1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved newly file added to pendrive keep continue being deleted

Discussion in 'Malware and Virus Removal Archive' started by myfama, 2008/12/05.

Page 1 of 2
  1. 2008/12/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    [Resolved] newly file added to pendrive keep continue being deleted

    Hi Gents,

    I think my laptop has been infected with virus/worm since a week ago. The scenario is like this if I copy any file form my machine to the pendrive, the file will go disappear after a while. When I scan the pendrive with updated AVG Anti-Virus Free ver, the following virus/worm is detected again and again. I've performed virus scan on my machine 2 days ago but the virus/worm keep appears and deleting any newly added file to the pendrive.

    File: autorun.inf
    Infection: Virus identified Worm/AutoRun.BG

    Please help me.
     
    Last edited: 2008/12/05
    myfama,
    #1
  2. 2008/12/05
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this and post the requested logs in your next post in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2008/12/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    info.txt logfile of random's system information tool 1.04 2008-12-05 17:07:27

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Advantage Ingres [ II ] Enterprise Edition-->C:\WINDOWS\system32\ingwrap.exe C:\WINDOWS\system32\inguninst.exe "C:\IngresII "
    AMPS-->MsiExec.exe /X{8CF2CBAB-5DEE-4136-9E53-60D09601D53D}
    AMPS-->MsiExec.exe /X{9B12DDD3-F1BE-4FB6-9FD2-308549244609}
    AMPSSupplyMobileWsSetup-->MsiExec.exe /I{BA0554A1-5401-4D5E-AE5C-DAE5767915C6}
    Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
    Canon iP1800 series--> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
    Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
    Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
    Canon Utilities Easy-PrintToolBox-->C:\Program Files\Canon\Easy-PrintToolBox\uninst.exe uninst.ini
    CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
    Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
    Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Ease Audio Converter 4.80--> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe "
    FLV Player 1.3.3--> "C:\Program Files\FLVPlayer\uninstall.exe "
    Heroes of Might and Magic® III-->C:\WINDOWS\IsUninst.exe -fd:\Heroes\Uninst.isu -c "d:\Heroes\uninst.dll
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB909394)--> "C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB914440)--> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB915800)--> "C:\WINDOWS\$NtUninstallKB915800$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
    HP LaserJet M1005-->C:\Program Files\Agilent-HP\{d60ce1cf-fd51-49bb-aaa6-678467c43257}\uninstall.exe SYSTEM "C:\Program Files\Agilent-HP\{d60ce1cf-fd51-49bb-aaa6-678467c43257} "
    HP OrderReminder--> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
    Hummingbird BI Query-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6F43BD6-0625-11D7-9D89-00010277CEE8}\setup.exe" -l0x9
    Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
    IntelliSonic Speech Enhancement-->MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
    K-Lite Codec Pack 3.4.5 Full--> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
    LimeWire PRO 4.14.10--> "C:\Program Files\LimeWire\uninstall.exe "
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
    Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
    Marketiva-->C:\Program Files\Novativa Streamster\Uninstall.exe
    mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
    mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
    mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
    Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
    Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {75EC8FFC-B913-4991-B3A1-22576D2FC45D}
    Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {C1877F6E-C1C8-486D-A697-86431029690C}
    Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
    Microsoft Office Project Professional 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL
    Microsoft Office Project Professional 2007-->MsiExec.exe /X{91120000-003B-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
    Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
    Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
    Microsoft Office Visio Professional 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
    Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    OpenROAD 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8568E000-AE70-11D4-8EE7-00C04F81B484}\Setup.exe" -l0x9 -wa
    Orbit Downloader--> "C:\Program Files\Orbitdownloader\unins000.exe "
    PA Mobile-->MsiExec.exe /I{8AC9C8D1-62F2-4B8A-80E4-117F560DC274}
    pdfFactory Pro-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst2.exe /uninstall
    PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
    QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
    Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Scan To-->MsiExec.exe /I{9356940C-B360-4EF4-BE6C-BD488350AB17}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB946974)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB947801)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
    Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 9 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB890046)--> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917537)--> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB939373)--> "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB939653)--> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB942830)--> "C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB942831)--> "C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
    ShopperReports-->C:\Program Files\ShoppingReport\Uninst.exe
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb953463)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
    Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
    Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
    Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
    Update for Windows XP (KB904942)--> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe "
    Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
    Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
    Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
    Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
    Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
    Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
    Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
    Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
    Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
    Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
    Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
    Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
    Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
    Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
    Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
    Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
    Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Security center information======

    AV: AVG Anti-Virus Free
    FW: COMODO Firewall Pro

    ======Environment variables======

    "ADVLOC "=C:\AMPS\
    "AMPSBIN "=C:\AMPS\Bin\
    "AMPSWEB "=http://imis-203/amps/
    "BI_ROOT "=C:\Program Files\Hummingbird\BI
    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "II_DATE_CENTURY_BOUNDARY "=50
    "II_DATE_FORMAT "=MULTINATIONAL4
    "II_EMBED_SET "=dbmserror
    "II_LIBU3GL "=kernel32.dll;user32.dll;introp32.dll;amps32.dll;comlogin.dll;fmmsing.dll;shell32.dll;random.dll;crpe32.dll;crwrap32.dll;sdsscat.dll;sdss_ame.dll;sdss.dll
    "II_SYSTEM "=C:\IngresII
    "II_W4GLAPPS_DIR "=C:\AMPS\Bin\
    "Include "=C:\IngresII\ingres\files
    "ING_SET "=set lockmode session where readlock=nolock
    "JSERV "=C:\Oracle\Ora92/Apache/Jserv/conf
    "Lib "=C:\IngresII\ingres\lib
    "NUMBER_OF_PROCESSORS "=2
    "ORACLE_HOME "=C:\Oracle\Ora92
    "OS "=Windows_NT
    "Path "=C:\AMPS\Bin\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\AMPS\Bin;C:\Oracle\Ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\IngresII\ingres\bin;C:\IngresII\ingres\utility;C:\IngresII\ingres\vdba;C:\PROGRA~1\HUMMIN~1\BI\Utility
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 10, GenuineIntel
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_REVISION "=0f0a
    "RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "windir "=%SystemRoot%
    "WV_GATEWAY_CFG "=C:\Oracle\Ora92\Apache\modplsql\cfg\wdbsvr.app

    -----------------EOF-----------------
     
    myfama,
    #3
  5. 2008/12/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Fairuz Azmi at 2008-12-05 17:04:45
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 22 GB (36%) free of 61 GB
    Total RAM: 2046 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:07:25, on 05/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Oracle\Ora92\bin\omtsreco.exe
    C:\Oracle\Ora92\bin\agntsrvc.exe
    C:\Oracle\Ora92\BIN\TNSLSNR.exe
    C:\WINDOWS\system32\cmd.exe
    c:\oracle\ora92\bin\ORACLE.EXE
    C:\Oracle\Ora92\bin\dbsnmp.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\System32\WScript.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\IngresII\ingres\vdba\ivm.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\system32\inetsrv\DavCData.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Fairuz Azmi\Desktop\RSIT.exe
    C:\Program Files\trend micro\Fairuz Azmi.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imis-203/amps/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [vr64] C:\WINDOWS\system32\prnjobt.vbe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
    O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKUS\S-1-5-21-57989841-839522115-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'ingres')
    O4 - HKUS\S-1-5-21-57989841-839522115-725345543-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'ingres')
    O4 - HKUS\S-1-5-21-57989841-839522115-725345543-1005\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'ingres')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Ingres Visual Manager [ II ].lnk = C:\WINDOWS\system32\ingwrap.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.imis-203
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCDF} (CS Order Entry Control (AIB)) - http://download.excelforce.com.my/aib/cab/csoex_aib.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194242816093
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jumboplay.bluehyppo.com/class/DragonbackCtl.ocx
    O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://download.excelforce.com.my/aib/cab/cswx.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: ADEListener - Eden Technology Pty Limited - C:\WINDOWS\system32\ADEListener.exe
    O23 - Service: AMPS Email Processor - - c:\windows\system32\emailprocessor.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FSDFileWatcher - - c:\windows\system32\fsdfilewatcher.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Computer Associates - C:\IngresII\ingres\bin\servproc.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\Ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\Oracle\Ora92\bin\agntsrvc.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\Oracle\Ora92\Apache\Apache\apache.exe
    O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\Oracle\Ora92/bin/pagntsrv.exe
    O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\Oracle\Ora92\BIN\ENCSVC.EXE
    O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\Oracle\Ora92\BIN\AGNTSVC.EXE
    O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\Oracle\Ora92\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceFAMPS - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SCAMS_FileWatcher - - C:\WINDOWS\system32\SCAMS_FileWatcher.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 17458 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
    ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll [2008-02-06 1173024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-25 455960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-11-01 198136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-25 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-11 262144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-06 816400]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
    {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-08-11 262144]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-25 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig "=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
    "IntelWireless "=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
    "nwiz "=nwiz.exe /installquiet []
    "NVHotkey "=C:\WINDOWS\system32\nvHotkey.dll [2007-05-11 67584]
    "NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
    "RoxWatchTray "=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
    "SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
    "KADxMain "=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
    "Dell QuickSet "=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
    "OrderReminder "=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-12-21 98304]
    "pdfFactory Pro Dispatcher v2 "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2005-05-31 483328]
    "YSearchProtection "=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
    "GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "Logitech Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "Easy-PrintToolBox "=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
    "AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
    "vr64 "=C:\WINDOWS\system32\prnjobt.vbe [2008-12-05 709764]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
    "YSearchProtection "=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "uTorrent "=C:\Program Files\uTorrent\uTorrent.exe [2008-01-05 219952]
    "H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1200128]
    "mpt "=c:\WINDOWS\system32\mpt.exe [2008-07-15 58594]
    "Search Protection "=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Ingres Visual Manager [ II ].lnk - C:\WINDOWS\system32\ingwrap.exe
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Fairuz Azmi\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "avgrsstx.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages "=
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools "=1
    "NoFolderOptions "=0
    "DisableTaskMgr "=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "DisableStatusMessages "=0
    "DisableRegistryTools "=1
    "DisableTaskMgr "=1
    "NoFolderOptions "=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=36
    "NoDrives "=0
    "NoDriveAutoRun "=FFFFFFFF
    "NoRun "=1
    "NoFind "=1
    "NoFolderOptions "=0
    "NoFileMenu "=1
    "NoSaveSetting "=1
    "HideRunAsVerb "=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun "=
    "NoDriveTypeAutoRun "=
    "NoDrives "=
    "NoFolderOptions "=
    "NoRun "=
    "NoFind "=
    "NoTrayContextMenu "=
    "NoSaveSetting "=
    "HideRunAsVerb "=
    "InternetOpenWith "=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
    "C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
    "C:\Oracle\Ora92\Apache\Apache\Apache.exe "= "C:\Oracle\Ora92\Apache\Apache\Apache.exe:*:Enabled:Apache "
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE "= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
    "C:\Program Files\Orbitdownloader\orbitdm.exe "= "C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit "
    "C:\Program Files\Orbitdownloader\orbitnet.exe "= "C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2428f742-7ed5-11dd-96ad-001c26f066af}]
    shell\AutoRun\command - F:\ov.cmd
    shell\explore\command - F:\ov.cmd
    shell\open\command - F:\ov.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feea-a720-11dd-9744-001c26f066af}]
    shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feeb-a720-11dd-9744-001c26f066af}]
    shell\AutoRun\command - wscript.exe information.vbs
    shell\find\command - wscript.exe information.vbs
    shell\open\command - wscript.exe information.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e94b57-dddc-11dc-94af-001c26f066af}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1bd-7e3f-11dd-96ab-001c26f066af}]
    shell\Auto\command - My_Heart.exe
    shell\AutoRun\command - My_Heart.exe
    shell\Explore\command - My_Heart.exe
    shell\OPEN\command - My_Heart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1c1-7e3f-11dd-96ab-001c26f066af}]
    shell\Auto\command - F:\My_Heart.exe
    shell\AutoRun\command - F:\My_Heart.exe
    shell\Explore\command - F:\My_Heart.exe
    shell\OPEN\command - F:\My_Heart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1835b71-8ba1-11dc-93c8-001c239b40f5}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1 "
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1 "
    .scr - config -

    ======List of files/folders created in the last 3 months======

    2008-12-05 17:04:45 ----D---- C:\rsit
    2008-12-05 17:04:45 ----D---- C:\Program Files\trend micro
    2008-11-16 15:59:39 ----D---- C:\WINDOWS\9B12DDD3F1BE4FB69FD2308549244609.TMP
    2008-10-25 16:25:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2008-10-25 16:25:23 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\AVGTOOLBAR
    2008-09-27 06:49:16 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\DivX
    2008-09-27 01:17:16 ----N---- C:\WINDOWS\system32\pxinsi64.exe
    2008-09-27 01:17:16 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
    2008-09-27 01:17:16 ----N---- C:\WINDOWS\system32\pxcpya64.exe
    2008-09-27 01:17:15 ----N---- C:\WINDOWS\system32\pxinsa64.exe
    2008-09-27 01:17:15 ----N---- C:\WINDOWS\system32\pxhpinst.exe
    2008-09-27 01:16:52 ----D---- C:\Program Files\DivX
    2008-09-27 01:05:55 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\Mozilla
    2008-09-27 01:05:50 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-26 05:25:19 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\LimeWire
    2008-09-26 05:25:05 ----D---- C:\Program Files\LimeWire
    2008-09-16 08:14:26 ----A---- C:\WINDOWS\system32\DivXsm.exe
    2008-09-16 08:14:24 ----A---- C:\WINDOWS\system32\qt-dx331.dll
    2008-09-16 08:12:54 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-09-16 08:12:54 ----A---- C:\WINDOWS\system32\libdivx.dll
    2008-09-16 08:12:02 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
    2008-09-16 08:12:02 ----A---- C:\WINDOWS\system32\dtu100.dll
    2008-09-16 08:12:02 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
    2008-09-16 08:12:02 ----A---- C:\WINDOWS\system32\dpl100.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpv11.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpus11.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpu11.dll
    2008-09-16 08:12:00 ----A---- C:\WINDOWS\system32\dpu10.dll
    2008-09-16 08:11:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
    2008-09-16 08:11:58 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
    2008-09-16 08:11:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
    2008-09-16 08:11:58 ----A---- C:\WINDOWS\system32\divx_xx07.dll
    2008-09-16 08:11:56 ----A---- C:\WINDOWS\system32\DivX.dll
    2008-09-16 08:11:28 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-09-16 08:11:10 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-09-13 01:54:29 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
    2008-09-11 08:49:41 ----D---- C:\WINDOWS\system32\Adobe
    2008-09-08 15:25:01 ----D---- C:\AudioConverter
    2008-09-08 15:17:08 ----A---- C:\WINDOWS\AudioConverter.INI
    2008-09-08 15:12:21 ----D---- C:\Program Files\easetech

    ======List of files/folders modified in the last 3 months======

    2008-12-05 17:07:26 ----D---- C:\WINDOWS\system32
    2008-12-05 17:07:25 ----D---- C:\WINDOWS\Temp
    2008-12-05 17:07:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-05 17:05:39 ----D---- C:\WINDOWS\Prefetch
    2008-12-05 17:04:45 ----RD---- C:\Program Files
    2008-12-05 16:57:52 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\uTorrent
    2008-12-05 16:54:06 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\ShoppingReport
    2008-12-05 15:42:26 ----D---- C:\WINDOWS\Registration
    2008-12-05 14:39:57 ----D---- C:\WINDOWS\system32\inetsrv
    2008-12-05 14:37:45 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-05 14:37:11 ----SD---- C:\WINDOWS\Tasks
    2008-12-05 13:09:48 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-02 21:17:25 ----A---- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
    2008-11-30 23:11:43 ----AD---- C:\LIBRARY
    2008-11-30 23:11:27 ----D---- C:\Downloads
    2008-11-30 22:56:50 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2008-11-21 18:08:25 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\Orbit
    2008-11-16 16:00:24 ----D---- C:\WINDOWS
    2008-11-16 15:59:45 ----SHD---- C:\WINDOWS\Installer
    2008-11-16 15:59:23 ----A---- C:\WINDOWS\dmredl.ini
    2008-11-12 13:47:37 ----D---- C:\Program Files\MetaTrader - FXOpen
    2008-10-31 11:26:55 ----A---- C:\WINDOWS\ODBC.INI
    2008-10-29 11:59:14 ----HD---- C:\WINDOWS\inf
    2008-10-25 16:53:06 ----D---- C:\WINDOWS\system32\drivers
    2008-10-25 16:25:06 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-25 16:24:55 ----D---- C:\WINDOWS\WinSxS
    2008-10-25 16:24:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-10-24 19:00:13 ----D---- C:\WINDOWS\system32\Macromed
    2008-10-24 15:47:29 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-17 15:53:46 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\Yahoo!
    2008-10-16 09:02:48 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\AdobeUM
    2008-10-15 11:49:36 ----SD---- C:\Documents and Settings\Fairuz Azmi\Application Data\Microsoft
    2008-10-13 22:26:39 ----D---- C:\Program Files\Novativa Streamster
    2008-10-09 10:10:04 ----D---- C:\WINDOWS\Help
    2008-10-08 08:49:22 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-10-02 20:08:25 ----D---- C:\amps
    2008-09-27 05:29:47 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\Adobe
    2008-09-25 05:14:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-09-19 18:29:56 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
    2008-09-17 00:19:12 ----D---- C:\WINDOWS\system32\CatRoot
    2008-09-16 08:14:20 ----N---- C:\WINDOWS\system32\PxWave.dll
    2008-09-16 08:14:20 ----N---- C:\WINDOWS\system32\PxMas.dll
    2008-09-16 08:14:18 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
    2008-09-16 08:14:18 ----N---- C:\WINDOWS\system32\PxSFS.DLL
    2008-09-16 08:14:18 ----N---- C:\WINDOWS\system32\pxdrv.dll
    2008-09-16 08:14:18 ----N---- C:\WINDOWS\system32\PxAFS.DLL
    2008-09-16 08:14:18 ----N---- C:\WINDOWS\system32\Px.dll
    2008-09-15 23:27:58 ----A---- C:\WINDOWS\aceg.ini
    2008-09-15 23:26:13 ----A---- C:\WINDOWS\EaseAudioConverter.ini
    2008-09-13 01:55:00 ----D---- C:\Program Files\WinZip
    2008-09-08 00:54:47 ----D---- C:\Documents and Settings\Fairuz Azmi\Application Data\Roxio

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-25 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-25 26824]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
    R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-05 21425]
    R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
    R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
    R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
    R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
    R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
    R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
    R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
    R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
    R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
    R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
    R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
    R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
    R3 DXEC02;DXEC02; C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 103168]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-03 989696]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-03 209152]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
    R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
    R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6345472]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-21 58240]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-03 730112]
    S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
    S3 adiusbae;ADSL USB MODEM LAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbae.sys []
    S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
    S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
    S3 catchme;catchme; \??\C:\DOCUME~1\FAIRUZ~1\LOCALS~1\Temp\catchme.sys []
    S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
    S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
    R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
    R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
    R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
    R2 Ingres_Database_II;Ingres Intelligent Database [II]; C:\IngresII\ingres\bin\servproc.exe [2003-05-14 24576]
    R2 LogWatch;Event Log Watch; C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
    R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\Oracle\Ora92\bin\omtsreco.exe [2002-04-30 57603]
    R2 OracleOraHome92Agent;OracleOraHome92Agent; C:\Oracle\Ora92\bin\agntsrvc.exe [2002-04-26 28944]
    R2 OracleOraHome92TNSListener;OracleOraHome92TNSListener; C:\Oracle\Ora92\BIN\TNSLSNR []
    R2 OracleServiceFAMPS;OracleServiceFAMPS; c:\oracle\ora92\bin\ORACLE.EXE [2002-05-14 29475088]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
    R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
    R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
    S3 ADEListener;ADEListener; C:\WINDOWS\system32\ADEListener.exe [2006-04-05 28672]
    S3 AMPS Email Processor;AMPS Email Processor; c:\windows\system32\emailprocessor.exe [2007-03-06 45056]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 CA_LIC_CLNT;CA License Client; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
    S3 CA_LIC_SRVR;CA License Server; C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
    S3 FSDFileWatcher;FSDFileWatcher; c:\windows\system32\fsdfilewatcher.exe [2005-11-07 49152]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\Oracle\Ora92\BIN\ONRSD.EXE [2002-04-26 242328]
    S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; C:\Oracle\Ora92\Apache\Apache\apache.exe [2002-04-18 4096]
    S3 OracleOraHome92PagingServer;OracleOraHome92PagingServer; C:\Oracle\Ora92/bin/pagntsrv.exe [2002-08-21 49152]
    S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator; C:\Oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
    S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent; C:\Oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 SCAMS_FileWatcher;SCAMS_FileWatcher; C:\WINDOWS\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

    -----------------EOF-----------------
     
    myfama,
    #4
  6. 2008/12/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Hope this will help. Thank you
     
    myfama,
    #5
  7. 2008/12/05
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks for that - one of our trained malware analysts will attend to your logs as soon as possible. as you might imagine they are extremely busy and all logs are dealt with in the order received.
     
    PeteC,
    #6
  8. 2008/12/05
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Understood. By the way, If I have another different problem on my machine should I create another thread or can continue in the same thread since it could be caused by the same virus/walware.
     
    myfama,
    #7
  9. 2008/12/05
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    First wait till this issue has been addressed.
     
    Arie,
    #8
  10. 2008/12/07
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi myfama,

    Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

    Next, please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix



    Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.
     
    noahdfear,
    #9
  11. 2008/12/09
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    ComboFix 08-12-07.04 - Fairuz Azmi 2008-12-09 16:45:09.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1237 [GMT 8:00]
    Running from: c:\documents and settings\Fairuz Azmi\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Fairuz Azmi\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    c:\documents and settings\ingres\Application Data\ShoppingReport
    c:\documents and settings\ingres\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\ingres\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\ingres\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\ingres\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\program files\INSTALL.LOG
    c:\program files\ShoppingReport
    c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    c:\program files\ShoppingReport\Uninst.exe
    c:\windows\system32\mpt.exe
    c:\windows\system32\vsoiynhw.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
    .

    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- C:\rsit
    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- c:\program files\trend micro
    2008-12-02 09:04 . 2008-12-09 16:51 709,764 -rahs---- c:\windows\system32\prnjobt.vbe
    2008-12-02 09:04 . 2008-12-08 20:16 709,764 -rahs---- C:\Mc~.vbe
    2008-11-16 15:59 . 2008-11-16 15:59 <DIR> d-------- c:\windows\9B12DDD3F1BE4FB69FD2308549244609.TMP
    2008-11-16 15:57 . 2008-11-16 15:57 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-09 08:38 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\uTorrent
    2008-12-07 15:56 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AdobeUM
    2008-12-06 14:47 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Orbit
    2008-11-30 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
    2008-11-16 07:55 --------- d--h--r c:\documents and settings\ingres\Application Data\yahoo!
    2008-11-12 05:47 --------- d-----w c:\program files\MetaTrader - FXOpen
    2008-11-02 15:21 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\LimeWire
    2008-10-25 08:52 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-25 08:28 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AVGTOOLBAR
    2008-10-25 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-17 07:53 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Yahoo!
    2008-10-13 14:26 --------- d-----w c:\program files\Novativa Streamster
    2007-12-04 02:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-08-11 01:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2008-01-05 219952]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
    "Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "KADxMain "= "c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
    "OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
    "pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Easy-PrintToolBox "= "c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "vr64 "= "c:\windows\system32\prnjobt.vbe" [2008-12-09 709764]
    "nwiz "= "nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]
    "NVHotkey "= "nvHotkey.dll" [2007-05-11 c:\windows\system32\nvhotkey.dll]
    "SigmatelSysTrayApp "= "stsystra.exe" [2007-05-06 c:\windows\stsystra.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    c:\documents and settings\Fairuz Azmi\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
    Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-16 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "= 1 (0x1)
    "DisableTaskMgr "= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "= 1 (0x1)
    "DisableTaskMgr "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileMenu "= 1 (0x1)
    "NoSaveSetting "= 1 (0x1)
    "HideRunAsVerb "= 0 (0x0)
    "InternetOpenWith "= 0 (0x0)
    "NoRun "= 1 (0x1)
    "NoFind "= 1 (0x1)
    "NoTrayContextMenu "= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileMenu "= 1 (0x1)
    "NoSaveSetting "= 1 (0x1)
    "HideRunAsVerb "= 0 (0x0)
    "NoRun "= 1 (0x1)
    "NoFind "= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileMenu "= 1 (0x1)
    "NoSaveSetting "= 1 (0x1)
    "HideRunAsVerb "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Oracle\\Ora92\\Apache\\Apache\\Apache.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "12741:TCP "= 12741:TCP:utorrent

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
    R2 Ingres_Database_II;Ingres Intelligent Database [II]; "c:\ingresii\ingres\bin\servproc.exe" [2003-05-14 19:03:48 24576]
    R2 LogWatch;Event Log Watch; "c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 53248]
    R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\Ora92\bin\agntsrvc.exe [2002-04-26 28944]
    R2 OracleServiceFAMPS;OracleServiceFAMPS;c:\oracle\ora92\bin\ORACLE.EXE FAMPS []
    S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
    S3 adiusbae;ADSL USB MODEM LAN ADAPTER;c:\windows\system32\DRIVERS\adiusbae.sys []
    S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\emailprocessor.exe [2007-03-06 45056]
    S3 CA_LIC_CLNT;CA License Client; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 77824]
    S3 CA_LIC_SRVR;CA License Server; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 77824]
    S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\fsdfilewatcher.exe [2005-11-07 49152]
    S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; "c:\oracle\Ora92\Apache\Apache\apache.exe" --ntservice [2002-04-18 4096]
    S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
    S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
    S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2428f742-7ed5-11dd-96ad-001c26f066af}]
    \Shell\AutoRun\command - F:\ov.cmd
    \Shell\explore\Command - F:\ov.cmd
    \Shell\open\Command - F:\ov.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feea-a720-11dd-9744-001c26f066af}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feeb-a720-11dd-9744-001c26f066af}]
    \Shell\AutoRun\command - wscript.exe information.vbs
    \Shell\find\Command - wscript.exe information.vbs
    \Shell\open\Command - wscript.exe information.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1bd-7e3f-11dd-96ab-001c26f066af}]
    \Shell\Auto\command - My_Heart.exe
    \Shell\AutoRun\command - My_Heart.exe
    \Shell\Explore\command - My_Heart.exe
    \Shell\OPEN\command - My_Heart.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1c1-7e3f-11dd-96ab-001c26f066af}]
    \Shell\Auto\command - F:\My_Heart.exe
    \Shell\AutoRun\command - F:\My_Heart.exe
    \Shell\Explore\command - F:\My_Heart.exe
    \Shell\OPEN\command - F:\My_Heart.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-12-08 c:\windows\Tasks\At1.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At10.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At11.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At12.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At13.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At14.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At15.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At16.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At17.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At18.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At19.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At2.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At20.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At21.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At22.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At23.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At24.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At25.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At26.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At27.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At28.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At29.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At3.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At30.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At31.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At32.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At33.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At34.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At35.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At36.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At37.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At38.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At39.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At4.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At40.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At41.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At42.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At43.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At44.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At45.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At46.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At47.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At48.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At49.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At5.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At50.job
    - c:\windows\Temp\Pdg.vbe []

    2008-12-08 c:\windows\Tasks\At51.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-09 c:\windows\Tasks\At52.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At6.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At7.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At8.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]

    2008-12-08 c:\windows\Tasks\At9.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe [2008-12-09 16:52]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-mpt - c:\windows\system32\mpt.exe
    Notify-dimsntfy - (no file)
    Notify-NavLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://imis-203/amps/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\csoex_aib.ocx
    O16 -: {1FAF427B-1EE5-43D3-A023-3009142AFCDF}
    hxxp://download.excelforce.com.my/aib/cab/csoex_aib.cab
    c:\windows\Downloaded Program Files\csoex_aib.inf

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\cswx.ocx
    O16 -: {B9B2EE1A-E314-4338-A305-BE845EACB112}
    hxxp://download.excelforce.com.my/aib/cab/cswx.cab
    c:\windows\Downloaded Program Files\cswx.inf
    FireFox -: Profile - c:\documents and settings\Fairuz Azmi\Application Data\Mozilla\Firefox\Profiles\p14w3m3f.default\
    FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1 "
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-09 16:50:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92PagingServer]
    "ImagePath "= "c:\oracle\Ora92/bin/pagntsrv.exe "

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92TNSListener]
    "ImagePath "= "c:\oracle\Ora92\BIN\TNSLSNR "
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Canon\IJPLM\ijplmsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\oracle\Ora92\bin\omtsreco.exe
    c:\oracle\Ora92\bin\TNSLSNR.EXE
    c:\oracle\Ora92\bin\oracle.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\oracle\Ora92\bin\dbsnmp.exe
    c:\windows\system32\spool\drivers\w32x86\3\HP1005MC.EXE
    c:\windows\system32\wdfmgr.exe
    c:\ingresii\ingres\bin\iigcn.exe
    c:\ingresii\ingres\bin\iigcc.exe
    c:\ingresii\ingres\bin\iigworad.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscript.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\ingresii\ingres\vdba\ivm.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-09 16:53:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-09 08:53:36

    Pre-Run: 23.985.741.824 bytes free
    Post-Run: 24,236,982,272 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    392 --- E O F --- 2008-08-10 14:54:54
     
    myfama,
    #10
  12. 2008/12/09
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    
http://www.windowsbbs.com/malware-virus-removal/79278-active-newly-file-added-pendrive-keep-continue-being-deleted.html#post431156

Collect::
c:\windows\system32\prnjobt.vbe
C:\Mc~.vbe
File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "vr64 "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "DisableRegistryTools "=-
 "DisableTaskMgr "=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
 "DisableRegistryTools "=-
 "DisableTaskMgr "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
 "NoFileMenu "=-
 "NoSaveSetting "=-
 "HideRunAsVerb "=-
 "InternetOpenWith "=-
 "NoRun "=-
 "NoFind "=-
 "NoTrayContextMenu "=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
 "NoFileMenu "=-
 "NoSaveSetting "=-
 "HideRunAsVerb "=-
 "NoRun "=-
 "NoFind "=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
 "NoFileMenu "=-
 "NoSaveSetting "=-
 "HideRunAsVerb "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2428f742-7ed5-11dd-96ad-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feea-a720-11dd-9744-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b30feeb-a720-11dd-9744-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1bd-7e3f-11dd-96ab-001c26f066af}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1c1-7e3f-11dd-96ab-001c26f066af}]
DDS::
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!
     
    noahdfear,
    #11
  13. 2008/12/10
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    ComboFix 08-12-09.02 - Fairuz Azmi 2008-12-10 13:11:44.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1207 [GMT 8:00]
    Running from: c:\documents and settings\Fairuz Azmi\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Fairuz Azmi\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At49.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At50.job
    c:\windows\Tasks\At51.job
    c:\windows\Tasks\At52.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Mc~.vbe
    c:\windows\system32\prnjobt.vbe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At49.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At50.job
    c:\windows\Tasks\At51.job
    c:\windows\Tasks\At52.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
    .

    2008-12-10 07:20 . 2008-12-10 07:20 <DIR> d--hs---- c:\documents and settings\Fairuz Azmi\UserData
    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- C:\rsit
    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- c:\program files\trend micro
    2008-11-16 15:59 . 2008-11-16 15:59 <DIR> d-------- c:\windows\9B12DDD3F1BE4FB69FD2308549244609.TMP
    2008-11-16 15:57 . 2008-11-16 15:57 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-10 01:30 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\uTorrent
    2008-12-07 15:56 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AdobeUM
    2008-12-06 14:47 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Orbit
    2008-11-30 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
    2008-11-16 07:55 --------- d--h--r c:\documents and settings\ingres\Application Data\yahoo!
    2008-11-12 05:47 --------- d-----w c:\program files\MetaTrader - FXOpen
    2008-11-02 15:21 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\LimeWire
    2008-10-25 08:52 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-25 08:28 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AVGTOOLBAR
    2008-10-25 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-17 07:53 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Yahoo!
    2008-10-13 14:26 --------- d-----w c:\program files\Novativa Streamster
    2007-12-04 02:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-08-11 01:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-09_16.52.54.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-09 08:49:31 231,166 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2008-12-10 05:18:55 231,169 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2008-01-05 219952]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
    "Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "KADxMain "= "c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
    "OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
    "pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Easy-PrintToolBox "= "c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "nwiz "= "nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]
    "NVHotkey "= "nvHotkey.dll" [2007-05-11 c:\windows\system32\nvhotkey.dll]
    "SigmatelSysTrayApp "= "stsystra.exe" [2007-05-06 c:\windows\stsystra.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    c:\documents and settings\Fairuz Azmi\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
    Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-16 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Oracle\\Ora92\\Apache\\Apache\\Apache.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "12741:TCP "= 12741:TCP:utorrent

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
    R2 Ingres_Database_II;Ingres Intelligent Database [II]; "c:\ingresii\ingres\bin\servproc.exe" [2003-05-14 19:03:48 24576]
    R2 LogWatch;Event Log Watch; "c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 53248]
    R2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\Ora92\bin\agntsrvc.exe [2002-04-26 28944]
    R2 OracleServiceFAMPS;OracleServiceFAMPS;c:\oracle\ora92\bin\ORACLE.EXE FAMPS []
    S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
    S3 adiusbae;ADSL USB MODEM LAN ADAPTER;c:\windows\system32\DRIVERS\adiusbae.sys []
    S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\emailprocessor.exe [2007-03-06 45056]
    S3 CA_LIC_CLNT;CA License Client; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 77824]
    S3 CA_LIC_SRVR;CA License Server; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 77824]
    S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\fsdfilewatcher.exe [2005-11-07 49152]
    S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; "c:\oracle\Ora92\Apache\Apache\apache.exe" --ntservice [2002-04-18 4096]
    S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
    S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
    S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e94b57-dddc-11dc-94af-001c26f066af}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mc~.vbe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

    2008-12-09 c:\windows\Tasks\At53.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe []

    2008-12-09 c:\windows\Tasks\At54.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe []

    2008-12-10 c:\windows\Tasks\At55.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe []

    2008-12-10 c:\windows\Tasks\At56.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe []

    2008-12-10 c:\windows\Tasks\At57.job
    - c:\docume~1\FAIRUZ~1\LOCALS~1\Temp\Pdg.vbe []
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://imis-203/amps/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\csoex_aib.ocx
    O16 -: {1FAF427B-1EE5-43D3-A023-3009142AFCDF}
    hxxp://download.excelforce.com.my/aib/cab/csoex_aib.cab
    c:\windows\Downloaded Program Files\csoex_aib.inf

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\cswx.ocx
    O16 -: {B9B2EE1A-E314-4338-A305-BE845EACB112}
    hxxp://download.excelforce.com.my/aib/cab/cswx.cab
    c:\windows\Downloaded Program Files\cswx.inf
    FireFox -: Profile - c:\documents and settings\Fairuz Azmi\Application Data\Mozilla\Firefox\Profiles\p14w3m3f.default\
    FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-10 14:02:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92PagingServer]
    "ImagePath "= "c:\oracle\Ora92/bin/pagntsrv.exe "

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraHome92TNSListener]
    "ImagePath "= "c:\oracle\Ora92\BIN\TNSLSNR "
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Canon\IJPLM\ijplmsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\oracle\Ora92\bin\omtsreco.exe
    c:\oracle\Ora92\bin\TNSLSNR.EXE
    c:\oracle\Ora92\bin\oracle.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\oracle\Ora92\bin\dbsnmp.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\spool\drivers\w32x86\3\HP1005MC.EXE
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\ingresii\ingres\bin\iigcn.exe
    c:\ingresii\ingres\bin\iigcc.exe
    c:\ingresii\ingres\bin\iigworad.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\ingresii\ingres\vdba\ivm.exe
    c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2008-12-10 14:05:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-10 06:05:55

    Pre-Run: 24.123.990.016 bytes free
    Post-Run: 24,226,607,104 bytes free

    332 --- E O F --- 2008-08-10 14:54:54
     
    myfama,
    #12
  14. 2008/12/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e94b57-dddc-11dc-94af-001c26f066af}]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.
     
    noahdfear,
    #13
  15. 2008/12/10
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    ComboFix 08-12-09.02 - Fairuz Azmi 2008-12-10 17:27:57.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1253 [GMT 8:00]
    Running from: c:\documents and settings\Fairuz Azmi\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Fairuz Azmi\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\windows\Tasks\At53.job
    c:\windows\Tasks\At54.job
    c:\windows\Tasks\At55.job
    c:\windows\Tasks\At56.job
    c:\windows\Tasks\At57.job
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Tasks\At53.job
    c:\windows\Tasks\At54.job
    c:\windows\Tasks\At55.job
    c:\windows\Tasks\At56.job
    c:\windows\Tasks\At57.job

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
    .

    2008-12-10 07:20 . 2008-12-10 07:20 <DIR> d--hs---- c:\documents and settings\Fairuz Azmi\UserData
    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- C:\rsit
    2008-12-05 17:04 . 2008-12-05 17:07 <DIR> d-------- c:\program files\trend micro
    2008-11-16 15:59 . 2008-11-16 15:59 <DIR> d-------- c:\windows\9B12DDD3F1BE4FB69FD2308549244609.TMP
    2008-11-16 15:57 . 2008-11-16 15:57 <DIR> d-------- c:\documents and settings\ingres\Application Data\AVGTOOLBAR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-10 09:27 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\uTorrent
    2008-12-07 15:56 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AdobeUM
    2008-12-06 14:47 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Orbit
    2008-11-30 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
    2008-11-16 07:55 --------- d--h--r c:\documents and settings\ingres\Application Data\yahoo!
    2008-11-12 05:47 --------- d-----w c:\program files\MetaTrader - FXOpen
    2008-11-02 15:21 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\LimeWire
    2008-10-25 08:52 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-25 08:28 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\AVGTOOLBAR
    2008-10-25 08:25 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2008-10-25 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-17 07:53 --------- d-----w c:\documents and settings\Fairuz Azmi\Application Data\Yahoo!
    2008-10-13 14:26 --------- d-----w c:\program files\Novativa Streamster
    2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
    2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-09-16 00:14 129,784 ------w c:\windows\system32\PxAFS.DLL
    2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
    2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
    2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dlla
    2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
    2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
    2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
    2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
    2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
    2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
    2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
    2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
    2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
    2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
    2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
    2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
    2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2007-12-04 02:46 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2008-08-11 01:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-12-09_16.52.54.98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-12-09 08:49:31 231,166 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    + 2008-12-10 05:18:55 231,169 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2008-01-05 219952]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]
    "Search Protection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "KADxMain "= "c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
    "OrderReminder "= "c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-12-21 98304]
    "pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
    "YSearchProtection "= "c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Easy-PrintToolBox "= "c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
    "AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "nwiz "= "nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]
    "NVHotkey "= "nvHotkey.dll" [2007-05-11 c:\windows\system32\nvhotkey.dll]
    "SigmatelSysTrayApp "= "stsystra.exe" [2007-05-06 c:\windows\stsystra.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
    "Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

    c:\documents and settings\Fairuz Azmi\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653]
    Ingres Visual Manager [ II ].lnk - c:\windows\system32\ingwrap.exe [2003-05-14 19:32:18 20480]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-16 692224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\\Oracle\\Ora92\\Apache\\Apache\\Apache.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe "=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "12741:TCP "= 12741:TCP:utorrent

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
    R2 Ingres_Database_II;Ingres Intelligent Database [II]; "c:\ingresii\ingres\bin\servproc.exe" [2003-05-14 19:03:48 24576]
    R2 LogWatch;Event Log Watch; "c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 53248]
    R2 OracleServiceFAMPS;OracleServiceFAMPS;c:\oracle\ora92\bin\ORACLE.EXE FAMPS []
    S2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\Ora92\bin\agntsrvc.exe [2002-04-26 28944]
    S3 ADEListener;ADEListener;c:\windows\system32\ADEListener.exe [2006-04-05 28672]
    S3 adiusbae;ADSL USB MODEM LAN ADAPTER;c:\windows\system32\DRIVERS\adiusbae.sys []
    S3 AMPS Email Processor;AMPS Email Processor;c:\windows\system32\emailprocessor.exe [2007-03-06 45056]
    S3 CA_LIC_CLNT;CA License Client; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 77824]
    S3 CA_LIC_SRVR;CA License Server; "c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 77824]
    S3 FSDFileWatcher;FSDFileWatcher;c:\windows\system32\fsdfilewatcher.exe [2005-11-07 49152]
    S3 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; "c:\oracle\Ora92\Apache\Apache\apache.exe" --ntservice [2002-04-18 4096]
    S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\Ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
    S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\Ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
    S3 SCAMS_FileWatcher;SCAMS_FileWatcher;c:\windows\system32\SCAMS_FileWatcher.exe [2007-11-05 69632]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://imis-203/amps/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\csoex_aib.ocx
    O16 -: {1FAF427B-1EE5-43D3-A023-3009142AFCDF}
    hxxp://download.excelforce.com.my/aib/cab/csoex_aib.cab
    c:\windows\Downloaded Program Files\csoex_aib.inf

    c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
    c:\windows\system32\olepro32.dll
    c:\windows\Downloaded Program Files\cswx.ocx
    O16 -: {B9B2EE1A-E314-4338-A305-BE845EACB112}
    hxxp://download.excelforce.com.my/aib/cab/cswx.cab
    c:\windows\Downloaded Program Files\cswx.inf
    FireFox -: Profile - c:\documents and settings\Fairuz Azmi\Application Data\Mozilla\Firefox\Profiles\p14w3m3f.default\
    FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-10 17:29:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\OracleOraHome92PagingServer]
    "ImagePath "= "c:\oracle\Ora92/bin/pagntsrv.exe "

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\OracleOraHome92TNSListener]
    "ImagePath "= "c:\oracle\Ora92\BIN\TNSLSNR "
    .
    Completion time: 2008-12-10 17:31:06
    ComboFix-quarantined-files.txt 2008-12-10 09:30:26
    ComboFix2.txt 2008-12-10 06:05:59

    Pre-Run: 24.187.256.832 bytes free
    Post-Run: 24,171,008,000 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    216 --- E O F --- 2008-08-10 14:54:54
     
    myfama,
    #14
  16. 2008/12/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. How's the computer behaving now?

    Lets get an online scan to be sure we haven't missed something. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log here.
     
    noahdfear,
    #15
  17. 2008/12/10
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    Now it looks better and no more file gone missing in action. I'll do the online scanning as advised by you. Thanks again and will let you know the outcome.
     
    myfama,
    #16
  18. 2008/12/16
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Friday, December 12, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, December 11, 2008 23:33:22
    Records in database: 1453122
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 175343
    Threat name: 20
    Infected objects: 88
    Suspicious objects: 0
    Duration of the scan: 04:19:45


    File name / Threat name / Threats count
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40000\47BF86EE.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40001\47BFCB3D.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40002\47BFCB6C.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40003\47BFCB9C.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40004\47BFCBC9.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40005\47BFD44F.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40006\47BFD47D.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40007\47BFD4AC.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40008\47BFD4D9.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40009\47BFD509.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000A\47BFD536.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000B\47BFD564.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000C\47BFD591.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000D\47BFD5BF.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000E\47BFD5EB.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B4000F\47BFD618.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40010\47BFD645.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B40011\47BFD671.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\085C0000\48DFC2B8.VBN Infected: not-a-virus:FraudTool.Win32.XPAntivirus.ng 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E40000\4FFE31C8.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40000\4AB67067.VBN Infected: not-a-virus:Server-Proxy.Win32.3proxy.af 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40002\4AB67102.VBN Infected: Trojan.Win32.Vapsup.kqi 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40003\4AB6711F.VBN Infected: Trojan.Win32.Vapsup.lju 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40006\4AB67148.VBN Infected: Trojan.Win32.Vapsup.kke 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40007\4AB6715D.VBN Infected: Trojan.Win32.Vapsup.kqi 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40008\4AB67169.VBN Infected: Trojan.Win32.Vapsup.lju 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4000B\4AB6718B.VBN Infected: Trojan.Win32.Vapsup.kke 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4000C\4AB67197.VBN Infected: Trojan.Win32.Vapsup.kqi 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4000D\4AB671A5.VBN Infected: Trojan.Win32.Vapsup.lju 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40010\4AB671D3.VBN Infected: Trojan.Win32.Vapsup.kke 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40011\4AB671DF.VBN Infected: Trojan.Win32.Vapsup.kqi 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40012\4AB671F8.VBN Infected: Trojan.Win32.Vapsup.lju 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40015\4AB6721E.VBN Infected: Trojan.Win32.Vapsup.kke 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40016\4AB67229.VBN Infected: Trojan.Win32.Vapsup.jxn 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40017\4AB67243.VBN Infected: Trojan.Win32.Vapsup.jxk 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40018\4AB67258.VBN Infected: Trojan.Win32.Vapsup.jxm 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40019\4AB67267.VBN Infected: Trojan.Win32.Vapsup.jxi 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001A\4AB67284.VBN Infected: Trojan.Win32.Vapsup.jxl 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001B\4AB67293.VBN Infected: Trojan.Win32.Vapsup.jxj 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001C\4AB672A0.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB4001D\4AB672BD.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400001\4BD4AE00.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF80001\4BFDD4DF.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0000\4FBC72DE.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0001\4FBC7B9F.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0002\4FBC87F4.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0003\4FBC9618.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0004\4FBCA413.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EAC0005\4FBCBCF1.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FBDB94B.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FBDC37E.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00002\4FBDDBA0.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00003\4FBDE925.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00004\4FBDF7BF.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F1C0000\4FBF70BE.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0000\4FBD1526.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F3C0001\4FBD2066.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480000\4FFB1D63.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001\4FFB2944.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4FFB3754.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003\4FFB4564.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004\4FFB5374.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005\4FFB6184.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900000.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900001.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900002.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900003.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900004.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900005.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900006.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900007.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900008.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900009.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10CC0000\58CED0F7.VBN Infected: Trojan.Win32.Agent.ad 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11900000\59F58803.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12900000\5A9E89E9.VBN Infected: Worm.Win32.AutoRun.ek 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12E40001\5AF564A2.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12E40002\5AF56F39.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12E40003\5AF57927.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980000\57DE7879.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980001\57DE78A9.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13980002\57DE78D9.VBN Infected: Worm.Win32.AutoRun.aqq 1
    C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v 1
    C:\Qoobox\Quarantine\[4]-Submit_2008-12-10@13.11.zip Infected: Worm.VBS.Autorun.be 2
    D:\Data\Documents and Settings_Fairuz Azmi\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Infected: Virus.VBS.Redlof.l 1
    D:\Data\Documents and Settings_Fairuz Azmi\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Infected: Virus.VBS.Redlof.a 1
    D:\Mc~.vbe Infected: Worm.VBS.Autorun.be 1

    The selected area was scanned.
     
    myfama,
    #17
  19. 2008/12/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    Folder::
C:\Documents and Settings\All Users\Application Data\Symantec
File::
D:\Mc~.vbe
Driver::
CA_LIC_CLNT
CA_LIC_SRVR
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.



    You have at least one infected email in Outlook, though I cannot tell you which one.

    D:\Data\Documents and Settings_Fairuz Azmi\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Infected: Virus.VBS.Redlof.a 1

    Is the D: drive another operating system? An old installation? Backup?
     
    noahdfear,
    #18
  20. 2008/12/16
    myfama

    myfama Inactive Thread Starter

    Joined:
    2008/08/02
    Messages:
    52
    Likes Received:
    0
    I use the D: drive for storing my working files and database and also for Outlook emails to local drive.
     
    myfama,
    #19
  21. 2008/12/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    So the Outlook files on D: are a backup?

    If so, I'd recommend a fresh set of backups.
     
    noahdfear,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...