - Oracle Corporation - C:\Oracle\Ora92\bin\oracle.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SCAMS_FileWatcher - Unknown owner - C:\WINDOWS\system32\SCAMS_FileWatcher.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

--
End of file - 18798 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 07:15:22 0 drahs---- C:\autorun.inf
2008-08-04 00:03:35 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 00:03:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 00:03:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 00:03:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 00:03:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 00:03:35 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 00:03:35 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 00:03:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-03 16:55:16 0 d-------- C:\Program Files\Crawler
2008-08-03 16:54:43 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Spyware Terminator
2008-08-03 16:54:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-03 16:54:34 0 d-------- C:\Program Files\Spyware Terminator
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-02 15:33:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-02 15:33:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-02 15:33:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-02 15:33:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-02 15:33:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-02 15:33:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-08-02 15:33:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-02 15:32:35 0 d-------- C:\WINDOWS\CSC
2008-08-02 02:35:05 0 d-------- C:\Documents and Settings\ingres\Application Data\Lavasoft
2008-08-02 02:27:21 0 d-------- C:\Documents and Settings\ingres\Application Data\Macromedia
2008-08-02 02:18:52 0 d-------- C:\Documents and Settings\ingres\Application Data\Logitech
2008-08-02 02:13:35 0 dr-h----- C:\Documents and Settings\ingres\Recent
2008-08-01 10:06:25 0 d-------- C:\Program Files\Intelore
2008-07-29 11:07:43 0 d--h----- C:\WINDOWS\PIF
2008-07-28 12:55:44 0 dr-h----- C:\Documents and Settings\Fairuz Azmi\Recent
2008-07-19 12:11:31 0 d-------- C:\WINDOWS\Sun
2008-07-19 12:11:31 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Sun
2008-07-19 12:10:44 0 d-------- C:\Program Files\Sun
2008-07-19 12:09:30 0 d-------- C:\Program Files\Java
2008-07-19 12:04:31 0 d-------- C:\Program Files\Common Files\Java
2008-07-16 23:34:14 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Logitech
2008-07-16 23:27:26 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:27:26 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2008-07-16 23:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-16 23:26:22 0 d-------- C:\Program Files\Logitech
2008-07-16 23:26:14 0 d-------- C:\Program Files\Common Files\Logitech
2008-07-16 23:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-15 12:48:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-15 03:03:38 58594 --a------ C:\WINDOWS\system32\mpt.exe
2008-07-04 14:59:09 0 d-------- C:\Documents and Settings\ingres\Application Data\DivX
2008-07-04 14:59:05 0 d-------- C:\Documents and Settings\ingres\Application Data\Media Player Classic

-- Find3M Report ---------------------------------------------------------------

2008-08-04 07:24:59 0 d-------- C:\Program Files\Common Files
2008-08-04 07:20:10 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
2008-08-04 01:24:40 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
2008-08-04 00:29:37 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-29 00:32:52 0 d-------- C:\Program Files\Novativa Streamster
2008-07-23 16:55:28 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
2008-07-16 23:26:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-06 00:28:09 0 d-------- C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio
2008-06-18 17:19:24 0 d-------- C:\Program Files\uTorrent
2008-05-07 08:57:14 146293 --a------ C:\WINDOWS\system32\nvModes.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [21/02/2007 11:19]
"IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [21/02/2007 11:17]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [11/05/2007 22:57]
"nwiz "= "nwiz.exe" [11/05/2007 22:57 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey "= "nvHotkey.dll" [11/05/2007 22:57 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [11/05/2007 22:57]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 11:35]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"RoxWatchTray "= "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"SigmatelSysTrayApp "= "stsystra.exe" [06/05/2007 17:10 C:\WINDOWS\stsystra.exe]
"KADxMain "= "C:\WINDOWS\system32\KADxMain.exe" [02/11/2006 14:05]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [14/05/2007 14:23]
"OrderReminder "= "C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [21/12/2005 17:00]
"pdfFactory Pro Dispatcher v2 "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [31/05/2005 22:31]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 22:59]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [19/07/2006 19:26]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [27/09/2006 20:33]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [11/04/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [03/08/2008 16:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 22:59]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 18:00]
"uTorrent "= "C:\Program Files\uTorrent\uTorrent.exe" [05/01/2008 23:53]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [15/11/2005 19:44]
"mpt "= "c:\WINDOWS\system32\mpt.exe" [15/07/2008 03:03]

C:\Documents and Settings\Fairuz Azmi\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24/08/2007 4:45:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 12:37:56]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [24/05/2006 18:28:28]
DSLMON.lnk - C:\Program Files\Analog Devices\ADSL USB MODEM\dslmon.exe [07/11/2007 0:54:35]
Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe [14/05/2003 19:32:18]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/07/2008 23:27:25]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [23/05/2008 16:44:26]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

*Newly Created Service* - CATCHME
*Newly Created Service* - SP_RSDRV2

-- End of Deckard's System Scanner: finished at 2008-08-04 07:42:07 ------------

myfama · 2008/08/03

noahdfear

I've run the above as following your instructions. Kindly let me know should I missed any of the steps given.

Thanks

noahdfear · 2008/08/03

Do you have any Eden Utility software installed? Appears to be a billing utility of sorts?

Please scan with Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here.

If Norton still fails to start properly, a repair might be in order. If you go to Add/Remove programs and selct your Norton product, then click Remove, you should be given an option to repair.

Log in or Sign up

Solved userinit.exe application error - blue screen

myfama Inactive Thread Starter

IvanH Well-Known Member

noahdfear Inactive

IvanH Well-Known Member

noahdfear Inactive

IvanH Well-Known Member

PeteC SuperGeek Staff

noahdfear Inactive

myfama Inactive Thread Starter

myfama Inactive Thread Starter

Admin. Administrator Administrator Staff

noahdfear Inactive

myfama Inactive Thread Starter

noahdfear Inactive

myfama Inactive Thread Starter

noahdfear Inactive

myfama Inactive Thread Starter

myfama Inactive Thread Starter

myfama Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Solved userinit.exe application error - blue screen

myfama Inactive Thread Starter

IvanH Well-Known Member

noahdfear Inactive

IvanH Well-Known Member

noahdfear Inactive

IvanH Well-Known Member

PeteC SuperGeek Staff

noahdfear Inactive

myfama Inactive Thread Starter

myfama Inactive Thread Starter

Admin. Administrator Administrator Staff

noahdfear Inactive

myfama Inactive Thread Starter

noahdfear Inactive

myfama Inactive Thread Starter

noahdfear Inactive

myfama Inactive Thread Starter

myfama Inactive Thread Starter

myfama Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches