Computer Restart Anytime Bcz of Virus
- WritingBadCode
- Graduate
- Joined: Apr 28, 2011
- Posts: 214
- Loc: Sweden
- Status: Offline
June 16th, 2011, 7:25 am
Bogey wrote:
So you format your computer after every infection you get? Even if that infection could be cleaned up by simply running an application?
I never gets (noticeable) infections (anything that a antivirus would be able to spot at least). But yes as long as I have a windows CD and in the rare case I spot an active infection I would probably go for the format.
Bogey wrote:
You also think that Bill Gates never asks questions? Or you would have thought that they knew what they were doing when they were creating Windows Vista?
I think you should rethink that statement.
And if you don't know what you are doing, you would obviously ask for help and receive help. Imaging that every time you call tech support to help fix your computer the only answer you ever get is "Format your computer" because since your asking, you don't know what you are doing, and since you don't know what you are doing you can't figure out how to follow directions from those that do.
I think you should rethink that statement.
And if you don't know what you are doing, you would obviously ask for help and receive help. Imaging that every time you call tech support to help fix your computer the only answer you ever get is "Format your computer" because since your asking, you don't know what you are doing, and since you don't know what you are doing you can't figure out how to follow directions from those that do.
Of course everyone asks questions. I ask a lot about programming and I appreciate all the help I can get. I think learning is good but when it comes to private information people should stay away from gambling but that is their choice of course, I'm just curious how someone who don't know what to look for, cant spot altered files, don't have a clue about all the files that is running, can't locate hidden startups don't understand the registry well etc, can judge if their system is clean or not, maybe someone can tell me?
While the computer may stop restarting he could still have an active infection how does one tell? While the antivirus say the computer is clean HE CAN STILL HAVE AN INFECTION. It happens all the time. A format is a easy way and probably most secure way for those who isn't windows experts.
I'm not saying my solution was the only and is a perfect solution. I can see why someone would want other solutions than a format but it is one of many options. Since he explicitly asks for an other solution then fine. My solution was just one among others.
- Anonymous
- Bot
- Joined: 25 Feb 2008
- Posts: ?
- Loc: Ozzuland
- Status: Online
June 16th, 2011, 7:25 am
- premsoni0143
- Banned
- Joined: Nov 09, 2010
- Posts: 30
- Status: Offline
June 16th, 2011, 9:54 am
Dear All,
Good News .. I think my Problem is solved after using ConboFix (hehe.. I was not able to use internet in safe mode so can not download Windows Recovery Consol ..)
please check below is Log file generated and let me know if anything else I have to do.
ComboFix 11-06-15.02 - Administrator 06/16/2011 11:20:58.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.667 [GMT 5.5:30]
Running from: I:\ComboFix.exe
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
c:\documents and settings\All Users\Application Data\HBLiteSA
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSA.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSA_kyf.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAAbout.mht
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAau.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAEULA.mht
c:\documents and settings\All Users\Start Menu\Programs\Hotbar
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\Jatin_soni\Application Data\012791416.exe
c:\documents and settings\Jatin_soni\Application Data\279516120.exe
c:\documents and settings\Jatin_soni\Application Data\405291786.exe
c:\documents and settings\Jatin_soni\Application Data\536164842.exe
c:\documents and settings\Jatin_soni\Application Data\785016970.exe
c:\documents and settings\Jatin_soni\Application Data\960393682.exe
c:\documents and settings\Jatin_soni\Application Data\AdVantage
c:\documents and settings\Jatin_soni\Application Data\HBLite
c:\documents and settings\Jatin_soni\Application Data\PriceGong
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\Config.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\db\Aliases.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\db\Sites.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\dwld\WhiteList.xip
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\report\aggr_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\report\send_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\res1\WhiteList.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\documents and settings\Jatin_soni\Application Data\WinLogon
c:\documents and settings\Jatin_soni\Application Data\WinLogon\winlogon.exe
c:\documents and settings\Jatin_soni\WINDOWS
c:\downloads\Software\TorrentEasy-tbkresources-hacking-revealed-5cds-cbt-learnkey.exe
c:\program files\HBLite
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.0.517.0\CnTNtcntr.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.0.517.0\link.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-15 13:17 . 2011-06-15 13:20 -------- d-----w- C:\bd_logs
2011-06-15 06:18 . 2011-06-16 05:40 -------- d-----w- c:\documents and settings\Administrator
2011-06-13 22:04 . 2011-06-13 22:04 -------- d-----w- c:\windows\FTPTEMP
2011-06-13 22:03 . 2011-06-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-06-12 10:15 . 2011-03-21 13:56 143872 ----a-w- c:\windows\system32\xvid.ax
2011-06-12 10:15 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-12 10:15 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-12 10:15 . 2011-06-12 10:15 -------- d-----w- c:\program files\Xvid
2011-06-12 10:01 . 2011-06-14 04:04 -------- d-----w- c:\program files\QuestScan
2011-06-12 10:01 . 2011-06-14 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestScan
2011-06-12 08:46 . 2011-06-16 04:41 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\vlc
2011-06-12 08:30 . 2011-06-12 10:41 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Graboid
2011-06-12 08:30 . 2011-06-12 08:30 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Geckofx
2011-06-12 08:25 . 2011-06-12 08:25 -------- d-----w- c:\program files\VideoLAN
2011-06-12 08:25 . 2011-06-12 08:29 -------- d-----w- c:\program files\Graboid
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Stardock
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\program files\Zorpia Notifier
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\windows\Zorpia Notifier
2011-06-11 14:46 . 2011-06-11 14:46 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\DDMSettings
2011-06-11 14:41 . 2011-06-12 05:32 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\DivX
2011-06-11 14:39 . 2011-06-11 14:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-06-11 14:31 . 2011-06-11 14:41 -------- d-----w- c:\program files\DivX
2011-06-11 14:27 . 2011-06-11 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-08 06:28 . 2011-06-08 06:28 -------- d-----w- c:\program files\Apache Software Foundation
2011-06-08 06:12 . 2011-06-08 06:12 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Sun
2011-06-05 03:56 . 2011-06-15 18:46 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\ConduitEngine
2011-06-05 03:56 . 2011-06-05 03:56 -------- d-----w- c:\program files\ConduitEngine
2011-06-05 03:56 . 2011-06-05 03:56 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-04 16:44 . 2011-06-04 16:44 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Help
2011-05-30 08:20 . 2011-05-30 08:20 -------- d-----w- C:\Export
2011-05-30 05:30 . 2011-06-06 04:04 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\Offline Explorer
2011-05-30 05:27 . 2011-06-13 10:07 -------- d-----w- c:\program files\Offline Explorer Enterprise
2011-05-28 19:13 . 2011-05-28 19:13 -------- d-----w- C:\archive_db
2011-05-28 03:56 . 2011-05-28 03:56 -------- d-----w- c:\program files\DVD_Generator
2011-05-27 05:56 . 2011-05-27 05:56 -------- d-----w- c:\program files\microsoft (dot) net
2011-05-26 08:15 . 2011-05-26 08:15 -------- d-sh--w- c:\documents and settings\Jatin_soni\IECompatCache
2011-05-26 08:11 . 2011-05-26 08:11 -------- d-sh--w- c:\documents and settings\Jatin_soni\PrivacIE
2011-05-25 05:51 . 2011-05-25 05:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-25 05:51 . 2011-05-25 05:51 -------- d-sh--w- c:\documents and settings\Jatin_soni\IETldCache
2011-05-25 05:25 . 2011-05-25 05:29 -------- dc-h--w- c:\windows\ie8
2011-05-25 05:12 . 2011-05-25 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Remote Manipulator Files
2011-05-24 02:55 . 2011-05-24 03:05 -------- d-----w- c:\program files\FBP - Facebook Blaster Pro
2011-05-22 06:53 . 2011-05-22 06:53 -------- d--h--w- c:\windows\PIF
2011-05-22 06:53 . 2011-05-22 07:03 -------- d-----w- c:\program files\Runtime Software
2011-05-20 02:17 . 2009-12-09 03:52 104704 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2011-05-20 02:17 . 2011-05-20 02:17 -------- d-----w- c:\program files\Reliance Netconnect - Broadband+
2011-05-18 03:08 . 2011-05-18 03:08 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\TightVNC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 03:02 . 2011-04-27 06:26 102400 ----a-w- c:\windows\RegBootClean.exe
2011-05-17 02:24 . 2011-05-17 02:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 02:47 . 2011-05-12 02:47 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2011-05-12 02:47 . 2011-05-12 02:47 150016 ----a-w- c:\windows\system32\bwmedia.dll
2011-04-16 16:35 . 2011-04-16 16:50 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-04-16 16:35 . 2011-04-16 16:37 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-04-16 16:35 . 2011-04-16 16:37 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-04-16 16:35 . 2011-04-16 16:37 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-04-16 16:35 . 2011-04-16 16:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-27 17:07 . 2011-03-27 17:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-27 17:07 . 2011-03-27 17:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-04-03 08:27 254760 ----a-w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\ConduitEngine\ldrConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 16132608]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
.
c:\documents and settings\Jatin_soni\Start Menu\Programs\Startup\
Zorpia Notifier.lnk - c:\program files\Zorpia Notifier\Zorpia Notifier.exe [2007-5-2 1119744]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jatin_soni^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jatin_soni\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager - RCS]
2009-01-28 12:25 53248 ----a-w- c:\program files\Free Download Manager\fdmwi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-06 10:50 136176 ----atw- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-24 10:08 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 04:47 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 16:42 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 12:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-01 12:47 15145352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-07-11 04:07 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spark]
2007-11-14 07:22 434176 ----a-w- c:\program files\Spark\Spark.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 09:19 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-07 03:28 396152 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Jatin_soni\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QzoneMusic\\QzoneMusic.exe"=
.
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [4/16/2011 10:20 PM 341072]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/16/2011 10:06 PM 188272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft (dot) net\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 QuestScan Service;QuestScan Service;c:\documents and settings\All Users\Application Data\QuestScan\questscan137.exe [6/14/2011 8:30 AM 45056]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [4/15/2011 3:13 PM 2280312]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/16/2011 10:07 PM 64080]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe [5/20/2011 7:47 AM 512000]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:00 AM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 3:47 AM 563760]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2/3/2011 12:34 AM 74240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft (dot) net\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [5/20/2011 7:47 AM 104704]
S4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [1/12/2010 8:27 PM 185640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MNMSRVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-1606980848-1003Core.job
- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-06 10:50]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-1606980848-1003UA.job
- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-06 10:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google (dot) come/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{7BA8878B-2BE5-4D7C-BE0A-B8D4221EC9CE}: NameServer = 218.248.255.212 218.248.241.2
TCP: Interfaces\{D439F32A-F67F-4B2E-BEE0-E2651FBE6AF4}: NameServer = 218.248.255.212,218.248.255.135
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g384o2mu.default\
FF - prefs.js: keyword.URL - hxxp://www.questscan (dot) com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Java Quick Starter: jqs (at) sun (dot) com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-NBAgent - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
MSConfigStartUp-SoftGridTray - c:\program files\Microsoft Application Virtualization Client\SFTTray.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
MSConfigStartUp-TorrentEasy_cac8ce097f075e89d8e6d6065b702f3abab940b8 - c:\downloads\Software\TorrentEasy-tbkresources-hacking-revealed-5cds-cbt-learnkey.exe
MSConfigStartUp-TProtect - c:\documents and settings\Jatin_soni\Application Data\870028480.exe
AddRemove-HBLiteSA - c:\program files\HBLite\bin\11.0.363.0\HBLiteUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer (dot) net
Rootkit scan 2011-06-16 11:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-448539723-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,2b,4f,78,99,63,23,4f,b5,60,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,2b,4f,78,99,63,23,4f,b5,60,d1,\
.
Completion time: 2011-06-16 11:29:12
ComboFix-quarantined-files.txt 2011-06-16 05:59
.
Pre-Run: 3,821,457,408 bytes free
Post-Run: 4,523,962,368 bytes free
.
- - End Of File - - 8C58892750806D9E79A804207139664F
Good News .. I think my Problem is solved after using ConboFix (hehe.. I was not able to use internet in safe mode so can not download Windows Recovery Consol ..)
please check below is Log file generated and let me know if anything else I have to do.
ComboFix 11-06-15.02 - Administrator 06/16/2011 11:20:58.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.667 [GMT 5.5:30]
Running from: I:\ComboFix.exe
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
c:\documents and settings\All Users\Application Data\HBLiteSA
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSA.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSA_kyf.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAAbout.mht
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAau.dat
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSAEULA.mht
c:\documents and settings\All Users\Start Menu\Programs\Hotbar
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\Jatin_soni\Application Data\012791416.exe
c:\documents and settings\Jatin_soni\Application Data\279516120.exe
c:\documents and settings\Jatin_soni\Application Data\405291786.exe
c:\documents and settings\Jatin_soni\Application Data\536164842.exe
c:\documents and settings\Jatin_soni\Application Data\785016970.exe
c:\documents and settings\Jatin_soni\Application Data\960393682.exe
c:\documents and settings\Jatin_soni\Application Data\AdVantage
c:\documents and settings\Jatin_soni\Application Data\HBLite
c:\documents and settings\Jatin_soni\Application Data\PriceGong
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jatin_soni\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\Config.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\db\Aliases.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\db\Sites.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\dwld\WhiteList.xip
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\report\aggr_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\report\send_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\Firefox\cs\res1\WhiteList.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\Jatin_soni\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\documents and settings\Jatin_soni\Application Data\WinLogon
c:\documents and settings\Jatin_soni\Application Data\WinLogon\winlogon.exe
c:\documents and settings\Jatin_soni\WINDOWS
c:\downloads\Software\TorrentEasy-tbkresources-hacking-revealed-5cds-cbt-learnkey.exe
c:\program files\HBLite
c:\program files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.0.517.0\CnTNtcntr.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.0.517.0\link.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-15 13:17 . 2011-06-15 13:20 -------- d-----w- C:\bd_logs
2011-06-15 06:18 . 2011-06-16 05:40 -------- d-----w- c:\documents and settings\Administrator
2011-06-13 22:04 . 2011-06-13 22:04 -------- d-----w- c:\windows\FTPTEMP
2011-06-13 22:03 . 2011-06-13 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-06-12 10:15 . 2011-03-21 13:56 143872 ----a-w- c:\windows\system32\xvid.ax
2011-06-12 10:15 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-12 10:15 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-12 10:15 . 2011-06-12 10:15 -------- d-----w- c:\program files\Xvid
2011-06-12 10:01 . 2011-06-14 04:04 -------- d-----w- c:\program files\QuestScan
2011-06-12 10:01 . 2011-06-14 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestScan
2011-06-12 08:46 . 2011-06-16 04:41 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\vlc
2011-06-12 08:30 . 2011-06-12 10:41 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Graboid
2011-06-12 08:30 . 2011-06-12 08:30 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Geckofx
2011-06-12 08:25 . 2011-06-12 08:25 -------- d-----w- c:\program files\VideoLAN
2011-06-12 08:25 . 2011-06-12 08:29 -------- d-----w- c:\program files\Graboid
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Stardock
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\program files\Zorpia Notifier
2011-06-12 06:06 . 2011-06-12 06:06 -------- d-----w- c:\windows\Zorpia Notifier
2011-06-11 14:46 . 2011-06-11 14:46 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\DDMSettings
2011-06-11 14:41 . 2011-06-12 05:32 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\DivX
2011-06-11 14:39 . 2011-06-11 14:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-06-11 14:31 . 2011-06-11 14:41 -------- d-----w- c:\program files\DivX
2011-06-11 14:27 . 2011-06-11 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-06-08 06:28 . 2011-06-08 06:28 -------- d-----w- c:\program files\Apache Software Foundation
2011-06-08 06:12 . 2011-06-08 06:12 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Sun
2011-06-05 03:56 . 2011-06-15 18:46 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\ConduitEngine
2011-06-05 03:56 . 2011-06-05 03:56 -------- d-----w- c:\program files\ConduitEngine
2011-06-05 03:56 . 2011-06-05 03:56 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-04 16:44 . 2011-06-04 16:44 -------- d-----w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Help
2011-05-30 08:20 . 2011-05-30 08:20 -------- d-----w- C:\Export
2011-05-30 05:30 . 2011-06-06 04:04 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\Offline Explorer
2011-05-30 05:27 . 2011-06-13 10:07 -------- d-----w- c:\program files\Offline Explorer Enterprise
2011-05-28 19:13 . 2011-05-28 19:13 -------- d-----w- C:\archive_db
2011-05-28 03:56 . 2011-05-28 03:56 -------- d-----w- c:\program files\DVD_Generator
2011-05-27 05:56 . 2011-05-27 05:56 -------- d-----w- c:\program files\microsoft (dot) net
2011-05-26 08:15 . 2011-05-26 08:15 -------- d-sh--w- c:\documents and settings\Jatin_soni\IECompatCache
2011-05-26 08:11 . 2011-05-26 08:11 -------- d-sh--w- c:\documents and settings\Jatin_soni\PrivacIE
2011-05-25 05:51 . 2011-05-25 05:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-05-25 05:51 . 2011-05-25 05:51 -------- d-sh--w- c:\documents and settings\Jatin_soni\IETldCache
2011-05-25 05:25 . 2011-05-25 05:29 -------- dc-h--w- c:\windows\ie8
2011-05-25 05:12 . 2011-05-25 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Remote Manipulator Files
2011-05-24 02:55 . 2011-05-24 03:05 -------- d-----w- c:\program files\FBP - Facebook Blaster Pro
2011-05-22 06:53 . 2011-05-22 06:53 -------- d--h--w- c:\windows\PIF
2011-05-22 06:53 . 2011-05-22 07:03 -------- d-----w- c:\program files\Runtime Software
2011-05-20 02:17 . 2009-12-09 03:52 104704 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2011-05-20 02:17 . 2011-05-20 02:17 -------- d-----w- c:\program files\Reliance Netconnect - Broadband+
2011-05-18 03:08 . 2011-05-18 03:08 -------- d-----w- c:\documents and settings\Jatin_soni\Application Data\TightVNC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-13 03:02 . 2011-04-27 06:26 102400 ----a-w- c:\windows\RegBootClean.exe
2011-05-17 02:24 . 2011-05-17 02:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 02:47 . 2011-05-12 02:47 295424 ----a-w- c:\windows\system32\bwmedia1.dll
2011-05-12 02:47 . 2011-05-12 02:47 150016 ----a-w- c:\windows\system32\bwmedia.dll
2011-04-16 16:35 . 2011-04-16 16:50 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-04-16 16:35 . 2011-04-16 16:37 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-04-16 16:35 . 2011-04-16 16:37 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-04-16 16:35 . 2011-04-16 16:37 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-04-16 16:35 . 2011-04-16 16:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-03-27 17:07 . 2011-03-27 17:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-27 17:07 . 2011-03-27 17:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-04-03 08:27 254760 ----a-w- c:\documents and settings\Jatin_soni\Local Settings\Application Data\ConduitEngine\ldrConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 16132608]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
.
c:\documents and settings\Jatin_soni\Start Menu\Programs\Startup\
Zorpia Notifier.lnk - c:\program files\Zorpia Notifier\Zorpia Notifier.exe [2007-5-2 1119744]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jatin_soni^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Jatin_soni\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager - RCS]
2009-01-28 12:25 53248 ----a-w- c:\program files\Free Download Manager\fdmwi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-06 10:50 136176 ----atw- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-24 10:08 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 04:47 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 16:42 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 12:08 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-01 12:47 15145352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-07-11 04:07 1826816 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spark]
2007-11-14 07:22 434176 ----a-w- c:\program files\Spark\Spark.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 09:19 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-07 03:28 396152 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Jatin_soni\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QzoneMusic\\QzoneMusic.exe"=
.
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [4/16/2011 10:20 PM 341072]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/16/2011 10:06 PM 188272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft (dot) net\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 QuestScan Service;QuestScan Service;c:\documents and settings\All Users\Application Data\QuestScan\questscan137.exe [6/14/2011 8:30 AM 45056]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [4/15/2011 3:13 PM 2280312]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/16/2011 10:07 PM 64080]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe [5/20/2011 7:47 AM 512000]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:00 AM 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 3:47 AM 563760]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2/3/2011 12:34 AM 74240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft (dot) net\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [5/20/2011 7:47 AM 104704]
S4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [1/12/2010 8:27 PM 185640]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MNMSRVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-1606980848-1003Core.job
- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-06 10:50]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-448539723-1606980848-1003UA.job
- c:\documents and settings\Jatin_soni\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-06 10:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google (dot) come/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{7BA8878B-2BE5-4D7C-BE0A-B8D4221EC9CE}: NameServer = 218.248.255.212 218.248.241.2
TCP: Interfaces\{D439F32A-F67F-4B2E-BEE0-E2651FBE6AF4}: NameServer = 218.248.255.212,218.248.255.135
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g384o2mu.default\
FF - prefs.js: keyword.URL - hxxp://www.questscan (dot) com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: QuestScan: {F0E1168A-B4B5-484C-B77E-0D28E6B64096} - c:\program files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
FF - Ext: Java Quick Starter: jqs (at) sun (dot) com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-NBAgent - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
MSConfigStartUp-SoftGridTray - c:\program files\Microsoft Application Virtualization Client\SFTTray.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
MSConfigStartUp-TorrentEasy_cac8ce097f075e89d8e6d6065b702f3abab940b8 - c:\downloads\Software\TorrentEasy-tbkresources-hacking-revealed-5cds-cbt-learnkey.exe
MSConfigStartUp-TProtect - c:\documents and settings\Jatin_soni\Application Data\870028480.exe
AddRemove-HBLiteSA - c:\program files\HBLite\bin\11.0.363.0\HBLiteUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer (dot) net
Rootkit scan 2011-06-16 11:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-448539723-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,2b,4f,78,99,63,23,4f,b5,60,d1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,2b,4f,78,99,63,23,4f,b5,60,d1,\
.
Completion time: 2011-06-16 11:29:12
ComboFix-quarantined-files.txt 2011-06-16 05:59
.
Pre-Run: 3,821,457,408 bytes free
Post-Run: 4,523,962,368 bytes free
.
- - End Of File - - 8C58892750806D9E79A804207139664F
- premsoni0143
- Banned
- Joined: Nov 09, 2010
- Posts: 30
- Status: Offline
June 16th, 2011, 10:06 am
Dear Mr. "WritingBadCode " and other Helpers,
First I am very thankful that you show me the way to solve the problem, atlast it's done as you said with myself.
please let me say something, I am not the person who does not know anything about O.S. , I am also IT Support Engineer and working from last 8 months+ .
If I decide only way to Format so it means I am stopping myself from learning something new and it's last solution when U have tired from All.
I checked myself everything and if you can see,so just go back and see my 2nd post, where I posted the steps I have taken.And also i have writen that in 1st post, that what I have taken steps that I have used Quick Heal Latest Boot Scan with Emergency CD , Quick Heal command line scanner , E-Scan Live Cd scanner , Bit defender live cd scanner , etc..
So please if you don't interest to learn something so do nto come to stop others or teach worst solution. I am sorry if I have spoken something more.
I wish to have my own IT support friends team which will deal online direct in free of charge soon. Finding team members for it.
Thanks & Regards
Jatin
It Technical Support Engineer
India
First I am very thankful that you show me the way to solve the problem, atlast it's done as you said with myself.
please let me say something, I am not the person who does not know anything about O.S. , I am also IT Support Engineer and working from last 8 months+ .
If I decide only way to Format so it means I am stopping myself from learning something new and it's last solution when U have tired from All.
I checked myself everything and if you can see,so just go back and see my 2nd post, where I posted the steps I have taken.And also i have writen that in 1st post, that what I have taken steps that I have used Quick Heal Latest Boot Scan with Emergency CD , Quick Heal command line scanner , E-Scan Live Cd scanner , Bit defender live cd scanner , etc..
So please if you don't interest to learn something so do nto come to stop others or teach worst solution. I am sorry if I have spoken something more.
I wish to have my own IT support friends team which will deal online direct in free of charge soon. Finding team members for it.
Thanks & Regards
Jatin
It Technical Support Engineer
India
- grinch2171
- Moderator
- Joined: Feb 11, 2004
- Posts: 6744
- Loc: Martinsburg, WV
- Status: Offline
June 16th, 2011, 11:16 am
You can run ComboFix in regular mode. It is not a necessity to run it in Safe Mode. So if you want to be double sure you are clean, run it again.
"Be polite, be professional, but have a plan to kill everybody you meet." Maj. Gen. James Mattis
- Bogey
- Bogey
- Joined: Jul 14, 2005
- Posts: 8212
- Loc: USA
- Status: Offline
June 17th, 2011, 10:07 am
Seems like it cleaned a lot of junk there 
c:\windows\RegBootClean.exe
Not sure if that was deleted or not but it's listed under Find3M Report and Google tells me its Malware
c:\windows\RegBootClean.exe
Not sure if that was deleted or not but it's listed under Find3M Report and Google tells me its Malware
"Bring forth therefore fruits meet for repentance:" Matthew 3:8
1, 2
To Reply to this topic you need to LOGIN or REGISTER. It is free.
Post Information
- Total Posts in this topic: 20 posts
- Users browsing this forum: No registered users and 174 guests
- You cannot post new topics in this forum
- You cannot reply to topics in this forum
- You cannot edit your posts in this forum
- You cannot delete your posts in this forum
- You cannot post attachments in this forum
