[Receiving errors when trying to install windows update's]

kkph · 2008/08/01

i am not able to install windows updates. i keep recieving error msg like wuauclt.exe encountered an error. or generic host win32 error. also i get regsvr.exe error msg on booting please help me.Deckard's System Scanner v20071014.68
Run by koushik on 2008-08-01 18:40:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
29: 2008-08-01 12:55:49 UTC - RP152 - Deckard's System Scanner Restore Point
28: 2008-08-01 12:30:46 UTC - RP151 - Software Distribution Service 3.0
27: 2008-08-01 11:48:17 UTC - RP150 - Installed Windows XP KB894391.
26: 2008-07-31 17:59:08 UTC - RP149 - Software Distribution Service 3.0
25: 2008-07-30 13:52:17 UTC - RP148 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-07-22 13:05:24 UTC - RP124 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).

-- HijackThis (run as koushik.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:16 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\31a5a943c16939228411\softwares\Messenger\ymsgr_tray.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\koushik\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\koushik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - Global Startup: Mozilla Firefox
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\31A5A9~1\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\31A5A9~1\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190700375499
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190700352014
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61476ECD-268E-4826-B127-F4F762CAAE48}: NameServer = 192.168.1.1,61.1.96.71
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11010 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys

S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 PPDrv (Protector Plus Driver (UnRegistered)) - c:\protector plus\ppdrv.sys (file missing)
S3 PPEMSCAN (Protector Plus Email Scan Driver) - c:\protector plus\ppemscan.sys (file missing)
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTDevice_Srv (CT Device Query service) - c:\program files\creative\shared files\ctdevsrv.exe <Not Verified; Creative Technology Ltd; CTDevSrv Application>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Sound Blaster 16 or AWE32 or compatible (WDM)
Device ID: ROOT\MEDIA\0001
Manufacturer: Creative Technology Ltd.
Name: Sound Blaster 16 or AWE32 or compatible (WDM)
PNP Device ID: ROOT\MEDIA\0001
Service: ctlsb16

-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 09:00:04 350 --a------ C:\WINDOWS\Tasks\At1.job

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-01 18:24:12 0 d-------- C:\Program Files\Trend Micro
2008-08-01 18:03:46 0 d-------- C:\Program Files\MSXML 4.0
2008-07-30 18:48:46 0 dr-h----- C:\Documents and Settings\koushik\Recent
2008-07-30 18:20:20 0 d-------- C:\Program Files\Registry Mechanic(2)
2008-07-29 20:41:25 0 d-------- C:\Program Files\Free Window Registry Repair
2008-07-29 20:19:05 0 d-------- C:\Documents and Settings\koushik\Application Data\Uniblue
2008-07-29 19:53:29 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-29 18:48:03 0 d-------- C:\WINDOWS\pss
2008-07-29 14:22:05 0 d--hs---- C:\found.000
2008-07-27 22:30:10 4714496 --a------ C:\Documents and Settings\koushik\ntuser.dat
2008-07-27 17:12:39 0 d-------- C:\Documents and Settings\koushik\Application Data\OpenOffice.org2
2008-07-27 17:07:49 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-18 10:15:17 0 d-------- C:\WINDOWS\Performance
2008-07-18 10:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-07-16 15:29:06 0 d-------- C:\Program Files\Elecard
2008-07-16 13:02:29 0 d-------- C:\Documents and Settings\koushik\Application Data\Winamp
2008-07-13 20:47:44 0 d-------- C:\Documents and Settings\koushik\Application Data\dvdcss
2008-07-12 13:42:56 0 d-------- C:\Program Files\Microsoft Games
2008-07-12 12:55:26 0 d-------- C:\Program Files\CCleaner
2008-07-12 12:36:05 0 d-------- C:\Documents and Settings\koushik\Application Data\WinRAR
2008-07-11 18:27:36 0 d-------- C:\Program Files\Vista Game Explorer
2008-07-10 11:48:36 0 d-------- C:\Program Files\Jungle Book
2008-07-10 11:40:16 0 d-------- C:\GAMES
2008-07-09 18:19:51 0 --a------ C:\Program Files\temp01
2008-07-07 16:15:24 0 d-------- C:\Olltwit
2008-07-05 18:35:47 0 d-------- C:\Documents and Settings\koushik\Application Data\Bitdefender
2008-07-05 18:32:19 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-05 17:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

-- Find3M Report ---------------------------------------------------------------

2008-08-01 18:41:03 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-30 18:48:47 0 d-------- C:\Program Files\Spyware Doctor
2008-07-29 15:36:43 0 d-------- C:\Documents and Settings\koushik\Application Data\CyberLink
2008-07-27 17:07:08 0 d-------- C:\Program Files\Java
2008-07-27 16:32:32 0 d-------- C:\Program Files\Common Files
2008-07-27 16:31:30 0 d-------- C:\Program Files\NCH Swift Sound
2008-07-19 23:16:34 0 d-------- C:\Program Files\Yahoo!
2008-07-16 13:05:31 0 d-------- C:\Program Files\Winamp
2008-07-16 12:48:05 0 d-------- C:\Program Files\VideoLAN
2008-07-10 11:41:30 0 d-------- C:\Program Files\GameTop.com
2008-07-05 18:17:34 0 d-------- C:\Program Files\Google
2008-07-05 17:45:00 0 d-------- C:\Documents and Settings\koushik\Application Data\Mozilla
2008-06-26 18:32:26 0 d-------- C:\Program Files\BitDefender
2008-06-26 17:31:30 0 d-------- C:\Program Files\Creative
2008-06-20 21:33:12 0 d-------- C:\Program Files\Common Files\BitDefender
2008-06-19 17:25:59 0 d-------- C:\Documents and Settings\koushik\Application Data\AVGTOOLBAR
2008-06-08 14:34:43 0 d-------- C:\Program Files\WMR11

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [04/06/2003 09:49 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [04/06/2003 09:37 PM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:29 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 11:01 AM]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM]
"InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/12/2008 04:23 PM]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BDMCon "= "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [04/02/2007 04:48 PM]
"V0250Mon.exe "= "C:\WINDOWS\V0250Mon.exe" [06/08/2006 01:00 AM]
"AVFX Engine "= "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [06/09/2006 01:11 AM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/05/2008 06:17 PM]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 03:49 PM]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [07/10/2008 03:03 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 02:52 AM]
"Yahoo! Pager "= "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:26 PM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:29 PM]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector" []
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [10/06/2006 02:17 PM]
"CTZDetec.exe "= "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [05/15/2007 08:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell "= "Explorer.exe regsvr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b858e880-0eca-11dd-b492-000b6ab6d7a2}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
Open\command- G:\regsvr.exe

-- End of Deckard's System Scanner: finished at 2008-08-01 18:45:19 ------------

Admin. · 2008/08/01

Please follow Posting Rules (#3 - Meaningful Subject) when posting.

I have adjusted your subject.

noahdfear · 2008/08/01

Welcome to WindowsBBS kkph.

For starters, you have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.

Double-click Flash_Disinfector.exe to run it.

Follow any prompts that may appear.

Your desktop will vanish for a while, and then reappear. This is normal.

Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Then, download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

kkph · 2008/08/02

thank u so much for the help. i have a doubt about this information. my antivirus software is bitdefender can u tell me how to close real time protection in this. and i didnt understand what u meant by saying plugging in usb flash drive in how many ever flash drives i have. is it that i have to insert a usb device in each usb slot and run the program? can u please eloberate on this.

kkph · 2008/08/02

i did run flash disinfector and combo fix. my antivirus is bitdefender free edition v10 OEM this is said to be having no real time protection and hence free download.(source--bitdefender forum) also yestarday nighgt automatic updates have installed 8 security updates which i saw in add/remove programes. here is the log report of combo fix

ComboFix 08-08-01.04 - koushik 2008-08-02 19:26:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.45 [GMT 5.5:30]
Running from: C:\Documents and Settings\koushik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\setting.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-01 23:28 . 2008-08-01 23:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-01 18:24 . 2008-08-01 18:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 18:23 . 2008-08-01 18:23 <DIR> d-------- C:\Deckard
2008-08-01 18:03 . 2008-08-01 18:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-30 18:34 . 2008-08-01 18:19 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-30 18:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll.wusetup.2996468(2).new
2008-07-30 18:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-30 18:20 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Registry Mechanic(2)
2008-07-29 20:41 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Uniblue
2008-07-29 19:53 . 2008-08-02 19:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-29 14:22 . 2008-07-29 14:22 <DIR> d--hs---- C:\found.000
2008-07-27 17:12 . 2008-07-27 22:30 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\OpenOffice.org2
2008-07-27 17:07 . 2008-07-30 19:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-20 14:46 . 2008-04-23 09:46 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-20 14:46 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-20 14:46 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-20 14:46 . 2008-04-23 09:46 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-20 14:46 . 2008-04-23 09:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-20 14:46 . 2008-04-23 09:46 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-20 14:46 . 2008-04-23 09:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-20 14:46 . 2008-04-23 09:46 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-20 14:46 . 2008-04-22 13:09 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 10:15 . 2008-07-18 10:15 <DIR> d-------- C:\WINDOWS\Performance
2008-07-18 10:14 . 2008-07-19 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-07-16 15:29 . 2008-07-27 16:32 <DIR> d-------- C:\Program Files\Elecard
2008-07-16 13:02 . 2008-07-16 13:08 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Winamp
2008-07-13 20:47 . 2008-07-30 18:48 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\dvdcss
2008-07-12 13:42 . 2008-07-27 22:44 <DIR> d-------- C:\Program Files\Microsoft Games
2008-07-12 12:55 . 2008-07-12 12:55 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 18:27 . 2008-07-12 09:56 <DIR> d-------- C:\Program Files\Vista Game Explorer
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs3
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs0
2008-07-10 11:48 . 2008-07-10 11:48 <DIR> d-------- C:\Program Files\Jungle Book
2008-07-10 11:40 . 2008-07-10 11:47 <DIR> d-------- C:\GAMES
2008-07-07 16:15 . 2008-07-12 10:00 <DIR> d-------- C:\Olltwit
2008-07-07 14:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-05 18:35 . 2008-07-05 18:35 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Bitdefender
2008-07-05 18:32 . 2008-07-05 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-05 17:30 . 2008-08-01 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 14:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 12:42 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-01 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-29 10:06 --------- d-----w C:\Documents and Settings\koushik\Application Data\CyberLink
2008-07-27 11:37 --------- d-----w C:\Program Files\Java
2008-07-27 11:01 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-19 17:46 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 07:35 --------- d-----w C:\Program Files\Winamp
2008-07-16 07:18 --------- d-----w C:\Program Files\VideoLAN
2008-07-10 06:11 --------- d-----w C:\Program Files\GameTop.com
2008-07-09 12:49 0 ----a-w C:\Program Files\temp01
2008-07-05 13:03 --------- d-----w C:\Program Files\Common Files\Softwin
2008-07-05 12:47 --------- d-----w C:\Program Files\Google
2008-06-26 13:02 --------- d-----w C:\Program Files\BitDefender
2008-06-26 12:01 --------- d-----w C:\Program Files\Creative
2008-06-20 16:03 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 11:55 --------- d-----w C:\Documents and Settings\koushik\Application Data\AVGTOOLBAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-08 09:04 --------- d-----w C:\Program Files\WMR11
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"Yahoo! Pager "= "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [2006-10-06 14:17 53248]
"CTZDetec.exe "= "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37 114688]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 11:01 208952]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 16:23 185896]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDMCon "= "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"V0250Mon.exe "= "C:\WINDOWS\V0250Mon.exe" [2006-06-08 01:00 32768]
"AVFX Engine "= "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-05 18:17 29744]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-07-10 03:03 36352]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox
Mozilla Firefox (Safe Mode).lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YServer.exe "=

R2 acedrv10;acedrv10;C:\WINDOWS\system32\drivers\acedrv10.sys [2007-10-28 21:05]
R2 acehlp10;acehlp10;C:\WINDOWS\system32\drivers\acehlp10.sys [2007-10-26 19:23]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 11:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 16:24]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 11:16]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-05 18:17]
S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Protector Plus\PPDrv.sys []
S3 PPEMSCAN;Protector Plus Email Scan Driver;C:\Protector Plus\PPEMSCAN.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b858e880-0eca-11dd-b492-000b6ab6d7a2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
\Shell\Open\command - G:\regsvr.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\koushik\Application Data\Mozilla\Firefox\Profiles\igu0vlfu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 19:43:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\31a5a943c16939228411\softwares\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-08-02 19:50:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 14:19:50

Pre-Run: 7,216,488,448 bytes free
Post-Run: 7,135,162,368 bytes free

192 --- E O F --- 2008-08-01 13:49:05
reports.

kkph · 2008/08/02

here is hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:22 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\31a5a943c16939228411\softwares\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe "
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - Global Startup: Mozilla Firefox
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\31A5A9~1\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\31A5A9~1\SOFTWA~1\MESSEN~1\YAHOOM~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1190700375499
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1190700352014
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61476ECD-268E-4826-B127-F4F762CAAE48}: NameServer = 192.168.1.1,61.1.96.71
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10766 bytes

noahdfear · 2008/08/02

What I meant RE: more than 1 flash drive was that if you have than 1 usb stick, to run Flash Disinfector on each stick. Doesn't matter which slot it's plugged into.

Make sure to do the following whilst the usb stick is attached (it should be shown in My Computer as drive letter G: )

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Extra::
File::
G:\regsvr.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b858e880-0eca-11dd-b492-000b6ab6d7a2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{ACB1E670-3217-45C4-A021-6B829A8A27CB} "=-
 "{0BF43445-2F28-4351-9252-17FE6E806AA0} "=-
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

kkph · 2008/08/03

this is combo fix log. i dragged and dropped the file but it didnt show the file within combofix window, i think it works that way only. yest my comp suddenly showed the msg telling dumping physical memory to hard disk is it ok? file win32k.sys was supposed to be the cause.

ComboFix 08-08-01.04 - koushik 2008-08-03 19:13:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.35 [GMT 5.5:30]
Running from: C:\Documents and Settings\koushik\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-01 23:28 . 2008-08-01 23:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-01 18:24 . 2008-08-01 18:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 18:23 . 2008-08-01 18:23 <DIR> d-------- C:\Deckard
2008-08-01 18:03 . 2008-08-01 18:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-30 18:34 . 2008-08-01 18:19 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-30 18:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll.wusetup.2996468(2).new
2008-07-30 18:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-30 18:20 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Registry Mechanic(2)
2008-07-29 20:41 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Uniblue
2008-07-29 19:53 . 2008-08-03 12:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-29 14:22 . 2008-07-29 14:22 <DIR> d--hs---- C:\found.000
2008-07-27 17:12 . 2008-07-27 22:30 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\OpenOffice.org2
2008-07-27 17:07 . 2008-07-30 19:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-20 14:46 . 2008-04-23 09:46 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-20 14:46 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-20 14:46 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-20 14:46 . 2008-04-23 09:46 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-20 14:46 . 2008-04-23 09:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-20 14:46 . 2008-04-23 09:46 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-20 14:46 . 2008-04-23 09:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-20 14:46 . 2008-04-23 09:46 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-20 14:46 . 2008-04-22 13:09 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 10:15 . 2008-07-18 10:15 <DIR> d-------- C:\WINDOWS\Performance
2008-07-18 10:14 . 2008-07-19 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-07-16 15:29 . 2008-07-27 16:32 <DIR> d-------- C:\Program Files\Elecard
2008-07-16 13:02 . 2008-07-16 13:08 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Winamp
2008-07-13 20:47 . 2008-07-30 18:48 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\dvdcss
2008-07-12 13:42 . 2008-07-27 22:44 <DIR> d-------- C:\Program Files\Microsoft Games
2008-07-12 12:55 . 2008-07-12 12:55 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 18:27 . 2008-07-12 09:56 <DIR> d-------- C:\Program Files\Vista Game Explorer
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs3
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs0
2008-07-10 11:48 . 2008-07-10 11:48 <DIR> d-------- C:\Program Files\Jungle Book
2008-07-10 11:40 . 2008-07-10 11:47 <DIR> d-------- C:\GAMES
2008-07-07 16:15 . 2008-07-12 10:00 <DIR> d-------- C:\Olltwit
2008-07-07 14:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-05 18:35 . 2008-07-05 18:35 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Bitdefender
2008-07-05 18:32 . 2008-07-05 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-05 17:30 . 2008-08-03 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 13:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 12:42 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-01 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-29 10:06 --------- d-----w C:\Documents and Settings\koushik\Application Data\CyberLink
2008-07-27 11:37 --------- d-----w C:\Program Files\Java
2008-07-27 11:01 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-19 17:46 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 07:35 --------- d-----w C:\Program Files\Winamp
2008-07-16 07:18 --------- d-----w C:\Program Files\VideoLAN
2008-07-10 06:11 --------- d-----w C:\Program Files\GameTop.com
2008-07-09 12:49 0 ----a-w C:\Program Files\temp01
2008-07-05 13:03 --------- d-----w C:\Program Files\Common Files\Softwin
2008-07-05 12:47 --------- d-----w C:\Program Files\Google
2008-06-26 13:02 --------- d-----w C:\Program Files\BitDefender
2008-06-26 12:01 --------- d-----w C:\Program Files\Creative
2008-06-20 16:03 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 11:55 --------- d-----w C:\Documents and Settings\koushik\Application Data\AVGTOOLBAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-08 09:04 --------- d-----w C:\Program Files\WMR11
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-08-02_19.49.28.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-02 14:11:38 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
+ 2008-08-03 14:00:37 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"Yahoo! Pager "= "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [2006-10-06 14:17 53248]
"CTZDetec.exe "= "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37 114688]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 11:01 208952]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 16:23 185896]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDMCon "= "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"V0250Mon.exe "= "C:\WINDOWS\V0250Mon.exe" [2006-06-08 01:00 32768]
"AVFX Engine "= "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-05 18:17 29744]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-07-10 03:03 36352]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox
Mozilla Firefox (Safe Mode).lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YServer.exe "=

R2 acedrv10;acedrv10;C:\WINDOWS\system32\drivers\acedrv10.sys [2007-10-28 21:05]
R2 acehlp10;acehlp10;C:\WINDOWS\system32\drivers\acehlp10.sys [2007-10-26 19:23]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 11:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 16:24]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 11:16]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-05 18:17]
S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Protector Plus\PPDrv.sys []
S3 PPEMSCAN;Protector Plus Email Scan Driver;C:\Protector Plus\PPEMSCAN.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b858e880-0eca-11dd-b492-000b6ab6d7a2}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
\Shell\Open\command - G:\regsvr.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\koushik\Application Data\Mozilla\Firefox\Profiles\igu0vlfu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 19:33:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [2532] 0xFECC3DA0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-03 19:41:35
ComboFix-quarantined-files.txt 2008-08-03 14:11:30
ComboFix2.txt 2008-08-03 07:05:16
ComboFix3.txt 2008-08-02 14:20:03

Pre-Run: 7,332,577,280 bytes free
Post-Run: 7,319,408,640 bytes free

175 --- E O F --- 2008-08-03 10:31:12

noahdfear · 2008/08/03

Please try the CFScript again. The file must be named CFScript.txt for it to work.

Click here to see how to use CFScript.txt

kkph · 2008/08/04

thank u. i did as shown in the link given by you. now after running flash disinfector and all, regsvr error msg has stopped coming. here is my new log.

.ComboFix 08-08-01.04 - koushik 2008-08-04 22:21:16.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.38 [GMT 5.5:30]
Running from: C:\Documents and Settings\koushik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\koushik\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
G:\regsvr.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-01 23:28 . 2008-08-01 23:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-01 18:24 . 2008-08-01 18:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 18:23 . 2008-08-01 18:23 <DIR> d-------- C:\Deckard
2008-08-01 18:03 . 2008-08-01 18:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-30 18:34 . 2008-08-01 18:19 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-30 18:24 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll.wusetup.2996468(2).new
2008-07-30 18:24 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-30 18:20 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Registry Mechanic(2)
2008-07-29 20:41 . 2008-07-30 18:48 <DIR> d-------- C:\Program Files\Free Window Registry Repair
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Uniblue
2008-07-29 19:53 . 2008-08-03 19:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-29 14:22 . 2008-07-29 14:22 <DIR> d--hs---- C:\found.000
2008-07-27 17:12 . 2008-07-27 22:30 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\OpenOffice.org2
2008-07-27 17:07 . 2008-07-30 19:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-20 14:46 . 2008-04-23 09:46 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-20 14:46 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-20 14:46 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-20 14:46 . 2008-04-23 09:46 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-20 14:46 . 2008-04-23 09:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-20 14:46 . 2008-04-23 09:46 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-20 14:46 . 2008-04-23 09:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-20 14:46 . 2008-04-23 09:46 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-20 14:46 . 2008-04-22 13:09 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 10:15 . 2008-07-18 10:15 <DIR> d-------- C:\WINDOWS\Performance
2008-07-18 10:14 . 2008-07-19 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-07-16 15:29 . 2008-07-27 16:32 <DIR> d-------- C:\Program Files\Elecard
2008-07-16 13:02 . 2008-07-16 13:08 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Winamp
2008-07-13 20:47 . 2008-07-30 18:48 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\dvdcss
2008-07-12 13:42 . 2008-07-27 22:44 <DIR> d-------- C:\Program Files\Microsoft Games
2008-07-12 12:55 . 2008-07-12 12:55 <DIR> d-------- C:\Program Files\CCleaner
2008-07-11 18:27 . 2008-07-12 09:56 <DIR> d-------- C:\Program Files\Vista Game Explorer
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs3
2008-07-10 18:50 . 2008-07-10 18:50 140,408 --a------ C:\Jungle-Book,-The-(U)-[p1][!].gs0
2008-07-10 11:48 . 2008-07-10 11:48 <DIR> d-------- C:\Program Files\Jungle Book
2008-07-10 11:40 . 2008-07-10 11:47 <DIR> d-------- C:\GAMES
2008-07-07 16:15 . 2008-07-12 10:00 <DIR> d-------- C:\Olltwit
2008-07-07 14:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-05 18:35 . 2008-07-05 18:35 <DIR> d-------- C:\Documents and Settings\koushik\Application Data\Bitdefender
2008-07-05 18:32 . 2008-07-05 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-05 17:30 . 2008-08-04 22:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:03 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-04 16:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 12:42 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-01 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-30 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-07-29 10:06 --------- d-----w C:\Documents and Settings\koushik\Application Data\CyberLink
2008-07-27 11:37 --------- d-----w C:\Program Files\Java
2008-07-27 11:01 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-19 17:46 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 07:35 --------- d-----w C:\Program Files\Winamp
2008-07-16 07:18 --------- d-----w C:\Program Files\VideoLAN
2008-07-10 06:11 --------- d-----w C:\Program Files\GameTop.com
2008-07-09 12:49 0 ----a-w C:\Program Files\temp01
2008-07-05 13:03 --------- d-----w C:\Program Files\Common Files\Softwin
2008-07-05 12:47 --------- d-----w C:\Program Files\Google
2008-06-26 13:02 --------- d-----w C:\Program Files\BitDefender
2008-06-26 12:01 --------- d-----w C:\Program Files\Creative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\SETB6.tmp
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\SETB7.tmp
2008-06-20 16:03 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-20 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 11:55 --------- d-----w C:\Documents and Settings\koushik\Application Data\AVGTOOLBAR
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-06-08 09:04 --------- d-----w C:\Program Files\WMR11
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"Yahoo! Pager "= "E:\31a5a943c16939228411\softwares\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"CTRegRun "= "C:\WINDOWS\CTRegRun.EXE" [2006-10-06 14:17 53248]
"CTZDetec.exe "= "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37 114688]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 20:29 224248]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 11:01 208952]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc "= "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD "= "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 16:23 185896]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BDMCon "= "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 16:48 290816]
"V0250Mon.exe "= "C:\WINDOWS\V0250Mon.exe" [2006-06-08 01:00 32768]
"AVFX Engine "= "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-05 18:17 29744]
"BDAgent "= "C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-07-10 03:03 36352]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox
Mozilla Firefox (Safe Mode).lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-07-05 17:44:46 307712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"E:\\31a5a943c16939228411\\softwares\\Messenger\\YServer.exe "=

R2 acedrv10;acedrv10;C:\WINDOWS\system32\drivers\acedrv10.sys [2007-10-28 21:05]
R2 acehlp10;acehlp10;C:\WINDOWS\system32\drivers\acehlp10.sys [2007-10-26 19:23]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 11:25]
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 16:24]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 11:16]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-05 18:17]
S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Protector Plus\PPDrv.sys []
S3 PPEMSCAN;Protector Plus Email Scan Driver;C:\Protector Plus\PPEMSCAN.sys []
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\koushik\Application Data\Mozilla\Firefox\Profiles\igu0vlfu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 22:35:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 22:43:13
ComboFix-quarantined-files.txt 2008-08-04 17:12:56
ComboFix2.txt 2008-08-03 14:11:41
ComboFix3.txt 2008-08-03 07:05:16
ComboFix4.txt 2008-08-02 14:20:03

Pre-Run: 7,492,345,856 bytes free
Post-Run: 7,479,066,624 bytes free

176 --- E O F --- 2008-08-03 10:31:12

Log in or Sign up

[Receiving errors when trying to install windows update's]

kkph Inactive Thread Starter

Admin. Administrator Administrator Staff

noahdfear Inactive

kkph Inactive Thread Starter

kkph Inactive Thread Starter

kkph Inactive Thread Starter

noahdfear Inactive

kkph Inactive Thread Starter

noahdfear Inactive

kkph Inactive Thread Starter

Share This Page

Log in or Sign up

[Receiving errors when trying to install windows update's]

kkph Inactive Thread Starter

Admin. Administrator Administrator Staff

noahdfear Inactive

kkph Inactive Thread Starter

kkph Inactive Thread Starter

kkph Inactive Thread Starter

noahdfear Inactive

kkph Inactive Thread Starter

noahdfear Inactive

kkph Inactive Thread Starter

Share This Page

Useful Searches