Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected multiple viruses


  • This topic is locked This topic is locked
12 replies to this topic

#1 Morphx

Morphx

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 17 March 2009 - 12:49 AM

Hey all, couple weeks ago I was badly infected with multiple viruses. it disabled my task manager, regedit, took away folder options and changed my hosts file, gave me a new desktop background and who knows what else lol.

anyhow I got back everything that was disabled and removed many of the problems by running bit defender and spyware removal programs, but im still infected and it keeps changing my hosts file still and there is a file in C:\Documents and Settings\Administrator\Local Settings\Temp that keeps putting it self back each time I boot. so this is where i need some help cuz im out of ideas on what to do next to finish cleaning this mess up.

Im on xp pro, sp2

I made a dds log for ya all and ill post it here, not sure what other info you need but whatever im forgetting please just let me know and I will get the info for ya. head hurting from all this lol. Thank you very much for any help you can give me on this situation.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 1:22:04.71 on Tue 03/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.626 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Unlocker\Unlocker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program

files\secured_emule\tbSec0.dll
uURLSearchHooks: H - No File
TB: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender

2009\IEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} -

hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

hxxp://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/mcgonagail/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200761363171
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -

hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200761350718
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\3sec5tfv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.shareazaweb.com/
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - HiddenExtension: XUL Cache: {C227435A-FDB1-479F-8CD5-46E0C1028900} - c:\documents and

settings\administrator\local settings\application data\{C227435A-FDB1-479F-8CD5-46E0C1028900}

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 vcs;vcs;c:\program files\av vcs 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-7-6

52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-7-6 26448]
S2 aawservice;Lavasoft Ad-Aware Service; [x]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis

server\bin\Arrakis3.exe [2008-7-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and

settings\administrator\desktop\bot\ntprocdrv.sys --> c:\documents and

settings\administrator\desktop\bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\prtg traffic grapher\PRTG Traffic Grapher.exe [2008-6-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe [2008-6-15

443904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]

=============== Created Last 30 ================

2009-03-17 00:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 00:09 <DIR> --d----- c:\program files\Unlocker
2009-03-16 23:53 <DIR> --d----- c:\program files\GiPo@Utilities
2009-03-16 23:53 <DIR> --d----- c:\program files\common files\Gibinsoft Shared
2009-03-16 21:54 15,000 a------- c:\windows\system32\hs3i7jdgfd.dll
2009-03-15 11:26 <DIR> --d----- c:\program files\Microsoft Common
2009-03-12 00:36 <DIR> --d----- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACD Systems
2009-03-11 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\common files\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\ACD Systems
2009-03-11 23:04 <DIR> --d----- c:\windows\PreviewSoft
2009-03-11 23:02 <DIR> --d----- c:\program files\common files\Vbox
2009-03-11 20:10 <DIR> --d----- c:\program files\Blaze Media Pro
2009-03-11 20:10 <DIR> -cd-h---

c:\docume~1\alluse~1\applic~1\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-03-09 10:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\The Creative Assembly
2009-03-09 10:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 <DIR> --d----- c:\program files\CureROM
2009-03-06 23:23 23 a--sh--- c:\windows\system32\edacded0_x.dat
2009-03-06 23:23 23 a------- c:\windows\system32\bcdadac7_x.xml
2009-03-06 23:22 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 <DIR> --d----- c:\program files\ToniArts
2009-03-06 20:13 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-06 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 03:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-03-05 21:53 136,192 a------- c:\windows\uzifehoc.dll
2009-03-05 21:42 446 a------- c:\windows\system32\win32hlp.cnf
2009-03-05 21:41 1,394 a------- c:\windows\system32\ahtn.htm
2009-03-05 21:41 104,960 ac------ c:\windows\system32\dllcache\userinit.exe
2009-03-05 21:35 5,164 a------- c:\windows\system32\uacinit.dll
2009-03-05 21:34 127 a------- c:\windows\system32\UACpjcgaorj.dat
2009-03-05 21:34 41,984 a------- c:\windows\Fgusinub.dll
2009-03-02 20:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mael
2009-03-02 20:41 <DIR> --d----- c:\program files\HxD
2009-02-28 03:52 <DIR> --d----- c:\program files\HHD Software
2009-02-26 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-26 05:50 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-26 05:50 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-26 05:50 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-26 05:50 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-26 05:50 <DIR> --d----- c:\program files\Ascentive
2009-02-26 05:07 <DIR> --d----- c:\program files\Act-3D
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567464218.exe
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567459500.exe

==================== Find3M ====================

2009-03-17 01:17 81,984 a------- c:\windows\system32\bdod.bin
2009-03-11 21:31 3,532 a------- C:\drmHeader.bin
2009-03-07 12:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-05 22:19 192,512 a------- c:\windows\system32\txmlutil.dll
2009-03-05 22:19 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-05 22:19 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-03-05 21:40 104,960 a------- c:\windows\system32\userinit.exe
2009-02-26 16:24 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2008-12-02 11:56 31 a------- c:\documents and

settings\administrator\jagex_runescape_preferences.dat
2008-11-15 22:02 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-04-07 20:12 79,328 a------- c:\documents and settings\administrator\mqdmserd.sys
2007-04-07 20:12 5,936 a------- c:\documents and settings\administrator\mqdmwhnt.sys
2007-04-07 20:12 92,064 a------- c:\documents and settings\administrator\mqdmmdm.sys
2007-04-07 20:12 66,656 a------- c:\documents and settings\administrator\mqdmbus.sys
2007-04-07 20:12 9,232 a------- c:\documents and settings\administrator\mqdmmdfl.sys
2007-04-07 20:12 6,208 a------- c:\documents and settings\administrator\mqdmcmnt.sys
2007-04-07 20:12 4,048 a------- c:\documents and settings\administrator\mqdmcr.sys
2007-04-07 20:12 25,600 a------- c:\documents and settings\administrator\usbsermptxp.sys
2007-04-07 20:12 22,768 a------- c:\documents and settings\administrator\usbsermpt.sys
2006-11-21 08:06 364 a------- c:\documents and settings\administrator\pos.dat
2006-10-25 16:16 45,056 a------- c:\documents and settings\administrator\kie.exe
2004-08-04 03:56 22,040 ----h--- c:\docume~1\admini~1\applic~1\addon.dat
2008-09-07 17:32 25,431 a--sh--- c:\windows\system32\sys32.dat

============= FINISH: 1:22:48.04 ===============

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 24 March 2009 - 05:10 PM

Hello Morphx and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 25 March 2009 - 07:56 AM

Thanks Thunder for getting back to me on this, I sure appreciate your help. I have a question about you recomending to install Antivir, update and run. Should I remove my BitDefender 1st and then get Antivir or can I use both of them?

Here are the logs that you requested:

GooredFix v1.92 by jpshortstuff
Log created at 07:51 on 25/03/2009 running Option #2 (Administrator)
Firefox version 2.0.0.6 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{C227435A-FDB1-479F-8CD5-46E0C1028900}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{C227435A-FDB1-479F-8CD5-46E0C1028900}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Administrator\Local Settings\Application Data\{C227435A-FDB1-479F-8CD5-46E0C1028900}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\"


---------------------------------


ComboFix 09-03-23.01 - Administrator 2009-03-25 8:22:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.663 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\addon.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\windows\Fgusinub.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hs3i7jdgfd.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\Memman.vxd
c:\windows\system32\ntdll64.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpjcgaorj.dat
c:\windows\system32\UACyndovdkm.log
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf

----- BITS: Possible infected sites -----

hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-21 09:02 . 2009-03-21 13:38 754 --a------ c:\windows\WORDPAD.INI
2009-03-21 08:37 . 2009-03-21 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MexComGEPlugins
2009-03-21 08:37 . 2009-03-21 08:37 22 --a------ c:\windows\system32\mcstate.bin
2009-03-18 02:30 . 2009-03-18 02:30 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 . 2004-08-04 03:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 . 2001-08-18 08:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 . 2004-08-04 03:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:11 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 10:08 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-03-17 10:07 . 2001-08-17 14:56 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll
2009-03-17 10:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 10:05 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-17 10:03 . 2002-08-28 22:59 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-17 10:02 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 10:01 . 2001-08-17 22:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-17 10:00 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-03-17 09:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 09:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 09:57 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 09:56 . 2001-08-18 08:00 180,770 --a--c--- c:\windows\system32\dllcache\c_20932.nls
2009-03-17 09:55 . 2001-08-18 08:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-03-17 09:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 09:53 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 09:52 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 00:43 . 2009-03-17 00:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 00:09 . 2009-03-17 00:18 <DIR> d-------- c:\program files\Unlocker
2009-03-12 00:36 . 2009-03-12 00:36 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 . 2009-03-12 00:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-11 23:40 . 2009-03-11 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:40 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:39 <DIR> d-------- c:\program files\ACD Systems
2009-03-11 23:04 . 2009-03-11 23:04 <DIR> d-------- c:\windows\PreviewSoft
2009-03-11 23:02 . 2009-03-11 23:02 <DIR> d-------- c:\program files\Common Files\Vbox
2009-03-11 20:10 . 2009-03-11 20:12 <DIR> d-------- c:\program files\Blaze Media Pro
2009-03-11 20:10 . 2009-03-11 20:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 . 2009-03-11 20:00 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-03-09 10:10 . 2009-03-09 10:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-09 10:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 . 2009-03-08 19:31 <DIR> d-------- c:\program files\CureROM
2009-03-06 23:23 . 2009-03-06 23:23 23 --ahs---- c:\windows\system32\edacded0_x.dat
2009-03-06 23:23 . 2009-03-06 23:23 23 --a------ c:\windows\system32\bcdadac7_x.xml
2009-03-06 23:22 . 2009-03-06 23:23 <DIR> d-------- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 . 2009-03-06 20:46 <DIR> d-------- c:\program files\ToniArts
2009-03-06 20:13 . 2009-03-06 20:13 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-06 03:43 . 2009-03-06 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 03:42 . 2009-03-06 04:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 . 2009-03-06 03:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-05 21:53 . 2009-03-05 21:53 136,192 --a------ c:\windows\uzifehoc.dll
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\program files\HxD
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mael
2009-02-28 03:52 . 2009-02-28 03:52 <DIR> d-------- c:\program files\HHD Software
2009-02-26 06:09 . 2009-02-26 06:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ascentive
2009-02-26 05:50 . 2009-03-06 21:12 <DIR> d-------- c:\program files\Ascentive
2009-02-26 05:50 . 2008-07-29 12:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-02-26 05:50 . 2008-08-20 18:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-02-26 05:50 . 2007-07-03 12:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-02-26 05:50 . 2007-07-03 12:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2009-02-26 05:07 . 2009-02-26 05:07 <DIR> d-------- c:\program files\Act-3D
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567464218.exe
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567459500.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 11:49 --------- d-----w c:\program files\NCH Swift Sound
2009-03-25 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-25 11:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-25 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-24 12:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 12:01 278,728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-03-24 12:01 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-03-23 02:23 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-21 13:38 --------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-03-14 12:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 01:31 3,532 ----a-w C:\drmHeader.bin
2009-03-07 04:31 --------- d-----w c:\program files\ASCII Art Generator
2009-03-07 02:32 --------- d-----w c:\program files\Secured eMule
2009-03-07 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 00:45 --------- d-----w c:\program files\Secured_eMule
2009-03-06 23:48 --------- d-----w c:\program files\vghd
2009-03-06 23:48 --------- d-----w c:\program files\Hide Folders XP 2
2009-03-06 08:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 07:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 06:15 --------- d-----w c:\program files\SocksCapV2
2009-03-06 02:19 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-06 02:19 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-05 09:01 --------- d-----w c:\program files\Azureus
2009-02-26 20:24 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-20 19:32 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-02-20 06:10 --------- d-----w c:\program files\MagicISO
2009-02-19 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2009-02-19 05:52 --------- d-----w c:\program files\DivX
2009-02-19 02:12 --------- d-----w c:\program files\Teamspeak2_Server
2009-02-15 04:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-13 16:26 --------- d-----w c:\program files\Buddy Spy
2009-02-09 17:59 --------- d-----w c:\program files\LimeWire
2009-02-02 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Shareaza
2009-01-30 05:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Kazaa Lite
2008-12-02 15:56 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-16 02:02 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-04-08 00:12 92,064 ----a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-04-08 00:12 9,232 ----a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-04-08 00:12 79,328 ----a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-04-08 00:12 66,656 ----a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-04-08 00:12 6,208 ----a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-04-08 00:12 5,936 ----a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-04-08 00:12 4,048 ----a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-04-08 00:12 25,600 ----a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-04-08 00:12 22,768 ----a-w c:\documents and settings\Administrator\usbsermpt.sys
2006-11-21 12:06 364 ----a-w c:\documents and settings\Administrator\pos.dat
2006-10-25 20:16 45,056 ----a-w c:\documents and settings\Administrator\kie.exe
2009-03-06 02:18 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-16 15:43 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-09-16 15:43 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-16 15:43 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-16 15:43 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-09-16 15:43 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 21:32 25,431 --sha-w c:\windows\system32\sys32.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-05 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"aux"= ctwdm32.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.l3codec"= L3CODECP.ACM
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Kingware Updater Client.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Kingware Updater Client.lnk
backup=c:\windows\pss\Kingware Updater Client.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BufferZone
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dttq0ptm7x541utgmfz1l10
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f33r1t6jt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsf8uiw3jnjgffght
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kp3achjbedozzfvcja9afbvbolwf7rw4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kvd9adx4nbltg1r233woo300xczheht
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndcjqwhqr8v
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p1d3iq9w2rcd6xvd8t59aodr5igxybbbeqdkznw9udm2j7j
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pjx822eruehpoix1r
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qzztr76s30ka5yfwlrk9bg0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sn1nrmzmz4mqpc0yu42jnjfyv24oye
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uns3yv4gig993mcr3rp45n3fkufrp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyfpqgh2pdk6ad7k63u2d71qqhkfnshw0d3kxfpp350qli58
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xfnzd4lh7q9pniugwwcu6v8f6cftr5zkxvss2uk9nz7czgu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xzekzwjjh0y629f1vhj2rvc2ifybrr2gsycskwxmm46
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y5nu7ay7ffyzue0kcah9
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\y76dfga6vv5kozzvla0ow5ohpffa53exeo71zu79dxkm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zmmo9bnyrglj1etn1dgrn6xti4ebkmmxdp07b15mvhhxbv1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-29 14:59 236032 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 02:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 10:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 18:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-19 21:21 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 17:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanmetenderStandard3]
--a------ 2006-07-25 20:55 3104768 c:\program files\Scanmetender[Soft]\Scanmetender Standard\candard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 17:48 851968 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-03 23:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xkusanuzeho]
--a------ 2009-03-05 21:53 136192 c:\windows\uzifehoc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 11:38 38912 c:\windows\system32\ltmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"d:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Secured eMule\\securedemule.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\extra1\\bin\\Settlers6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4048:UDP"= 4048:UDP:Windows Media Format SDK (chrome.exe)
"4049:UDP"= 4049:UDP:Windows Media Format SDK (chrome.exe)
"4074:UDP"= 4074:UDP:Windows Media Format SDK (chrome.exe)
"4075:UDP"= 4075:UDP:Windows Media Format SDK (chrome.exe)
"4080:UDP"= 4080:UDP:Windows Media Format SDK (chrome.exe)
"4081:UDP"= 4081:UDP:Windows Media Format SDK (chrome.exe)
"4106:UDP"= 4106:UDP:Windows Media Format SDK (chrome.exe)
"4107:UDP"= 4107:UDP:Windows Media Format SDK (chrome.exe)
"4113:UDP"= 4113:UDP:Windows Media Format SDK (chrome.exe)
"4112:UDP"= 4112:UDP:Windows Media Format SDK (chrome.exe)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 vcs;vcs;c:\program files\AV VCS 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-07-06 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-07-06 26448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys --> c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-06-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-06-15 443904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea923dd8-45ce-11db-b41d-0002b399606a}]
\Shell\AutoRun\command - H:\SH4Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Winexes]
c:\program files\Bifrost\server.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AE7E75F5-1B02-0470-255B-1BD22B8684B3}]
c:\windows\system32\\\iexplore.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 02:47]

2009-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1450960922-725345543-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-19 21:21]

2008-09-16 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-24 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-25 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Elora - c:\windows\Fgusinub.dll
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiware.exe
MSConfigStartUp-Framework Windows - frmwrk32.exe


.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 08:29:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
"hadjpghjldidhlem"=hex:6b,61,62,6b,61,6a,65,70,6e,6f,68,6c,64,69,67,6a,67,65,
64,65,6c,6b,00,00
"iabandkmmcmcpcgkhn"=hex:63,61,6d,6a,64,61,00,7c
"ianinjgokigcoaaafd"=hex:6a,61,61,6b,6d,6c,65,63,6f,6d,64,6c,62,64,6b,61,69,69,
67,6d,00,00

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:55,92,f6,10,79,ca,d4,31,3d,2c,3b,bc,ce,74,63,5e,5d,e0,d2,1c,27,
00,16,15,c8,15,69,1c,33,a1,ef,62,36,f2,cb,36,ca,34,12,1d,b2,e5,b8,2e,1f,61,\
"rkeysecu"=hex:5b,64,cc,fd,60,c4,a0,e2,cf,5e,5d,4d,e8,44,5b,84

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370E88E4-6109-DF0E-C96D-3A886A70D177}\InProcServer32*]
"paipodhbfcioafdlkandbgpknndepmkb"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,
62,6a,66,69,6d,00,00
"oaipafbjjkgchibdijdpmplcjkeamc"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,62,
6a,66,69,6d,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-03-25 8:37:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 12:36:07

Pre-Run: 85,606,686,720 bytes free
Post-Run: 86,324,776,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Professional New"
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

448

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 25 March 2009 - 05:11 PM

Hello Morphx,

No need to install Avira if all tools are running fine. :thumbup2:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/211773/infected-multiple-viruses/
Collect::
c:\windows\uzifehoc.dll
c:\documents and settings\Administrator\pos.dat
c:\documents and settings\Administrator\kie.exe
c:\windows\system32\sys32.dat
File::
c:\windows\system32\edacded0_x.dat
c:\windows\system32\bcdadac7_x.xml
c:\windows\system32\XDva011.sys
Driver::
XDva011
RegLock::
[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dttq0ptm7x541utgmfz1l10]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f33r1t6jt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsf8uiw3jnjgffght]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kp3achjbedozzfvcja9afbvbolwf7rw4]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kvd9adx4nbltg1r233woo300xczheht]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndcjqwhqr8v]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p1d3iq9w2rcd6xvd8t59aodr5igxybbbeqdkznw9udm2j7j]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pjx822eruehpoix1r]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qzztr76s30ka5yfwlrk9bg0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sn1nrmzmz4mqpc0yu42jnjfyv24oye]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uns3yv4gig993mcr3rp45n3fkufrp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vyfpqgh2pdk6ad7k63u2d71qqhkfnshw0d3kxfpp350qli58]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xfnzd4lh7q9pniugwwcu6v8f6cftr5zkxvss2uk9nz7czgu]
[-HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Additionally, ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : 1. In the first window (Link to topic where this file was requested:)
copy and paste this link :http://www.bleepingcomputer.com/forums/topic=211773
2. In the second window (Browse to the file you want to submit: )
browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button
:)

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 25 March 2009 - 06:47 PM

Here you go Thunder,

I made the script you asked but after I dragged it onto ComboFix.exe it popped up a box that said Installation Failed, so I clicked ok and ComboFix still seemed to run and then rebooted and popped up its log and I will submit that 1st, but then I made another script just like you said and dragged it on ComboFix and it still popped up Installation Failed and then continued to run, it then popped its log without a reboot, I will post it 2nd. I did it twice thinking I messed up the 1st time. but anyhow here is the log from both and a new dds log. After I get this posted I will get that zipped file submitted for ya. Thanks again thunder for all your help on this.

--------------

ComboFix 09-03-23.01 - Administrator 2009-03-25 18:51:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.696 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\bcdadac7_x.xml
c:\windows\system32\edacded0_x.dat
c:\windows\system32\XDva011.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\kie.exe
c:\documents and settings\Administrator\pos.dat
c:\windows\system32\bcdadac7_x.xml
c:\windows\system32\edacded0_x.dat
c:\windows\system32\sys32.dat
c:\windows\uzifehoc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA011
-------\Service_XDva011


((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-21 09:02 . 2009-03-21 13:38 754 --a------ c:\windows\WORDPAD.INI
2009-03-21 08:37 . 2009-03-21 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MexComGEPlugins
2009-03-21 08:37 . 2009-03-21 08:37 22 --a------ c:\windows\system32\mcstate.bin
2009-03-18 02:30 . 2009-03-18 02:30 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 . 2004-08-04 03:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 . 2001-08-18 08:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 . 2004-08-04 03:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:11 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 10:08 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-03-17 10:07 . 2001-08-17 14:56 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll
2009-03-17 10:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 10:05 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-17 10:03 . 2002-08-28 22:59 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-17 10:02 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 10:01 . 2001-08-17 22:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-17 10:00 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-03-17 09:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 09:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 09:57 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 09:56 . 2001-08-18 08:00 180,770 --a--c--- c:\windows\system32\dllcache\c_20932.nls
2009-03-17 09:55 . 2001-08-18 08:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-03-17 09:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 09:53 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 09:52 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 00:43 . 2009-03-17 00:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 00:09 . 2009-03-17 00:18 <DIR> d-------- c:\program files\Unlocker
2009-03-12 00:36 . 2009-03-12 00:36 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 . 2009-03-12 00:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-11 23:40 . 2009-03-11 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:40 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:39 <DIR> d-------- c:\program files\ACD Systems
2009-03-11 23:04 . 2009-03-11 23:04 <DIR> d-------- c:\windows\PreviewSoft
2009-03-11 23:02 . 2009-03-11 23:02 <DIR> d-------- c:\program files\Common Files\Vbox
2009-03-11 20:10 . 2009-03-11 20:12 <DIR> d-------- c:\program files\Blaze Media Pro
2009-03-11 20:10 . 2009-03-11 20:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 . 2009-03-11 20:00 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-03-09 10:10 . 2009-03-09 10:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-09 10:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 . 2009-03-08 19:31 <DIR> d-------- c:\program files\CureROM
2009-03-06 23:22 . 2009-03-06 23:23 <DIR> d-------- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 . 2009-03-06 20:46 <DIR> d-------- c:\program files\ToniArts
2009-03-06 20:13 . 2009-03-06 20:13 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-06 03:43 . 2009-03-06 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 03:42 . 2009-03-06 04:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 . 2009-03-06 03:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\program files\HxD
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mael
2009-02-28 03:52 . 2009-02-28 03:52 <DIR> d-------- c:\program files\HHD Software
2009-02-26 06:09 . 2009-02-26 06:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ascentive
2009-02-26 05:50 . 2009-03-06 21:12 <DIR> d-------- c:\program files\Ascentive
2009-02-26 05:50 . 2008-07-29 12:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-02-26 05:50 . 2008-08-20 18:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-02-26 05:50 . 2007-07-03 12:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-02-26 05:50 . 2007-07-03 12:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2009-02-26 05:07 . 2009-02-26 05:07 <DIR> d-------- c:\program files\Act-3D
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567464218.exe
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567459500.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 22:55 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-25 11:49 --------- d-----w c:\program files\NCH Swift Sound
2009-03-25 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-25 11:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-25 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-24 12:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 12:01 278,728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-03-24 12:01 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-03-23 02:23 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-21 13:38 --------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-03-14 12:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 01:31 3,532 ----a-w C:\drmHeader.bin
2009-03-07 16:06 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-07 04:31 --------- d-----w c:\program files\ASCII Art Generator
2009-03-07 02:32 --------- d-----w c:\program files\Secured eMule
2009-03-07 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 00:45 --------- d-----w c:\program files\Secured_eMule
2009-03-06 23:48 --------- d-----w c:\program files\vghd
2009-03-06 23:48 --------- d-----w c:\program files\Hide Folders XP 2
2009-03-06 08:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 07:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 06:15 --------- d-----w c:\program files\SocksCapV2
2009-03-06 02:19 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-06 02:19 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-03-06 02:19 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-05 09:01 --------- d-----w c:\program files\Azureus
2009-02-26 20:24 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-20 19:32 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-02-20 06:10 --------- d-----w c:\program files\MagicISO
2009-02-19 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2009-02-19 05:52 --------- d-----w c:\program files\DivX
2009-02-19 02:12 --------- d-----w c:\program files\Teamspeak2_Server
2009-02-15 04:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-13 16:26 --------- d-----w c:\program files\Buddy Spy
2009-02-09 17:59 --------- d-----w c:\program files\LimeWire
2009-02-02 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Shareaza
2009-01-30 05:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Kazaa Lite
2008-12-02 15:56 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-16 02:02 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-04-08 00:12 92,064 ----a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-04-08 00:12 9,232 ----a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-04-08 00:12 79,328 ----a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-04-08 00:12 66,656 ----a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-04-08 00:12 6,208 ----a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-04-08 00:12 5,936 ----a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-04-08 00:12 4,048 ----a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-04-08 00:12 25,600 ----a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-04-08 00:12 22,768 ----a-w c:\documents and settings\Administrator\usbsermpt.sys
2009-03-06 02:18 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-16 15:43 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-09-16 15:43 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-16 15:43 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-16 15:43 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-09-16 15:43 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-05 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"aux"= ctwdm32.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.l3codec"= L3CODECP.ACM
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Kingware Updater Client.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Kingware Updater Client.lnk
backup=c:\windows\pss\Kingware Updater Client.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-29 14:59 236032 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 02:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 10:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 18:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-19 21:21 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 17:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanmetenderStandard3]
--a------ 2006-07-25 20:55 3104768 c:\program files\Scanmetender[Soft]\Scanmetender Standard\candard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 17:48 851968 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-03 23:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 11:38 38912 c:\windows\system32\ltmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"d:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Secured eMule\\securedemule.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\extra1\\bin\\Settlers6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4048:UDP"= 4048:UDP:Windows Media Format SDK (chrome.exe)
"4049:UDP"= 4049:UDP:Windows Media Format SDK (chrome.exe)
"4074:UDP"= 4074:UDP:Windows Media Format SDK (chrome.exe)
"4075:UDP"= 4075:UDP:Windows Media Format SDK (chrome.exe)
"4080:UDP"= 4080:UDP:Windows Media Format SDK (chrome.exe)
"4081:UDP"= 4081:UDP:Windows Media Format SDK (chrome.exe)
"4106:UDP"= 4106:UDP:Windows Media Format SDK (chrome.exe)
"4107:UDP"= 4107:UDP:Windows Media Format SDK (chrome.exe)
"4113:UDP"= 4113:UDP:Windows Media Format SDK (chrome.exe)
"4112:UDP"= 4112:UDP:Windows Media Format SDK (chrome.exe)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 vcs;vcs;c:\program files\AV VCS 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-07-06 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-07-06 26448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys --> c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-06-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-06-15 443904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea923dd8-45ce-11db-b41d-0002b399606a}]
\Shell\AutoRun\command - H:\SH4Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Winexes]
c:\program files\Bifrost\server.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AE7E75F5-1B02-0470-255B-1BD22B8684B3}]
c:\windows\system32\\\iexplore.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 02:47]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Xkusanuzeho - c:\windows\uzifehoc.dll


.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 18:59:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
"hadjpghjldidhlem"=hex:6b,61,62,6b,61,6a,65,70,6e,6f,68,6c,64,69,67,6a,67,65,
64,65,6c,6b,00,00
"iabandkmmcmcpcgkhn"=hex:63,61,6d,6a,64,61,00,7c
"ianinjgokigcoaaafd"=hex:6a,61,61,6b,6d,6c,65,63,6f,6d,64,6c,62,64,6b,61,69,69,
67,6d,00,00

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:55,92,f6,10,79,ca,d4,31,3d,2c,3b,bc,ce,74,63,5e,5d,e0,d2,1c,27,
00,16,15,c8,15,69,1c,33,a1,ef,62,36,f2,cb,36,ca,34,12,1d,b2,e5,b8,2e,1f,61,\
"rkeysecu"=hex:5b,64,cc,fd,60,c4,a0,e2,cf,5e,5d,4d,e8,44,5b,84

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370E88E4-6109-DF0E-C96D-3A886A70D177}\InProcServer32*]
"paipodhbfcioafdlkandbgpknndepmkb"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,
62,6a,66,69,6d,00,00
"oaipafbjjkgchibdijdpmplcjkeamc"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,62,
6a,66,69,6d,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-03-25 19:06:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 23:05:11
ComboFix2.txt 2009-03-25 12:37:30

Pre-Run: 86,310,256,640 bytes free
Post-Run: 86,301,216,768 bytes free

388


-----------------------------------------
2nd Combo Log
-----------------------------------------


ComboFix 09-03-23.01 - Administrator 2009-03-25 19:13:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.642 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\bcdadac7_x.xml
c:\windows\system32\edacded0_x.dat
c:\windows\system32\XDva011.sys
.

((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-21 09:02 . 2009-03-21 13:38 754 --a------ c:\windows\WORDPAD.INI
2009-03-21 08:37 . 2009-03-21 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MexComGEPlugins
2009-03-21 08:37 . 2009-03-21 08:37 22 --a------ c:\windows\system32\mcstate.bin
2009-03-18 02:30 . 2009-03-18 02:30 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 . 2004-08-04 03:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 . 2001-08-18 08:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 . 2004-08-04 03:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:11 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 10:08 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-03-17 10:07 . 2001-08-17 14:56 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll
2009-03-17 10:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 10:05 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-17 10:03 . 2002-08-28 22:59 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-17 10:02 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 10:01 . 2001-08-17 22:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-17 10:00 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-03-17 09:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 09:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 09:57 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 09:56 . 2001-08-18 08:00 180,770 --a--c--- c:\windows\system32\dllcache\c_20932.nls
2009-03-17 09:55 . 2001-08-18 08:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-03-17 09:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 09:53 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 09:52 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 00:43 . 2009-03-17 00:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 00:09 . 2009-03-17 00:18 <DIR> d-------- c:\program files\Unlocker
2009-03-12 00:36 . 2009-03-12 00:36 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 . 2009-03-12 00:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-11 23:40 . 2009-03-11 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:40 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:39 <DIR> d-------- c:\program files\ACD Systems
2009-03-11 23:04 . 2009-03-11 23:04 <DIR> d-------- c:\windows\PreviewSoft
2009-03-11 23:02 . 2009-03-11 23:02 <DIR> d-------- c:\program files\Common Files\Vbox
2009-03-11 20:10 . 2009-03-11 20:12 <DIR> d-------- c:\program files\Blaze Media Pro
2009-03-11 20:10 . 2009-03-11 20:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 . 2009-03-11 20:00 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-03-09 10:10 . 2009-03-09 10:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-09 10:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 . 2009-03-08 19:31 <DIR> d-------- c:\program files\CureROM
2009-03-06 23:22 . 2009-03-06 23:23 <DIR> d-------- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 . 2009-03-06 20:46 <DIR> d-------- c:\program files\ToniArts
2009-03-06 20:13 . 2009-03-06 20:13 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-06 03:43 . 2009-03-06 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 03:42 . 2009-03-06 04:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 . 2009-03-06 03:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\program files\HxD
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mael
2009-02-28 03:52 . 2009-02-28 03:52 <DIR> d-------- c:\program files\HHD Software
2009-02-26 06:09 . 2009-02-26 06:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ascentive
2009-02-26 05:50 . 2009-03-06 21:12 <DIR> d-------- c:\program files\Ascentive
2009-02-26 05:50 . 2008-07-29 12:27 208,896 --a------ c:\windows\system32\ConTest.dll
2009-02-26 05:50 . 2008-08-20 18:44 45,056 --a------ c:\windows\system32\CreateLog.dll
2009-02-26 05:50 . 2007-07-03 12:48 36,864 --a------ c:\windows\system32\ascbalon.dll
2009-02-26 05:50 . 2007-07-03 12:48 20,480 --a------ c:\windows\system32\SysRestore.dll
2009-02-26 05:07 . 2009-02-26 05:07 <DIR> d-------- c:\program files\Act-3D
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567464218.exe
2009-02-26 05:07 . 2009-02-26 05:07 2,825,407 --a------ c:\windows\system32\xa567459500.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 23:15 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-25 11:49 --------- d-----w c:\program files\NCH Swift Sound
2009-03-25 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-25 11:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-25 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-24 12:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 12:01 278,728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-03-24 12:01 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-03-23 02:23 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-21 13:38 --------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-03-14 12:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 01:31 3,532 ----a-w C:\drmHeader.bin
2009-03-07 16:06 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-07 04:31 --------- d-----w c:\program files\ASCII Art Generator
2009-03-07 02:32 --------- d-----w c:\program files\Secured eMule
2009-03-07 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 00:45 --------- d-----w c:\program files\Secured_eMule
2009-03-06 23:48 --------- d-----w c:\program files\vghd
2009-03-06 23:48 --------- d-----w c:\program files\Hide Folders XP 2
2009-03-06 08:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 07:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 06:15 --------- d-----w c:\program files\SocksCapV2
2009-03-06 02:19 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-06 02:19 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-03-06 02:19 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-05 09:01 --------- d-----w c:\program files\Azureus
2009-02-26 20:24 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-20 19:32 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-02-20 06:10 --------- d-----w c:\program files\MagicISO
2009-02-19 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2009-02-19 05:52 --------- d-----w c:\program files\DivX
2009-02-19 02:12 --------- d-----w c:\program files\Teamspeak2_Server
2009-02-15 04:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-13 16:26 --------- d-----w c:\program files\Buddy Spy
2009-02-09 17:59 --------- d-----w c:\program files\LimeWire
2009-02-02 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Shareaza
2009-01-30 05:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Kazaa Lite
2008-12-02 15:56 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-16 02:02 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-04-08 00:12 92,064 ----a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-04-08 00:12 9,232 ----a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-04-08 00:12 79,328 ----a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-04-08 00:12 66,656 ----a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-04-08 00:12 6,208 ----a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-04-08 00:12 5,936 ----a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-04-08 00:12 4,048 ----a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-04-08 00:12 25,600 ----a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-04-08 00:12 22,768 ----a-w c:\documents and settings\Administrator\usbsermpt.sys
2009-03-06 02:18 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-16 15:43 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-09-16 15:43 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-16 15:43 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-16 15:43 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-09-16 15:43 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-05 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"aux"= ctwdm32.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.l3codec"= L3CODECP.ACM
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Kingware Updater Client.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Kingware Updater Client.lnk
backup=c:\windows\pss\Kingware Updater Client.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-29 14:59 236032 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 02:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 10:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 18:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-19 21:21 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 17:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanmetenderStandard3]
--a------ 2006-07-25 20:55 3104768 c:\program files\Scanmetender[Soft]\Scanmetender Standard\candard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 17:48 851968 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-03 23:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 11:38 38912 c:\windows\system32\ltmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"d:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Secured eMule\\securedemule.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\extra1\\bin\\Settlers6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4048:UDP"= 4048:UDP:Windows Media Format SDK (chrome.exe)
"4049:UDP"= 4049:UDP:Windows Media Format SDK (chrome.exe)
"4074:UDP"= 4074:UDP:Windows Media Format SDK (chrome.exe)
"4075:UDP"= 4075:UDP:Windows Media Format SDK (chrome.exe)
"4080:UDP"= 4080:UDP:Windows Media Format SDK (chrome.exe)
"4081:UDP"= 4081:UDP:Windows Media Format SDK (chrome.exe)
"4106:UDP"= 4106:UDP:Windows Media Format SDK (chrome.exe)
"4107:UDP"= 4107:UDP:Windows Media Format SDK (chrome.exe)
"4113:UDP"= 4113:UDP:Windows Media Format SDK (chrome.exe)
"4112:UDP"= 4112:UDP:Windows Media Format SDK (chrome.exe)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 vcs;vcs;c:\program files\AV VCS 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-07-06 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-07-06 26448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys --> c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-06-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-06-15 443904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea923dd8-45ce-11db-b41d-0002b399606a}]
\Shell\AutoRun\command - H:\SH4Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Winexes]
c:\program files\Bifrost\server.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AE7E75F5-1B02-0470-255B-1BD22B8684B3}]
c:\windows\system32\\\iexplore.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 19:17:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
"hadjpghjldidhlem"=hex:6b,61,62,6b,61,6a,65,70,6e,6f,68,6c,64,69,67,6a,67,65,
64,65,6c,6b,00,00
"iabandkmmcmcpcgkhn"=hex:63,61,6d,6a,64,61,00,7c
"ianinjgokigcoaaafd"=hex:6a,61,61,6b,6d,6c,65,63,6f,6d,64,6c,62,64,6b,61,69,69,
67,6d,00,00

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:55,92,f6,10,79,ca,d4,31,3d,2c,3b,bc,ce,74,63,5e,5d,e0,d2,1c,27,
00,16,15,c8,15,69,1c,33,a1,ef,62,36,f2,cb,36,ca,34,12,1d,b2,e5,b8,2e,1f,61,\
"rkeysecu"=hex:5b,64,cc,fd,60,c4,a0,e2,cf,5e,5d,4d,e8,44,5b,84

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370E88E4-6109-DF0E-C96D-3A886A70D177}\InProcServer32*]
"paipodhbfcioafdlkandbgpknndepmkb"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,
62,6a,66,69,6d,00,00
"oaipafbjjkgchibdijdpmplcjkeamc"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,62,
6a,66,69,6d,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-25 19:22:05
ComboFix-quarantined-files.txt 2009-03-25 23:20:44
ComboFix2.txt 2009-03-25 23:06:37
ComboFix3.txt 2009-03-25 12:37:30

Pre-Run: 86,283,784,192 bytes free
Post-Run: 86,270,496,768 bytes free

361


-------------------------------------------------
DDS Log
-------------------------------------------------



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 19:43:34.85 on Wed 03/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.557 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
uURLSearchHooks: H - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/mcgonagail/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200761363171
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200761350718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 vcs;vcs;c:\program files\av vcs 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-7-6 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-7-6 26448]
S2 aawservice;Lavasoft Ad-Aware Service; [x]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\administrator\desktop\bot\ntprocdrv.sys --> c:\documents and settings\administrator\desktop\bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\prtg traffic grapher\PRTG Traffic Grapher.exe [2008-6-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe [2008-6-15 443904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-25 08:18 <DIR> a-dshr-- C:\cmdcons
2009-03-25 08:16 161,792 a------- c:\windows\SWREG.exe
2009-03-25 08:16 98,816 a------- c:\windows\sed.exe
2009-03-21 09:02 754 a------- c:\windows\WORDPAD.INI
2009-03-21 08:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\MexComGEPlugins
2009-03-21 08:37 22 a------- c:\windows\system32\mcstate.bin
2009-03-18 02:30 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:11 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:09 17,024 ac------ c:\windows\system32\dllcache\usbohci.sys
2009-03-17 10:08 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-03-17 10:07 10,880 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-03-17 10:06 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
2009-03-17 10:05 7,552 ac------ c:\windows\system32\dllcache\powerfil.sys
2009-03-17 10:03 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-03-17 10:02 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-03-17 10:01 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-03-17 10:00 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys
2009-03-17 09:59 322,432 ac------ c:\windows\system32\dllcache\g400m.sys
2009-03-17 09:58 25,159 ac------ c:\windows\system32\dllcache\elnk3.sys
2009-03-17 09:57 3,072 ac------ c:\windows\system32\dllcache\cwbmidi.sys
2009-03-17 09:56 66,594 ac------ c:\windows\system32\dllcache\c_864.nls
2009-03-17 09:55 66,082 ac------ c:\windows\system32\dllcache\c_20277.nls
2009-03-17 09:54 162,850 ac------ c:\windows\system32\dllcache\c_10001.nls
2009-03-17 09:53 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-03-17 09:52 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-03-17 00:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 00:09 <DIR> --d----- c:\program files\Unlocker
2009-03-12 00:36 <DIR> --d----- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACD Systems
2009-03-11 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\common files\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\ACD Systems
2009-03-11 23:04 <DIR> --d----- c:\windows\PreviewSoft
2009-03-11 23:02 <DIR> --d----- c:\program files\common files\Vbox
2009-03-11 20:10 <DIR> --d----- c:\program files\Blaze Media Pro
2009-03-11 20:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-03-09 10:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\The Creative Assembly
2009-03-09 10:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 <DIR> --d----- c:\program files\CureROM
2009-03-06 23:22 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 <DIR> --d----- c:\program files\ToniArts
2009-03-06 20:13 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-06 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 03:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-03-02 20:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mael
2009-03-02 20:41 <DIR> --d----- c:\program files\HxD
2009-02-28 03:52 <DIR> --d----- c:\program files\HHD Software
2009-02-26 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-26 05:50 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-26 05:50 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-26 05:50 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-26 05:50 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-26 05:50 <DIR> --d----- c:\program files\Ascentive
2009-02-26 05:07 <DIR> --d----- c:\program files\Act-3D
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567464218.exe
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567459500.exe

==================== Find3M ====================

2009-03-25 19:40 81,984 a------- c:\windows\system32\bdod.bin
2009-03-24 08:01 278,728 a------- c:\windows\system32\drivers\atksgt.sys
2009-03-24 08:01 25,416 a------- c:\windows\system32\drivers\lirsgt.sys
2009-03-11 21:31 3,532 a------- C:\drmHeader.bin
2009-03-07 12:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-05 22:19 192,512 a------- c:\windows\system32\txmlutil.dll
2009-03-05 22:19 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-05 22:19 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-02-26 16:24 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2008-12-02 11:56 31 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-15 22:02 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-04-07 20:12 79,328 a------- c:\documents and settings\administrator\mqdmserd.sys
2007-04-07 20:12 5,936 a------- c:\documents and settings\administrator\mqdmwhnt.sys
2007-04-07 20:12 92,064 a------- c:\documents and settings\administrator\mqdmmdm.sys
2007-04-07 20:12 66,656 a------- c:\documents and settings\administrator\mqdmbus.sys
2007-04-07 20:12 9,232 a------- c:\documents and settings\administrator\mqdmmdfl.sys
2007-04-07 20:12 6,208 a------- c:\documents and settings\administrator\mqdmcmnt.sys
2007-04-07 20:12 4,048 a------- c:\documents and settings\administrator\mqdmcr.sys
2007-04-07 20:12 25,600 a------- c:\documents and settings\administrator\usbsermptxp.sys
2007-04-07 20:12 22,768 a------- c:\documents and settings\administrator\usbsermpt.sys

============= FINISH: 19:44:31.17 ===============

#6 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 25 March 2009 - 06:55 PM

Thunder, that file has been submitted.

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 27 March 2009 - 01:24 PM

Hello Morphx,

Looks like we'll need another run :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\program files\Bifrost\server.exe
c:\windows\system32\iexplore.exe
H:\SH4Autorun.exe
Folder::
c:\program files\Bifrost
DDS::
uURLSearchHooks: H -
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} -
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea923dd8-45ce-11db-b41d-0002b399606a}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Winexes]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AE7E75F5-1B02-0470-255B-1BD22B8684B3}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 27 March 2009 - 02:11 PM

Hey Thunder,

I ran this script and it said installation failed too. Then Combofix updated and continued to run.

Here are the logs.


ComboFix 09-03-26.03 - Administrator 2009-03-27 14:51:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.707 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\program files\Bifrost\server.exe
c:\windows\system32\iexplore.exe
H:\SH4Autorun.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-21 09:02 . 2009-03-21 13:38 754 --a------ c:\windows\WORDPAD.INI
2009-03-21 08:37 . 2009-03-21 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MexComGEPlugins
2009-03-21 08:37 . 2009-03-21 08:37 22 --a------ c:\windows\system32\mcstate.bin
2009-03-18 02:30 . 2009-03-18 02:30 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 . 2004-08-04 03:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 . 2001-08-18 08:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 . 2004-08-04 03:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:11 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 10:08 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-03-17 10:07 . 2001-08-17 14:56 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll
2009-03-17 10:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 10:05 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-17 10:03 . 2002-08-28 22:59 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-17 10:02 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 10:01 . 2001-08-17 22:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-17 10:00 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-03-17 09:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 09:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 09:57 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 09:56 . 2001-08-18 08:00 180,770 --a--c--- c:\windows\system32\dllcache\c_20932.nls
2009-03-17 09:55 . 2001-08-18 08:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-03-17 09:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 09:53 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 09:52 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 00:43 . 2009-03-17 00:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 00:09 . 2009-03-17 00:18 <DIR> d-------- c:\program files\Unlocker
2009-03-12 00:36 . 2009-03-12 00:36 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 . 2009-03-12 00:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-11 23:40 . 2009-03-11 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:40 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:39 <DIR> d-------- c:\program files\ACD Systems
2009-03-11 23:04 . 2009-03-11 23:04 <DIR> d-------- c:\windows\PreviewSoft
2009-03-11 23:02 . 2009-03-11 23:02 <DIR> d-------- c:\program files\Common Files\Vbox
2009-03-11 20:10 . 2009-03-11 20:12 <DIR> d-------- c:\program files\Blaze Media Pro
2009-03-11 20:10 . 2009-03-11 20:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 . 2009-03-11 20:00 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-03-09 10:10 . 2009-03-09 10:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-09 10:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 . 2009-03-08 19:31 <DIR> d-------- c:\program files\CureROM
2009-03-06 23:22 . 2009-03-06 23:23 <DIR> d-------- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 . 2009-03-06 20:46 <DIR> d-------- c:\program files\ToniArts
2009-03-06 20:13 . 2009-03-06 20:13 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-06 03:43 . 2009-03-06 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 03:42 . 2009-03-06 04:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 . 2009-03-06 03:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\program files\HxD
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mael
2009-02-28 03:52 . 2009-02-28 03:52 <DIR> d-------- c:\program files\HHD Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 18:53 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-27 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-25 11:49 --------- d-----w c:\program files\NCH Swift Sound
2009-03-25 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-25 11:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-24 12:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 12:01 278,728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-03-24 12:01 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-03-23 02:23 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-21 13:38 --------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-03-14 12:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 01:31 3,532 ----a-w C:\drmHeader.bin
2009-03-07 16:06 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-07 04:31 --------- d-----w c:\program files\ASCII Art Generator
2009-03-07 02:32 --------- d-----w c:\program files\Secured eMule
2009-03-07 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 01:12 --------- d-----w c:\program files\Ascentive
2009-03-07 00:45 --------- d-----w c:\program files\Secured_eMule
2009-03-06 23:48 --------- d-----w c:\program files\vghd
2009-03-06 23:48 --------- d-----w c:\program files\Hide Folders XP 2
2009-03-06 08:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 07:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 06:15 --------- d-----w c:\program files\SocksCapV2
2009-03-06 02:19 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-06 02:19 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-03-06 02:19 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-05 09:01 --------- d-----w c:\program files\Azureus
2009-02-26 20:24 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-26 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\Ascentive
2009-02-26 09:07 2,825,407 ----a-w c:\windows\system32\xa567464218.exe
2009-02-26 09:07 2,825,407 ----a-w c:\windows\system32\xa567459500.exe
2009-02-26 09:07 --------- d-----w c:\program files\Act-3D
2009-02-20 19:32 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-02-20 06:10 --------- d-----w c:\program files\MagicISO
2009-02-19 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2009-02-19 05:52 --------- d-----w c:\program files\DivX
2009-02-19 02:12 --------- d-----w c:\program files\Teamspeak2_Server
2009-02-15 04:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-13 16:26 --------- d-----w c:\program files\Buddy Spy
2009-02-09 17:59 --------- d-----w c:\program files\LimeWire
2009-02-02 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Shareaza
2009-01-30 05:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Kazaa Lite
2008-12-02 15:56 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-16 02:02 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-04-08 00:12 92,064 ----a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-04-08 00:12 9,232 ----a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-04-08 00:12 79,328 ----a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-04-08 00:12 66,656 ----a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-04-08 00:12 6,208 ----a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-04-08 00:12 5,936 ----a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-04-08 00:12 4,048 ----a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-04-08 00:12 25,600 ----a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-04-08 00:12 22,768 ----a-w c:\documents and settings\Administrator\usbsermpt.sys
2009-03-06 02:18 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-16 15:43 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-09-16 15:43 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-16 15:43 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-16 15:43 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-09-16 15:43 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-05 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"aux"= ctwdm32.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.l3codec"= L3CODECP.ACM
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Kingware Updater Client.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Kingware Updater Client.lnk
backup=c:\windows\pss\Kingware Updater Client.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-29 14:59 236032 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 02:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 10:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 18:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-19 21:21 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 17:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanmetenderStandard3]
--a------ 2006-07-25 20:55 3104768 c:\program files\Scanmetender[Soft]\Scanmetender Standard\candard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 17:48 851968 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-03 23:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 11:38 38912 c:\windows\system32\ltmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"d:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Secured eMule\\securedemule.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\extra1\\bin\\Settlers6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4048:UDP"= 4048:UDP:Windows Media Format SDK (chrome.exe)
"4049:UDP"= 4049:UDP:Windows Media Format SDK (chrome.exe)
"4074:UDP"= 4074:UDP:Windows Media Format SDK (chrome.exe)
"4075:UDP"= 4075:UDP:Windows Media Format SDK (chrome.exe)
"4080:UDP"= 4080:UDP:Windows Media Format SDK (chrome.exe)
"4081:UDP"= 4081:UDP:Windows Media Format SDK (chrome.exe)
"4106:UDP"= 4106:UDP:Windows Media Format SDK (chrome.exe)
"4107:UDP"= 4107:UDP:Windows Media Format SDK (chrome.exe)
"4113:UDP"= 4113:UDP:Windows Media Format SDK (chrome.exe)
"4112:UDP"= 4112:UDP:Windows Media Format SDK (chrome.exe)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 vcs;vcs;c:\program files\AV VCS 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-07-06 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-07-06 26448]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys --> c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-06-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-06-15 443904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 523BF266
*NewlyCreated* - A246CDCD
*Deregistered* - 523bf266
*Deregistered* - a246cdcd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 14:56:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
"hadjpghjldidhlem"=hex:6b,61,62,6b,61,6a,65,70,6e,6f,68,6c,64,69,67,6a,67,65,
64,65,6c,6b,00,00
"iabandkmmcmcpcgkhn"=hex:63,61,6d,6a,64,61,00,7c
"ianinjgokigcoaaafd"=hex:6a,61,61,6b,6d,6c,65,63,6f,6d,64,6c,62,64,6b,61,69,69,
67,6d,00,00

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:55,92,f6,10,79,ca,d4,31,3d,2c,3b,bc,ce,74,63,5e,5d,e0,d2,1c,27,
00,16,15,c8,15,69,1c,33,a1,ef,62,36,f2,cb,36,ca,34,12,1d,b2,e5,b8,2e,1f,61,\
"rkeysecu"=hex:5b,64,cc,fd,60,c4,a0,e2,cf,5e,5d,4d,e8,44,5b,84

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370E88E4-6109-DF0E-C96D-3A886A70D177}\InProcServer32*]
"paipodhbfcioafdlkandbgpknndepmkb"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,
62,6a,66,69,6d,00,00
"oaipafbjjkgchibdijdpmplcjkeamc"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,62,
6a,66,69,6d,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-27 15:00:39
ComboFix-quarantined-files.txt 2009-03-27 18:59:20
ComboFix2.txt 2009-03-25 23:22:10
ComboFix3.txt 2009-03-25 23:06:37
ComboFix4.txt 2009-03-25 12:37:30

Pre-Run: 86,224,441,344 bytes free
Post-Run: 86,212,620,288 bytes free

357


--------------------------------------
DDS Log
--------------------------------------



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 15:10:08.93 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.588 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/mcgonagail/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200761363171
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200761350718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 vcs;vcs;c:\program files\av vcs 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-7-6 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-7-6 26448]
S2 aawservice;Lavasoft Ad-Aware Service; [x]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\administrator\desktop\bot\ntprocdrv.sys --> c:\documents and settings\administrator\desktop\bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\prtg traffic grapher\PRTG Traffic Grapher.exe [2008-6-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe [2008-6-15 443904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-25 08:18 <DIR> a-dshr-- C:\cmdcons
2009-03-25 08:16 161,792 a------- c:\windows\SWREG.exe
2009-03-25 08:16 98,816 a------- c:\windows\sed.exe
2009-03-21 09:02 754 a------- c:\windows\WORDPAD.INI
2009-03-21 08:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\MexComGEPlugins
2009-03-21 08:37 22 a------- c:\windows\system32\mcstate.bin
2009-03-18 02:30 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:11 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:09 17,024 ac------ c:\windows\system32\dllcache\usbohci.sys
2009-03-17 10:08 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-03-17 10:07 10,880 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-03-17 10:06 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
2009-03-17 10:05 7,552 ac------ c:\windows\system32\dllcache\powerfil.sys
2009-03-17 10:03 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-03-17 10:02 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-03-17 10:01 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-03-17 10:00 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys
2009-03-17 09:59 322,432 ac------ c:\windows\system32\dllcache\g400m.sys
2009-03-17 09:58 25,159 ac------ c:\windows\system32\dllcache\elnk3.sys
2009-03-17 09:57 3,072 ac------ c:\windows\system32\dllcache\cwbmidi.sys
2009-03-17 09:56 66,594 ac------ c:\windows\system32\dllcache\c_864.nls
2009-03-17 09:55 66,082 ac------ c:\windows\system32\dllcache\c_20277.nls
2009-03-17 09:54 162,850 ac------ c:\windows\system32\dllcache\c_10001.nls
2009-03-17 09:53 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-03-17 09:52 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-03-17 00:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 00:09 <DIR> --d----- c:\program files\Unlocker
2009-03-12 00:36 <DIR> --d----- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACD Systems
2009-03-11 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\common files\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\ACD Systems
2009-03-11 23:04 <DIR> --d----- c:\windows\PreviewSoft
2009-03-11 23:02 <DIR> --d----- c:\program files\common files\Vbox
2009-03-11 20:10 <DIR> --d----- c:\program files\Blaze Media Pro
2009-03-11 20:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-03-09 10:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\The Creative Assembly
2009-03-09 10:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 <DIR> --d----- c:\program files\CureROM
2009-03-06 23:22 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 <DIR> --d----- c:\program files\ToniArts
2009-03-06 20:13 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-06 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 03:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-03-02 20:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mael
2009-03-02 20:41 <DIR> --d----- c:\program files\HxD
2009-02-28 03:52 <DIR> --d----- c:\program files\HHD Software
2009-02-26 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-26 05:50 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-26 05:50 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-26 05:50 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-26 05:50 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-26 05:50 <DIR> --d----- c:\program files\Ascentive
2009-02-26 05:07 <DIR> --d----- c:\program files\Act-3D
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567464218.exe
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567459500.exe

==================== Find3M ====================

2009-03-27 15:10 81,984 a------- c:\windows\system32\bdod.bin
2009-03-24 08:01 278,728 a------- c:\windows\system32\drivers\atksgt.sys
2009-03-24 08:01 25,416 a------- c:\windows\system32\drivers\lirsgt.sys
2009-03-11 21:31 3,532 a------- C:\drmHeader.bin
2009-03-07 12:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-05 22:19 192,512 a------- c:\windows\system32\txmlutil.dll
2009-03-05 22:19 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-05 22:19 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-02-26 16:24 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2008-12-02 11:56 31 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-15 22:02 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-04-07 20:12 79,328 a------- c:\documents and settings\administrator\mqdmserd.sys
2007-04-07 20:12 5,936 a------- c:\documents and settings\administrator\mqdmwhnt.sys
2007-04-07 20:12 92,064 a------- c:\documents and settings\administrator\mqdmmdm.sys
2007-04-07 20:12 66,656 a------- c:\documents and settings\administrator\mqdmbus.sys
2007-04-07 20:12 9,232 a------- c:\documents and settings\administrator\mqdmmdfl.sys
2007-04-07 20:12 6,208 a------- c:\documents and settings\administrator\mqdmcmnt.sys
2007-04-07 20:12 4,048 a------- c:\documents and settings\administrator\mqdmcr.sys
2007-04-07 20:12 25,600 a------- c:\documents and settings\administrator\usbsermptxp.sys
2007-04-07 20:12 22,768 a------- c:\documents and settings\administrator\usbsermpt.sys

============= FINISH: 15:10:44.73 ===============

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 27 March 2009 - 02:14 PM

Hello Morphx,

That may have something to do with an AV program blocking the correct running.

It may be better to do the final run in safe mode. :thumbup2:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#10 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 27 March 2009 - 02:49 PM

I ran again in safe mode and no fail that time, so hopefully it worked.

Here are the logs.


ComboFix 09-03-26.03 - Administrator 2009-03-27 15:30:10.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.796 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)

FILE ::
c:\program files\Bifrost\server.exe
c:\windows\system32\iexplore.exe
H:\SH4Autorun.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-21 09:02 . 2009-03-21 13:38 754 --a------ c:\windows\WORDPAD.INI
2009-03-21 08:37 . 2009-03-21 08:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MexComGEPlugins
2009-03-21 08:37 . 2009-03-21 08:37 22 --a------ c:\windows\system32\mcstate.bin
2009-03-18 02:30 . 2009-03-18 02:30 25,992 --a------ c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 . 2004-08-04 03:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 . 2001-08-18 08:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 . 2004-08-04 03:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:11 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-17 10:08 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll
2009-03-17 10:07 . 2001-08-17 14:56 245,632 --a--c--- c:\windows\system32\dllcache\s3savmx.dll
2009-03-17 10:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-17 10:05 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-17 10:03 . 2002-08-28 22:59 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-17 10:02 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-17 10:01 . 2001-08-17 22:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-17 10:00 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys
2009-03-17 09:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-17 09:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-17 09:57 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-17 09:56 . 2001-08-18 08:00 180,770 --a--c--- c:\windows\system32\dllcache\c_20932.nls
2009-03-17 09:55 . 2001-08-18 08:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-03-17 09:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-17 09:53 . 2001-08-17 14:55 382,592 --a--c--- c:\windows\system32\dllcache\atidrab.dll
2009-03-17 09:52 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-17 00:43 . 2009-03-17 00:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-17 00:09 . 2009-03-17 00:18 <DIR> d-------- c:\program files\Unlocker
2009-03-12 00:36 . 2009-03-12 00:36 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 . 2009-03-12 00:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-03-11 23:40 . 2009-03-11 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:40 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-03-11 23:39 . 2009-03-11 23:39 <DIR> d-------- c:\program files\ACD Systems
2009-03-11 23:04 . 2009-03-11 23:04 <DIR> d-------- c:\windows\PreviewSoft
2009-03-11 23:02 . 2009-03-11 23:02 <DIR> d-------- c:\program files\Common Files\Vbox
2009-03-11 20:10 . 2009-03-11 20:12 <DIR> d-------- c:\program files\Blaze Media Pro
2009-03-11 20:10 . 2009-03-11 20:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 . 2009-03-11 20:00 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-03-09 10:10 . 2009-03-09 10:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-09 10:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 . 2009-03-08 19:31 <DIR> d-------- c:\program files\CureROM
2009-03-06 23:22 . 2009-03-06 23:23 <DIR> d-------- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 . 2009-03-06 20:46 <DIR> d-------- c:\program files\ToniArts
2009-03-06 20:13 . 2009-03-06 20:13 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-06 03:43 . 2009-03-06 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-06 03:42 . 2009-03-06 04:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 . 2009-03-06 03:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\program files\HxD
2009-03-02 20:41 . 2009-03-02 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Mael
2009-02-28 03:52 . 2009-02-28 03:52 <DIR> d-------- c:\program files\HHD Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 19:25 81,984 ----a-w c:\windows\system32\bdod.bin
2009-03-27 08:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-25 11:49 --------- d-----w c:\program files\NCH Swift Sound
2009-03-25 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-03-25 11:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Azureus
2009-03-24 12:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 12:01 278,728 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-03-24 12:01 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-03-23 02:23 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-03-21 13:38 --------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-03-14 12:56 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 01:31 3,532 ----a-w C:\drmHeader.bin
2009-03-07 16:06 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-07 04:31 --------- d-----w c:\program files\ASCII Art Generator
2009-03-07 02:32 --------- d-----w c:\program files\Secured eMule
2009-03-07 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 01:12 --------- d-----w c:\program files\Ascentive
2009-03-07 00:45 --------- d-----w c:\program files\Secured_eMule
2009-03-06 23:48 --------- d-----w c:\program files\vghd
2009-03-06 23:48 --------- d-----w c:\program files\Hide Folders XP 2
2009-03-06 08:37 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 07:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 07:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 06:15 --------- d-----w c:\program files\SocksCapV2
2009-03-06 02:19 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-03-06 02:19 192,512 ----a-w c:\windows\system32\txmlutil.dll
2009-03-06 02:19 111,112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-03-05 09:01 --------- d-----w c:\program files\Azureus
2009-02-26 20:24 163,644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-26 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\Ascentive
2009-02-26 09:07 2,825,407 ----a-w c:\windows\system32\xa567464218.exe
2009-02-26 09:07 2,825,407 ----a-w c:\windows\system32\xa567459500.exe
2009-02-26 09:07 --------- d-----w c:\program files\Act-3D
2009-02-20 19:32 --------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-02-20 06:10 --------- d-----w c:\program files\MagicISO
2009-02-19 05:55 --------- d-----w c:\documents and settings\Administrator\Application Data\DivX
2009-02-19 05:52 --------- d-----w c:\program files\DivX
2009-02-19 02:12 --------- d-----w c:\program files\Teamspeak2_Server
2009-02-15 04:57 --------- d-----w c:\program files\MSN Messenger
2009-02-15 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-13 16:26 --------- d-----w c:\program files\Buddy Spy
2009-02-09 17:59 --------- d-----w c:\program files\LimeWire
2009-02-02 04:54 --------- d-----w c:\documents and settings\Administrator\Application Data\Shareaza
2009-01-30 05:45 --------- d-----w c:\documents and settings\Administrator\Application Data\Kazaa Lite
2008-12-02 15:56 31 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-11-16 02:02 22,328 ----a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2007-04-08 00:12 92,064 ----a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-04-08 00:12 9,232 ----a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-04-08 00:12 79,328 ----a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-04-08 00:12 66,656 ----a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-04-08 00:12 6,208 ----a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-04-08 00:12 5,936 ----a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-04-08 00:12 4,048 ----a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-04-08 00:12 25,600 ----a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-04-08 00:12 22,768 ----a-w c:\documents and settings\Administrator\usbsermpt.sys
2009-03-06 02:18 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2008-09-16 15:43 66,408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-09-16 15:43 54,112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-09-16 15:43 34,688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-09-16 15:43 46,456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-09-16 15:43 171,880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSec0.dll" [2008-05-13 1470488]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-05 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-03-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"aux"= ctwdm32.dll
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.l3codec"= L3CODECP.ACM
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Kingware Updater Client.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Kingware Updater Client.lnk
backup=c:\windows\pss\Kingware Updater Client.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=c:\windows\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-29 14:59 236032 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 02:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2002-12-02 10:17 73728 c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 18:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2007-07-19 08:02 2887680 c:\program files\Electronic Arts\EA Link\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-19 21:21 133104 c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2007-03-05 17:57 1103480 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanmetenderStandard3]
--a------ 2006-07-25 20:55 3104768 c:\program files\Scanmetender[Soft]\Scanmetender Standard\candard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-06-19 17:48 851968 c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-03 23:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-20 16:30 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 11:38 38912 c:\windows\system32\ltmsg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"d:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Secured eMule\\securedemule.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"d:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\extra1\\bin\\Settlers6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4048:UDP"= 4048:UDP:Windows Media Format SDK (chrome.exe)
"4049:UDP"= 4049:UDP:Windows Media Format SDK (chrome.exe)
"4074:UDP"= 4074:UDP:Windows Media Format SDK (chrome.exe)
"4075:UDP"= 4075:UDP:Windows Media Format SDK (chrome.exe)
"4080:UDP"= 4080:UDP:Windows Media Format SDK (chrome.exe)
"4081:UDP"= 4081:UDP:Windows Media Format SDK (chrome.exe)
"4106:UDP"= 4106:UDP:Windows Media Format SDK (chrome.exe)
"4107:UDP"= 4107:UDP:Windows Media Format SDK (chrome.exe)
"4113:UDP"= 4113:UDP:Windows Media Format SDK (chrome.exe)
"4112:UDP"= 4112:UDP:Windows Media Format SDK (chrome.exe)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-07-06 26448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
S2 vcs;vcs;c:\program files\AV VCS 3.0\Vcs.sys [2006-12-12 6852]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-07-06 52944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys --> c:\documents and settings\Administrator\Desktop\Bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2008-06-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [2008-06-15 443904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 15:34:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE67CBEB-22B0-69E6-E0E9-0A71A3C1B8F6}*]
"hadjpghjldidhlem"=hex:6b,61,62,6b,61,6a,65,70,6e,6f,68,6c,64,69,67,6a,67,65,
64,65,6c,6b,00,00
"iabandkmmcmcpcgkhn"=hex:63,61,6d,6a,64,61,00,7c
"ianinjgokigcoaaafd"=hex:6a,61,61,6b,6d,6c,65,63,6f,6d,64,6c,62,64,6b,61,69,69,
67,6d,00,00

[HKEY_USERS\S-1-5-21-1644491937-1450960922-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:55,92,f6,10,79,ca,d4,31,3d,2c,3b,bc,ce,74,63,5e,5d,e0,d2,1c,27,
00,16,15,c8,15,69,1c,33,a1,ef,62,36,f2,cb,36,ca,34,12,1d,b2,e5,b8,2e,1f,61,\
"rkeysecu"=hex:5b,64,cc,fd,60,c4,a0,e2,cf,5e,5d,4d,e8,44,5b,84

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{370E88E4-6109-DF0E-C96D-3A886A70D177}\InProcServer32*]
"paipodhbfcioafdlkandbgpknndepmkb"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,
62,6a,66,69,6d,00,00
"oaipafbjjkgchibdijdpmplcjkeamc"=hex:69,61,67,6b,61,6e,64,63,61,65,64,66,66,62,
6a,66,69,6d,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(316)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
c:\windows\system32\DivXa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\lameACM.dll
c:\windows\system32\L3CODECP.ACM
.
Completion time: 2009-03-27 15:38:32
ComboFix-quarantined-files.txt 2009-03-27 19:37:15
ComboFix2.txt 2009-03-27 19:00:43
ComboFix3.txt 2009-03-25 23:22:10
ComboFix4.txt 2009-03-25 23:06:37
ComboFix5.txt 2009-03-27 19:29:26

Pre-Run: 86,221,742,080 bytes free
Post-Run: 86,210,060,288 bytes free

359


---------------------------------
DDS Log
---------------------------------



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 15:42:54.20 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.584 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = 63.149.98.16:80
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Secured eMule Toolbar: {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - c:\program files\secured_emule\tbSec0.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/mcgonagail/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200761363171
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200761350718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15029/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 vcs;vcs;c:\program files\av vcs 3.0\Vcs.sys [2006-12-12 6852]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-7-6 52944]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-7-6 26448]
S2 aawservice;Lavasoft Ad-Aware Service; [x]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\administrator\desktop\bot\ntprocdrv.sys --> c:\documents and settings\administrator\desktop\bot\NtProcDrv.sys [?]
S3 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
S3 PRTGService;PRTG Service;c:\program files\prtg traffic grapher\PRTG Traffic Grapher.exe [2008-6-15 3949896]
S3 prtgwatchservice;PRTG Watchdog;c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe [2008-6-15 443904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-27 15:29 <DIR> --d----- C:\ComboFix
2009-03-25 08:18 <DIR> a-dshr-- C:\cmdcons
2009-03-25 08:16 161,792 a------- c:\windows\SWREG.exe
2009-03-25 08:16 98,816 a------- c:\windows\sed.exe
2009-03-21 09:02 754 a------- c:\windows\WORDPAD.INI
2009-03-21 08:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\MexComGEPlugins
2009-03-21 08:37 22 a------- c:\windows\system32\mcstate.bin
2009-03-18 02:30 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-03-17 10:11 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-17 10:11 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-17 10:11 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-17 10:11 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-17 10:11 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-17 10:11 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-17 10:11 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-03-17 10:11 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-17 10:11 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-17 10:11 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-17 10:11 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-17 10:09 17,024 ac------ c:\windows\system32\dllcache\usbohci.sys
2009-03-17 10:08 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-03-17 10:07 10,880 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-03-17 10:06 82,432 ac------ c:\windows\system32\dllcache\rwia450.dll
2009-03-17 10:05 7,552 ac------ c:\windows\system32\dllcache\powerfil.sys
2009-03-17 10:03 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-03-17 10:02 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-03-17 10:01 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-03-17 10:00 154,496 ac------ c:\windows\system32\dllcache\icam4usb.sys
2009-03-17 09:59 322,432 ac------ c:\windows\system32\dllcache\g400m.sys
2009-03-17 09:58 25,159 ac------ c:\windows\system32\dllcache\elnk3.sys
2009-03-17 09:57 3,072 ac------ c:\windows\system32\dllcache\cwbmidi.sys
2009-03-17 09:56 66,594 ac------ c:\windows\system32\dllcache\c_864.nls
2009-03-17 09:55 66,082 ac------ c:\windows\system32\dllcache\c_20277.nls
2009-03-17 09:54 162,850 ac------ c:\windows\system32\dllcache\c_10001.nls
2009-03-17 09:53 104,832 ac------ c:\windows\system32\dllcache\atiraged.dll
2009-03-17 09:52 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-03-17 00:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-17 00:09 <DIR> --d----- c:\program files\Unlocker
2009-03-12 00:36 <DIR> --d----- c:\program files\Boilsoft Video Joiner
2009-03-12 00:00 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACD Systems
2009-03-11 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\common files\ACD Systems
2009-03-11 23:39 <DIR> --d----- c:\program files\ACD Systems
2009-03-11 23:04 <DIR> --d----- c:\windows\PreviewSoft
2009-03-11 23:02 <DIR> --d----- c:\program files\common files\Vbox
2009-03-11 20:10 <DIR> --d----- c:\program files\Blaze Media Pro
2009-03-11 20:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{17A03471-20EB-4604-8E72-66EF7398750D}
2009-03-11 20:00 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-03-09 10:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\The Creative Assembly
2009-03-09 10:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-09 10:09 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-09 10:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-09 10:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-09 10:09 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-09 10:09 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-09 10:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-08 18:51 <DIR> --d----- c:\program files\CureROM
2009-03-06 23:22 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-03-06 20:46 <DIR> --d----- c:\program files\ToniArts
2009-03-06 20:13 <DIR> --d----- c:\program files\Enigma Software Group
2009-03-06 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-06 03:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-06 03:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-03-02 20:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mael
2009-03-02 20:41 <DIR> --d----- c:\program files\HxD
2009-02-28 03:52 <DIR> --d----- c:\program files\HHD Software
2009-02-26 06:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ascentive
2009-02-26 05:50 36,864 a------- c:\windows\system32\ascbalon.dll
2009-02-26 05:50 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-26 05:50 45,056 a------- c:\windows\system32\CreateLog.dll
2009-02-26 05:50 20,480 a------- c:\windows\system32\SysRestore.dll
2009-02-26 05:50 <DIR> --d----- c:\program files\Ascentive
2009-02-26 05:07 <DIR> --d----- c:\program files\Act-3D
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567464218.exe
2009-02-26 05:07 2,825,407 a------- c:\windows\system32\xa567459500.exe

==================== Find3M ====================

2009-03-27 15:25 81,984 a------- c:\windows\system32\bdod.bin
2009-03-24 08:01 278,728 a------- c:\windows\system32\drivers\atksgt.sys
2009-03-24 08:01 25,416 a------- c:\windows\system32\drivers\lirsgt.sys
2009-03-11 21:31 3,532 a------- C:\drmHeader.bin
2009-03-07 12:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-05 22:19 192,512 a------- c:\windows\system32\txmlutil.dll
2009-03-05 22:19 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-03-05 22:19 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-02-26 16:24 163,644 a------- c:\windows\system32\drivers\secdrv.sys
2008-12-02 11:56 31 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2008-11-15 22:02 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2007-04-07 20:12 79,328 a------- c:\documents and settings\administrator\mqdmserd.sys
2007-04-07 20:12 5,936 a------- c:\documents and settings\administrator\mqdmwhnt.sys
2007-04-07 20:12 92,064 a------- c:\documents and settings\administrator\mqdmmdm.sys
2007-04-07 20:12 66,656 a------- c:\documents and settings\administrator\mqdmbus.sys
2007-04-07 20:12 9,232 a------- c:\documents and settings\administrator\mqdmmdfl.sys
2007-04-07 20:12 6,208 a------- c:\documents and settings\administrator\mqdmcmnt.sys
2007-04-07 20:12 4,048 a------- c:\documents and settings\administrator\mqdmcr.sys
2007-04-07 20:12 25,600 a------- c:\documents and settings\administrator\usbsermptxp.sys
2007-04-07 20:12 22,768 a------- c:\documents and settings\administrator\usbsermpt.sys

============= FINISH: 15:43:55.71 ===============

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 27 March 2009 - 03:14 PM

Hello Morphx,

Your logs look better now. :thumbup2:

Are you still having problems ?

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#12 Morphx

Morphx
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Florida
  • Local time:08:39 PM

Posted 27 March 2009 - 04:22 PM

Thank you Thunder for all the help, I sure appreciate it. I think im good now.

#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:39 AM

Posted 27 March 2009 - 06:14 PM

Glad we could help, Morphx :thumbup2:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users