Hi again.
Thanks for the reply. I have done the following:
1. HJT
I have fixed all 5 files that u asked me to check and fix. This is the latest HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 3:10:20 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SE...S01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu6\AOL_security_toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6\AOL_security_toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/229?a6f3c976680747c6b2d6faec31839a9c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-my\msntabres.dll.mui/230?a6f3c976680747c6b2d6faec31839a9c
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
2.I have downloaded combo fix and run it. When combo fix was doing its installation, my avast antivirus detected a virus and i deleted it. After that, combofix continued its operations normally.
This is the information regarding the virus.
File name: c:/combofix/cfiles.dat
malware name: win32:Dadobra.EY{trj}
Malware type: trojan horse
VPS version: 000774-7,09/15/2007
And this is the combofix log.
ComboFix 07-09-21.2 - "user" 2007-09-27 14:38:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.181 [GMT 8:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\user\ravmonlog
C:\Documents and Settings\user\Desktop\New Folder\kabul express\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - 2Pacalypse Now\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - All Eyez On Me\CD 1\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - All Eyez On Me\CD 2\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - All Eyez On Me\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Greatest Hits\CD1\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Greatest Hits\Cd2\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Greatest Hits\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Live\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Me Against The World\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Strictly 4 My N.I.G.G.A.Z\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - The Lost Tapes\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\b4 death\2Pac - Thug Life\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\greatest ever\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Better Dayz\Book 2\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Better Dayz\CD1\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Better Dayz\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Fallen Angels\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Loyal To The Game\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - NU-Mixx Klazzics\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Only In America\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - R U Still Down (remember me)\CD 2\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - R U Still Down (remember me)\CD1\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - R U Still Down (remember me)\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Ready 2 Die\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Ressurection\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Still I Rise\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - The Heart of A Thug Ghetto Gospel\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - The Here After\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - The Rose That Grew From Concrete\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Until The End Of Time\CD 1\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Until The End Of Time\CD 2\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - Until The End Of Time\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2pac - Untouchable\Desktop_.ini
C:\Documents and Settings\user\Desktop\Tupac 23 Albums\Ressurection\2Pac - You Never Heard Ft. B.I.G\Desktop_.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CNPROV
-------\LEGACY_IDNAUX
-------\LEGACY_NWSAPAGENT
-------\cnprov
-------\idnaux
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.
2007-09-27 14:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-23 19:01 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Windows Desktop Search
2007-09-23 18:45 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-09-23 17:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-14 22:21 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-09-14 22:03 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-14 22:03 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-14 18:42 512 --a------ C:\ScanSectorLog.dat
2007-09-14 18:35 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\MailFrontier
2007-09-14 18:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-09-14 18:13 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-09-14 18:13 4,401,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-14 18:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-14 18:13 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-09-13 00:43 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-12 19:31 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-12 19:31 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-12 19:31 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-12 19:31 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-12 19:31 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-12 19:31 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-12 19:30 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-12 19:30 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-28 01:06 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-08-28 01:06 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-08-28 01:06 <DIR> d-------- C:\Program Files\AlienGUIse
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 14:43 63128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-23 18:10 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-09-23 17:56 --------- d-------- C:\Program Files\MSN Messenger
2007-09-16 04:41 --------- d-------- C:\DOCUME~1\user\APPLIC~1\BitTorrent
2007-09-06 16:14 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-31 21:51 --------- d-------- C:\DOCUME~1\user\APPLIC~1\dvdcss
2007-08-18 01:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-18 01:14 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-15 03:28 --------- d-------- C:\Program Files\AOL Security Toolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 01:32 --------- d-------- C:\Program Files\Realtek AC97
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-12 06:15]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-12 06:14]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [2004-04-06 06:46]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 11:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 09:41 C:\WINDOWS\AGRSMMSG.exe]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2003-06-09 12:23]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 06:24]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 18:06]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-19 15:46:14]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-07-07 22:17:37]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdfd262-55e0-11da-b5d1-000e350c6aad}]
AutoOpen\command- .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c05ebde-9fdf-11db-b882-000e350c6aad}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 04:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-27 06:01:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-27 14:47:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-27 14:51:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-27 14:51
.
--- E O F ---
3. Search for and removal
I did as you said but was unable to find the following file.
C:\Program Files\OCINS\idnsvr.exe
Might i add that when i first scanned my computer with AVAST antivirus, i already detected OCINS and since i didn't recognize this file, i completely deleted it.
I only use this computer for my studies and do not use it for anything sensitive. Furthermore, i was never provided with the CD-ROM's required to reformat the computer. when i purchased it. Therefore, i am not sure how i should reformat this computer.
Personally, i prefer to repair this computer instead of reformatting it since i clearly see that the hackers are actually teaching me more about my computer than i could have learnt if they didn't exist. I understand the need to learn everything i can about my computer and therefore i will stick with this till its over.