Application Error:

**Mashetty** · 19-12-2007

Hello! Good Day!

The following error message is displayed after loading XP.

amvo.exe - Application Error

The instruction at "0x10013dc2" referenced memory at "0x000000ff". The memory couldnot be "read".

Click on OK to terminate the program.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:06 AM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\TypingMaster\quickphrase\quickphrase.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\quickphrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A8B6B1-6C70-4B6F-8C30-1FBA94BF699D}: NameServer = 202.54.12.164 202.54.29.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 5136 bytes

Uninstall List:

Adobe Flash Player ActiveX
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
COMODO Firewall Pro
dBpowerAMP Music Converter
FullShot 9 (Remove Only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
Oront Burning Kit 2 Basic
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
TypingMaster Pro
VideoLAN VLC media player 0.8.6d
WordWeb
Xilisoft Video Converter
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Please help me to solve my problem.

Thank you!

**VopThis** · 19-12-2007

Lets get more info on the offending item - appears to be a nasty trojan - need to evaluate associated risks.

HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

Submit the following file(s) to VirusTotal for their immediate evaluation and feedback. Use any of the following methods, as appropriate:

Locate FULL FILE PATH if not apparent. Use Start (BUTTON)>Search, [WINDOWS+F] keys, or F3 key (from desktop).
Copy & Paste the FULL FILE PATH into the input BOX
-- OR --
Navigate to the file in question.

Post those results in your next reply (if malware findings were indicated) for:

C:\WINDOWS\system32\amvo.exe

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKCU\..\Run: [AMVA] C:\WINDOWS\system32\amvo.exe

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FILES:

C:\WINDOWS\system32\amvo.exe

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**Mashetty** · 19-12-2007

By following the given steps(How to see hidden files) for Windows XP I am unable to change the operating systems behavior so that I can see hidden and protected files. In this way I am unable to delete or replaces files for troubleshooting purposes. I suppose this happens because of the malware.

Please help me.

**VopThis** · 19-12-2007

Download and run this tool and follow the prompts:
http://www.techsupportforum.com/sect...isinfector.exe

Among other things (some malware removal), it should now allow any hidden files to be made visible.

Re-run my previous procedures as possible and necessary.

**Mashetty** · 20-12-2007

Hurray! My problem is solved.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:20 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\TypingMaster\quickphrase\quickphrase.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\quickphrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 4948 bytes

Thanks to DAL-Thank you very much.

Bye.

**VopThis** · 20-12-2007

There may be remaining malware issues still to resolve:

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouse click combofix's window while it’s running. That may cause it to stall

**Mashetty** · 24-12-2007

Hi, Good day!

Thanks for the reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:41 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\TypingMaster\quickphrase\quickphrase.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\quickphrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 4917 bytes

ComboFix 07-12-21.4 - Satish 2007-12-24 6:59:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT 5.5:30]
Running from: C:\Documents and Settings\Satish\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 14:06 . 2007-12-24 06:05 45,225 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2007-12-23 14:00 . 2007-12-20 06:07 123,235 -r-hs---- C:\usdeiect.com
2007-12-23 13:59 . 2007-12-23 13:59 45,128 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2007-12-23 11:11 . 2007-12-23 11:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-12-21 18:40 . 2007-12-23 13:46 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\StumbleUpon
2007-12-20 06:07 . 2007-12-20 06:07 123,235 -r-hs---- C:\uxdeiect.com
2007-12-16 21:33 . 2007-12-23 17:01 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 21:30 . 2007-12-12 09:53 123,249 -r-hs---- C:\n1deiect.com
2007-12-16 21:30 . 2007-12-20 06:07 123,235 -r-hs---- C:\WINDOWS\system32\amvo.exe
2007-12-16 13:53 . 2007-12-23 22:09 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2007-12-16 10:06 . 2007-12-16 10:06 <DIR> d-------- C:\Program Files\WordWeb
2007-12-16 10:06 . 2007-12-01 18:01 1,049,720 --a------ C:\WINDOWS\wweb32.dll
2007-12-13 21:55 . 2007-12-13 21:55 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\MSNInstaller
2007-12-13 08:56 . 2007-12-23 12:01 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Ahead
2007-12-13 08:56 . 2007-12-13 08:56 0 --a------ C:\WINDOWS\Irremote.ini
2007-12-13 08:41 . 2007-12-13 23:24 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\dvdcss
2007-12-13 08:30 . 2007-12-20 22:25 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2007-12-13 08:30 . 2007-12-13 08:30 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Obsidium
2007-12-11 23:15 . 2007-12-11 23:15 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-11 22:18 . 2007-12-11 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Phone Browser
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Nokia
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Datalayer
2007-12-09 16:11 . 2007-12-09 16:11 <DIR> d-------- C:\Program Files\DIFX
2007-12-09 16:10 . 2007-12-09 16:10 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\PC Suite
2007-12-09 16:10 . 2007-12-09 16:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2007-12-09 16:09 . 2007-12-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-09 16:08 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-08 09:17 . 2007-12-13 22:58 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\vlc
2007-12-08 09:02 . 2007-12-08 09:02 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Inbit
2007-12-08 09:01 . 2007-12-23 11:23 <DIR> d-------- C:\Program Files\Inbit
2007-12-08 09:01 . 2007-12-08 09:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Inbit
2007-12-07 23:12 . 2007-12-16 10:04 178 --a------ C:\WINDOWS\POD.INI
2007-12-07 22:30 . 1996-11-05 16:19 247,648 --a------ C:\WINDOWS\UNINST16.EXE
2007-12-07 22:30 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-12-07 22:30 . 2007-12-07 22:30 8 --a------ C:\WINDOWS\Q.TRD
2007-12-07 22:30 . 2007-12-07 22:30 0 --a------ C:\WINDOWS\PROTOCOL.INI
2007-12-07 22:29 . 2007-12-07 22:29 <DIR> d-------- C:\Documents and Settings\Satish\WINDOWS
2007-12-03 20:20 . 2004-08-04 14:26 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-03 20:20 . 2001-08-18 12:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-03 16:06 . 2007-12-03 20:52 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Yahoo!
2007-12-03 16:06 . 2007-12-03 16:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-12-03 14:51 . 2007-12-03 14:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-03 12:22 . 2007-12-23 14:25 1,277 --a------ C:\WINDOWS\mozver.dat
2007-12-02 22:28 . 2007-12-02 22:28 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-02 00:32 . 2007-12-02 00:32 <DIR> d---s---- C:\Documents and Settings\Satish\UserData
2007-12-01 23:47 . 2007-12-23 20:11 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\TypingMaster7
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Comodo
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2007-12-01 11:56 . 2004-08-04 12:38 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-30 11:49 . 2007-11-30 11:49 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-11-30 11:49 . 2007-11-30 11:49 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-30 11:45 . 2004-11-19 00:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-11-30 11:44 . 2007-11-30 11:44 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\ATI
2007-11-30 11:44 . 2005-04-17 03:50 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-11-30 11:38 . 2005-10-14 15:40 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-11-30 11:38 . 2006-01-26 22:27 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-11-30 11:38 . 2006-01-16 03:34 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-11-30 11:38 . 2005-12-08 22:31 112,421 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-30 11:38 . 2005-10-14 15:40 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-11-30 11:38 . 2006-01-16 04:00 26,912 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-11-30 11:38 . 2005-12-02 18:50 6,005 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-11-30 11:38 . 2005-10-14 15:40 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-11-30 11:27 . 2007-11-30 11:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-11-30 11:24 . 2001-08-23 05:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-11-30 11:23 . 2001-08-23 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-30 11:22 . 2004-08-04 00:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-11-30 11:20 . 2007-11-30 11:22 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-11-30 11:20 . 2001-08-23 05:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-11-30 11:18 . 2007-11-30 11:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-30 11:18 . 2007-11-30 11:18 37 --a------ C:\WINDOWS\vbaddin.ini
2007-11-30 11:18 . 2007-11-30 11:18 36 --a------ C:\WINDOWS\vb.ini
2007-11-30 09:45 . 2007-12-16 21:04 <DIR> d-------- C:\Program Files\QuickTime
2007-11-30 03:09 . 2001-08-17 19:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-30 03:08 . 2004-08-04 04:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-30 03:08 . 2004-08-04 04:01 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-11-30 03:07 . 2004-08-04 06:26 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-30 03:05 . 2007-11-30 11:18 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-11-30 03:02 . 2007-11-30 11:26 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-11-29 23:43 . 2007-11-29 23:43 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-29 23:28 . 2007-11-29 23:28 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-21 13:10 --------- d-----w C:\Program Files\StumbleUpon
2007-12-16 15:35 --------- d-----w C:\Program Files\Macromedia
2007-12-13 17:25 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-01 18:17 --------- d-----r C:\Program Files\TypingMaster
2007-11-30 04:15 --------- d-----w C:\Program Files\Xilisoft
2007-11-29 15:38 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\StumbleUpon
2007-11-23 16:47 --------- d-----w C:\Program Files\Comodo
2007-11-20 15:25 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Talkback
2007-11-19 02:57 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Grisoft
2007-11-19 01:59 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Yahoo!
2007-11-15 17:53 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Comodo
2007-11-15 17:01 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\ATI
2007-11-15 14:44 --------- d-----w C:\Documents and Settings\test\Application Data\Yahoo!
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Grisoft
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Comodo
2007-11-15 14:40 --------- d-----w C:\Documents and Settings\test\Application Data\ATI
2007-11-04 07:53 --------- d-----w C:\Program Files\a-squared Free
2007-11-03 02:34 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\Uniblue
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft(2)
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 17:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\TypingMaster7
2007-10-28 11:46 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\MailWasherPro
2007-06-13 03:13 7,246,848 -c--a-w C:\Program Files\HTML Guardian 7.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"QuickPhrase"="C:\Program Files\TypingMaster\quickphrase\quickphrase.exe" [2007-06-19 23:59]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 07:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 18:30]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-12-01 23:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]

C:\Documents and Settings\Satish\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-12-16 10:06:21]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
\Shell\AutoRun\command - K:\uxdeiect.com
\Shell\explore\Command - K:\uxdeiect.com
\Shell\open\Command - K:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 07:01:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-24 7:01:58

As you said, I am sending you both the log files. Please go through them and insturct me as reqd.

I am using "Avast! 4.7 proff" and "Comodo Firewall Pro" to secure my Pc. But this could not prevent those nasty trojans-why? I always face such problems with diff "Error" messages. Please suggest any other security measures to prevent my enemies-Trojans, Spy & Malware. Please help me.

Thanks a lot for your guidance.

Bye!

**VopThis** · 25-12-2007

Open notepad and copy/paste the text in the quotebox below into it:Not including the word quote

FILE::
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\amvo.exe
C:\usdeiect.com
C:\uxdeiect.com
C:\n1deiect.com
K:\uxdeiect.com
I:\uxdeiect.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]

Save this as CFScript (in the same location as COMBOFIX)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**Mashetty** · 25-12-2007

Hi, Good day!

ComboFix 07-12-21.4 - Satish 2007-12-25 22:08:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT 5.5:30]
Running from: C:\Documents and Settings\Satish\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Satish\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\n1deiect.com
C:\usdeiect.com
C:\uxdeiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
I:\uxdeiect.com
K:\uxdeiect.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n1deiect.com
C:\usdeiect.com
C:\uxdeiect.com
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-23 11:11 . 2007-12-23 11:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-12-21 18:40 . 2007-12-24 23:48 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\StumbleUpon
2007-12-16 21:33 . 2007-12-23 17:01 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-16 13:53 . 2007-12-23 22:09 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2007-12-16 10:06 . 2007-12-16 10:06 <DIR> d-------- C:\Program Files\WordWeb
2007-12-16 10:06 . 2007-12-01 18:01 1,049,720 --a------ C:\WINDOWS\wweb32.dll
2007-12-13 21:55 . 2007-12-13 21:55 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\MSNInstaller
2007-12-13 08:56 . 2007-12-23 12:01 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Ahead
2007-12-13 08:56 . 2007-12-13 08:56 0 --a------ C:\WINDOWS\Irremote.ini
2007-12-13 08:41 . 2007-12-13 23:24 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\dvdcss
2007-12-13 08:30 . 2007-12-20 22:25 <DIR> d-------- C:\Program Files\Oront Burning Kit 2
2007-12-13 08:30 . 2007-12-13 08:30 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Obsidium
2007-12-11 23:15 . 2007-12-11 23:15 164,352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-11 22:18 . 2007-12-11 22:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Phone Browser
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Nokia
2007-12-09 16:14 . 2007-12-09 16:14 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Datalayer
2007-12-09 16:11 . 2007-12-09 16:11 <DIR> d-------- C:\Program Files\DIFX
2007-12-09 16:10 . 2007-12-09 16:10 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\PC Suite
2007-12-09 16:10 . 2007-12-09 16:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2007-12-09 16:09 . 2007-12-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-09 16:08 . 2006-05-29 08:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-08 09:17 . 2007-12-13 22:58 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\vlc
2007-12-08 09:02 . 2007-12-08 09:02 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Inbit
2007-12-08 09:01 . 2007-12-23 11:23 <DIR> d-------- C:\Program Files\Inbit
2007-12-08 09:01 . 2007-12-08 09:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Inbit
2007-12-07 23:12 . 2007-12-16 10:04 178 --a------ C:\WINDOWS\POD.INI
2007-12-07 22:30 . 1996-11-05 16:19 247,648 --a------ C:\WINDOWS\UNINST16.EXE
2007-12-07 22:30 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-12-07 22:30 . 2007-12-07 22:30 8 --a------ C:\WINDOWS\Q.TRD
2007-12-07 22:30 . 2007-12-07 22:30 0 --a------ C:\WINDOWS\PROTOCOL.INI
2007-12-07 22:29 . 2007-12-07 22:29 <DIR> d-------- C:\Documents and Settings\Satish\WINDOWS
2007-12-03 20:20 . 2004-08-04 14:26 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-03 20:20 . 2004-08-04 12:28 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-03 20:20 . 2001-08-18 12:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-03 16:06 . 2007-12-03 20:52 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Yahoo!
2007-12-03 16:06 . 2007-12-03 16:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-12-03 14:51 . 2007-12-03 14:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-03 12:22 . 2007-12-23 14:25 1,277 --a------ C:\WINDOWS\mozver.dat
2007-12-02 22:28 . 2007-12-02 22:28 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-02 00:32 . 2007-12-02 00:32 <DIR> d---s---- C:\Documents and Settings\Satish\UserData
2007-12-01 23:47 . 2007-12-23 20:11 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\TypingMaster7
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Comodo
2007-12-01 23:20 . 2007-12-01 23:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2007-12-01 11:56 . 2004-08-04 12:38 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-30 11:49 . 2007-11-30 11:49 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-11-30 11:49 . 2007-11-30 11:49 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 14:26 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-11-30 11:45 . 2004-08-04 12:38 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-30 11:45 . 2004-11-19 00:12 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-11-30 11:45 . 2004-08-04 12:28 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-11-30 11:45 . 2004-08-04 14:26 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2007-11-30 11:44 . 2007-11-30 11:44 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\ATI
2007-11-30 11:44 . 2005-04-17 03:50 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-11-30 11:38 . 2005-10-14 15:40 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-11-30 11:38 . 2006-01-26 22:27 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-11-30 11:38 . 2006-01-16 03:34 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-11-30 11:38 . 2005-12-08 22:31 112,421 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-30 11:38 . 2005-10-14 15:40 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-11-30 11:38 . 2006-01-16 04:00 26,912 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-11-30 11:38 . 2005-12-02 18:50 6,005 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-11-30 11:38 . 2005-10-14 15:40 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-11-30 11:27 . 2007-11-30 11:27 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-11-30 11:24 . 2001-08-23 05:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-11-30 11:23 . 2001-08-23 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-30 11:22 . 2004-08-04 00:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-11-30 11:20 . 2007-11-30 11:22 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-11-30 11:20 . 2001-08-23 05:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-30 11:20 . 2007-11-30 11:20 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2007-11-30 11:20 . 2007-11-30 11:20 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-11-30 11:18 . 2007-11-30 11:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-30 11:18 . 2007-11-30 11:18 37 --a------ C:\WINDOWS\vbaddin.ini
2007-11-30 11:18 . 2007-11-30 11:18 36 --a------ C:\WINDOWS\vb.ini
2007-11-30 09:45 . 2007-12-16 21:04 <DIR> d-------- C:\Program Files\QuickTime
2007-11-30 03:09 . 2001-08-17 19:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-11-30 03:08 . 2004-08-04 04:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-11-30 03:08 . 2004-08-04 04:01 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-11-30 03:07 . 2004-08-04 06:26 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-11-30 03:05 . 2007-11-30 11:18 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2007-11-30 03:02 . 2007-11-30 11:26 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-11-29 23:43 . 2007-11-29 23:43 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-29 23:28 . 2007-11-29 23:28 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Talkback

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-21 13:10 --------- d-----w C:\Program Files\StumbleUpon
2007-12-16 15:35 --------- d-----w C:\Program Files\Macromedia
2007-12-13 17:25 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-01 18:17 --------- d-----r C:\Program Files\TypingMaster
2007-11-30 04:15 --------- d-----w C:\Program Files\Xilisoft
2007-11-29 15:38 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\StumbleUpon
2007-11-23 16:47 --------- d-----w C:\Program Files\Comodo
2007-11-20 15:25 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Talkback
2007-11-19 02:57 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Grisoft
2007-11-19 01:59 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Yahoo!
2007-11-15 17:53 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\Comodo
2007-11-15 17:01 --------- d-----w C:\Documents and Settings\satish kumar.HOME-D4658A81D3\Application Data\ATI
2007-11-15 14:44 --------- d-----w C:\Documents and Settings\test\Application Data\Yahoo!
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Grisoft
2007-11-15 14:41 --------- d-----w C:\Documents and Settings\test\Application Data\Comodo
2007-11-15 14:40 --------- d-----w C:\Documents and Settings\test\Application Data\ATI
2007-11-04 07:53 --------- d-----w C:\Program Files\a-squared Free
2007-11-03 02:34 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\Uniblue
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft(2)
2007-11-02 17:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 17:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\TypingMaster7
2007-10-28 11:46 --------- d-----w C:\Documents and Settings\SATISH KUMAR\Application Data\MailWasherPro
2007-06-13 03:13 7,246,848 -c--a-w C:\Program Files\HTML Guardian 7.msi
.

((((((((((((((((((((((((((((( snapshot@2007-12-24_ 7.01.17.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-25 16:25:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"QuickPhrase"="C:\Program Files\TypingMaster\quickphrase\quickphrase.exe" [2007-06-19 23:59]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 07:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 18:30]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-12-01 23:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]

C:\Documents and Settings\Satish\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-12-16 10:06:21]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
\Shell\AutoRun\command - K:\uxdeiect.com
\Shell\explore\Command - K:\uxdeiect.com
\Shell\open\Command - K:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]
\Shell\AutoRun\command - I:\uxdeiect.com
\Shell\explore\Command - I:\uxdeiect.com
\Shell\open\Command - I:\uxdeiect.com

.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 22:10:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-25 22:10:47
C:\ComboFix2.txt ... 2007-12-24 07:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:34 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\TypingMaster\quickphrase\quickphrase.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [QuickPhrase] "C:\Program Files\TypingMaster\quickphrase\quickphrase.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{94A8B6B1-6C70-4B6F-8C30-1FBA94BF699D}: NameServer = 202.54.12.164 202.54.29.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

--
End of file - 5133 bytes

Thanks a lot.

**VopThis** · 25-12-2007

Sorry, there was a typo on all registry fix lines. I still get the typo in my display copy but not in the edit copy (can't determine why). If the space is present the lines will not fix - edit out the space if you can:
curre ntversion

Need to run the fix again.

Open notepad and copy/paste the text in the quotebox below into it:Not including the word quote

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8664717e-af0d-11dc-8402-001676c0f6a3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d62f-9efa-11dc-83b9-001676c0f6a3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{db23d630-9efa-11dc-83b9-001676c0f6a3}]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Application Error:

Application Error:

Similar Threads

application error

userinit.exe - Application error

Help! Application Error

Application Error

IE7 Beta Error Message: SysFader: iexplore.exe - Application error