2
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by marrtiniss
0

Hi,
Mainly this is resulted from either an infection or from conflicting installations or drivers. The simplest way is to log in safe mode and then restore your computer to earlier period (to the time computer was running normally).
To reach system restore go to all programs >> Accessories >> System tools, don't worry no files will be lost in the restoration process.

0

it doesnt work though... cause i think i was too late to do the Recovery. and it didnt had the correct file of that day. well still. i did it with the ComboFix. which i found on the forums
here is the thread --->
ComboFix 08-06-01.6 - Deivis 2008-06-02 16:57:06.2 - NTFSx86
Running from: C:\Documents and Settings\Deivis\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Deivis\Favorites\Online Security Test.url
C:\WINDOWS\system32\ahxmzywp.dllbox
C:\WINDOWS\system32\DfLSDcfe.ini
C:\WINDOWS\system32\DfLSDcfe.ini2
C:\WINDOWS\system32\uwlpzsvv.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-09-03 11:06 . 2002-10-18 18:09 1,761,280 --a--c--- C:\WINDOWS\system32\Camiseta.ocx
2008-09-03 11:06 . 2002-08-29 21:53 266,240 --a--c--- C:\WINDOWS\system32\AniGIF.ocx
2008-09-03 11:06 . 2006-01-19 12:42 25,600 --a--c--- C:\WINDOWS\system32\Borlndmm.dll
2008-06-02 16:48 . 2008-06-02 16:48 344 --ahs---- C:\WINDOWS\system32\rAKTBJjl.ini
2008-06-02 15:55 . 2008-06-02 15:55 278,016 --a------ C:\WINDOWS\system32\ljJBTKAr.dll
2008-06-02 15:39 . 2008-06-02 15:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 06:37 . 2008-06-02 06:37 278,016 --a------ C:\WINDOWS\system32\efcDSLfD.dll
2008-06-01 22:54 . 2008-06-01 22:54 278,016 --a------ C:\WINDOWS\system32\fccyvTNg.dll.vir
2008-06-01 21:37 . 2008-06-01 21:37 278,016 --a------ C:\WINDOWS\system32\tuvSmjhI.dll.vir
2008-06-01 21:22 . 2008-06-02 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 21:22 . 2008-06-02 17:09 3,795,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 21:22 . 2008-06-02 17:04 56,012 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 21:22 . 2008-06-02 17:06 32,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 21:22 . 2008-06-02 17:04 5,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 21:21 . 2008-06-01 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-01 20:30 . 2008-06-01 20:30 278,016 --a------ C:\WINDOWS\system32\pmnnoOhG.dll.vir
2008-06-01 20:28 . 2008-06-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-01 20:27 . 2008-06-01 20:27 2 --a------ C:\405317447
2008-06-01 20:26 . 2008-06-01 20:26 50,688 --a------ C:\WINDOWS\system32\sac32.dll
2008-06-01 20:26 . 2008-06-01 20:26 50,688 --a------ C:\WINDOWS\system32\bsn32.dll
2008-06-01 20:26 . 2008-06-01 20:26 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll.vir
2008-06-01 20:25 . 2008-06-01 20:25 79,360 --a------ C:\flciijjq.exe.vir
2008-06-01 20:25 . 2008-06-01 20:25 72,192 --a------ C:\mxuxc.exe
2008-06-01 20:25 . 2008-06-01 20:25 46,592 --a------ C:\kbvxxo.exe
2008-06-01 20:25 . 2008-06-01 20:25 14,848 --a------ C:\jfcjr.exe.vir
2008-06-01 20:25 . 2008-06-01 20:25 5,120 --a------ C:\jgkpt.exe
2008-06-01 20:23 . 2008-06-01 20:23 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Simply Super Software
2008-06-01 20:23 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-01 20:23 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-01 20:23 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-01 20:23 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-01 20:23 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-01 20:11 . 2008-06-01 20:11 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-01 20:11 . 2008-06-01 20:12 <DIR> d-------- C:\Program Files\CCleaner
2008-06-01 16:57 . 2008-06-01 16:57 <DIR> d-------- C:\Program Files\Intel
2008-06-01 16:57 . 2008-06-01 16:57 <DIR> d-------- C:\Intel
2008-06-01 16:57 . 2008-02-22 19:06 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-05-30 18:54 . 2008-05-30 18:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 18:54 . 2008-05-30 18:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 16:23 . 2008-05-30 16:23 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Publish Providers
2008-05-30 16:23 . 2008-05-30 16:23 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-30 16:23 . 2008-05-30 16:23 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-30 16:23 . 2008-05-30 16:23 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-30 16:22 . 2008-05-30 16:22 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Sony
2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\MP3 Player Utilities 3.5.02
2008-05-25 16:03 . 2005-11-09 10:57 9,277 -ra------ C:\WINDOWS\AmvTransform.ini
2008-05-25 16:03 . 2005-09-15 10:40 8,157 -ra------ C:\WINDOWS\AmvPlayer.ini
2008-05-25 16:03 . 2004-05-12 06:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2008-05-25 16:03 . 2005-09-15 04:28 170 -ra------ C:\WINDOWS\settings.ini
2008-05-25 15:59 . 2004-11-04 12:19 7,207 -ra------ C:\WINDOWS\Disktool.INI
2008-05-25 15:59 . 2004-11-04 12:19 6,399 -ra------ C:\WINDOWS\fwupgrade.ini
2008-05-25 15:59 . 2004-05-12 06:28 3,677 -ra------ C:\WINDOWS\PlaySnd.INI
2008-05-23 16:26 . 2008-05-23 16:26 <DIR> d-------- C:\Documents and Settings\Deivis\Contacts
2008-05-19 20:52 . 2008-06-01 20:17 <DIR> d-------- C:\Program Files\sXe Injected
2008-05-19 20:11 . 2008-05-19 20:11 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-19 20:11 . 2008-05-19 20:11 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-18 10:54 . 2008-06-01 23:14 <DIR> d-------- C:\WINDOWS\Visualtooltip
2008-05-18 10:54 . 2008-06-02 15:43 <DIR> d-------- C:\WINDOWS\TrueTransparency
2008-05-18 10:54 . 2008-05-18 10:54 <DIR> d-------- C:\Program Files\TaskSwitchXP
2008-05-18 10:54 . 2008-05-23 16:21 <DIR> d-------- C:\Program Files\MSN Messenger
2008-05-18 10:53 . 2004-08-04 13:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-05-18 10:52 . 2008-05-18 10:54 <DIR> d--h----- C:\WINDOWS\Fedora Transformation Pack
2008-05-18 10:29 . 2008-05-18 10:29 <DIR> d-------- C:\WINDOWS\Full Speed
2008-05-18 10:13 . 2008-06-01 19:15 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Auslogics
2008-05-14 07:46 . 2008-05-14 07:46 2,320,000 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-05-14 00:24 . 2008-05-14 00:24 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\TuneUp Software
2008-05-14 00:24 . 2008-05-14 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-14 00:24 . 2008-05-14 00:24 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-14 00:24 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-14 00:23 . 2008-05-14 00:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 19:22 . 2008-05-13 19:22 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-05-13 19:22 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-05-13 19:22 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-05-13 19:21 . 2008-05-13 19:21 <DIR> d-------- C:\Program Files\Outsim
2008-05-13 15:50 . 2008-05-13 15:50 <DIR> d-------- C:\Program Files\Google Hacks
2008-05-03 22:59 . 2008-05-03 22:59 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\COWON
2008-05-03 22:58 . 2008-05-03 22:59 <DIR> d-------- C:\Program Files\Common Files\COWON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 22:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-06-02 16:08 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Skype
2008-06-02 16:07 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Orbit
2008-06-02 14:43 --------- d-----w C:\Documents and Settings\Deivis\Application Data\uTorrent
2008-06-02 05:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 22:21 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 22:21 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 22:21 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 19:10 --------- d-----w C:\Program Files\epson
2008-05-19 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-05-19 15:02 --------- d-----w C:\Program Files\Paint.NET
2008-05-19 15:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-19 14:54 --------- d-----w C:\Program Files\Winamp
2008-05-19 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-18 19:54 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-18 09:53 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-13 20:58 --------- d-----w C:\Program Files\Bonjour
2008-05-02 07:24 --------- d-----w C:\Program Files\Error Repair Professional
2008-04-27 12:59 456,158 ----a-w C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
2008-04-20 20:47 --------- d-----w C:\Program Files\Fotonija
2008-04-20 11:17 --------- d-----w C:\Program Files\Common Files\NSV
2008-04-20 10:27 --------- d-----w C:\Program Files\TeamViewer
2008-04-20 10:17 --------- d-----w C:\Program Files\Opera
2008-04-19 11:09 --------- d-----w C:\Program Files\uTorrent
2008-04-18 12:31 --------- d-----w C:\Program Files\DivX
2008-04-17 15:41 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Samsung
2008-04-02 10:22 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Hamachi
2008-04-02 10:19 --------- d-----w C:\Program Files\Symantec
2008-04-02 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-10-05 19:01 22,328 -c--a-w C:\Documents and Settings\Deivis\Application Data\PnkBstrK.sys
2001-11-23 08:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2008-02-29 08:55 625,664 --sha-w C:\WINDOWS\Fedora Transformation Pack\Backup\iexplore.exe
2007-06-12 22:05 80 -csha-r C:\WINDOWS\system32\C9E6075474.dll
.

------- Sigcheck -------

2007-02-20 10:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 13:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 15:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 13:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 06:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-11 00:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-04 13:00 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2007-02-20 10:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 13:31 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 15:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2008-03-01 14:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\Fedora Transformation Pack\Backup\wininet.dll
2007-10-11 07:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:06 833536 f4b77664f817cc7f7667e569391eb00a C:\WINDOWS\system32\wininet.dll
2008-03-01 14:06 833536 f4b77664f817cc7f7667e569391eb00a C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Fedora Transformation Pack\Backup\ntkrnlpa.exe
2007-02-28 09:38 2213504 8eb9dda1c9774fc07b48b6143b18e8fd C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 09:38 2213504 8eb9dda1c9774fc07b48b6143b18e8fd C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Fedora Transformation Pack\Backup\ntoskrnl.exe
2007-02-28 10:10 2336256 cf0a5c74c344e3896ed99b1725556a9e C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 10:10 2336256 cf0a5c74c344e3896ed99b1725556a9e C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 11:23 1385472 a315b77b1afeab2b157d790c423c60c5 C:\WINDOWS\explorer.exe
2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Fedora Transformation Pack\Backup\explorer.exe
2007-06-13 11:23 1385472 a315b77b1afeab2b157d790c423c60c5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-02_16.42.13.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 15:28:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 16:06:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{968EEA0B-27F4-433B-8068-0F6736506D55}]
2008-06-02 15:55 278016 --a------ C:\WINDOWS\system32\ljJBTKAr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B4518C3-0FE9-46FD-B3B5-C6380D4875EC}]
2008-06-02 06:37 278016 --a------ C:\WINDOWS\system32\efcDSLfD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Veoh"="D:\veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"Auslogics BoostSpeed 4"="D:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-05-05 14:20 255600]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 23:29 62976]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-06-19 20:51 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 13:33 1581056 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2007-12-02 04:40 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
"Adobe Reader Speed Launcher"="D:\adobe\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 18:04 185896]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Enable Labtec Wireless Desktop.lnk - C:\Program Files\Labtec Wireless Desktop\MagicKey.exe [2007-05-17 18:47:33 258048]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-02-15 19:53:56 1674432]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ljJBTKAr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TalkAndWrite"=C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\veoh\\VeohClient.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"D:\\adobr cs3 2\\Adobe\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:TCP"= 8000:TCP:Deivis FM
"8001:TCP"= 8001:TCP:Deivis FM2
"8000:UDP"= 8000:UDP:deiviui
"8001:UDP"= 8001:UDP:ha

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 15:28]
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 21:32]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 21:31]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-14 00:24]
S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99cdf7ab-69c3-11dc-a163-00160a04ca61}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f

.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 20:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-27 02:33:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 17:06:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ljJBTKAr.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Labtec Wireless Desktop\OSD.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\Opera.exe
.
**************************************************************************
.
Completion time: 2008-06-02 17:21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 16:20:04
ComboFix2.txt 2008-06-02 15:43:18

Pre-Run: 180,314,112 bytes free
Post-Run: 332,685,312 bytes free

319 --- E O F --- 2008-05-28 21:23:43

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.