Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with uacinit.dll!


  • This topic is locked This topic is locked
18 replies to this topic

#1 animesaint

animesaint

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 27 July 2009 - 10:36 PM

DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by MyMobile02 at 20:22:30.56 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.640 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MyMobile02\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [mount.exe] c:\program files\gipo@utilities\fileutilities.3\mount.exe /z
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbyam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mymobi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198337010468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: ddcApoOF - ddcApoOF.dll
Notify: efcYSlmm - efcYSlmm.dll
Notify: qoMEVlIa - qoMEVlIa.dll
Notify: xxyvwwwW - xxyvwwwW.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: apiuicmd - {44BF99A1-D96E-D1A8-165F-093B09B4FCA3} - No File
SSODL: MonSetSrv - {08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayxvvSI
LSA: Notification Packages =

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mymobi~1\applic~1\mozilla\firefox\profiles\s8qah0xr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\mymobile02\application data\mozilla\firefox\profiles\s8qah0xr.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
S2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
S2 cbvtyrtz;cbvtyrtz;c:\windows\system32\drivers\fztdvqth.sys [2009-7-27 61440]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev\grand chase\gameguard\dump_wmimmc.sys --> c:\ntreev\grand chase\gameguard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva020;XDva020;\??\c:\windows\system32\xdva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva064;XDva064;\??\c:\windows\system32\xdva064.sys --> c:\windows\system32\XDva064.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]

=============== Created Last 30 ================

2009-07-27 20:16 61,440 a------- c:\windows\system32\drivers\fztdvqth.sys
2009-07-27 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\10279684
2009-07-18 12:23 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-07-14 02:34 <DIR> --d----- c:\docume~1\mymobi~1\applic~1\Auslogics
2009-07-14 02:33 <DIR> --d----- c:\program files\AusLogics Disk Defrag
2009-07-13 20:30 <DIR> --d----- c:\docume~1\mymobi~1\applic~1\ZoomBrowser EX
2009-07-11 18:59 <DIR> --d----- c:\program files\OGPlanet
2009-07-08 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-07-08 20:20 <DIR> --d----- c:\program files\Canon
2009-07-08 20:19 <DIR> --d----- c:\program files\common files\Canon
2009-07-05 15:48 <DIR> --d----- c:\docume~1\mymobi~1\applic~1\Windows Search
2009-07-05 15:18 <DIR> --d----- C:\Games
2009-07-05 13:45 <DIR> --d----- c:\documents and settings\mymobile02\Tracing
2009-07-05 13:40 <DIR> --d----- c:\program files\Microsoft
2009-07-05 13:39 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-05 13:34 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-05 13:33 <DIR> --d----- c:\docume~1\mymobi~1\applic~1\Windows Desktop Search
2009-07-05 13:33 <DIR> --d----- c:\program files\Windows Desktop Search
2009-07-05 13:33 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-07-05 13:32 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2009-07-05 13:32 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-07-05 13:32 192,000 -------- c:\windows\system32\dllcache\offfilt.dll

==================== Find3M ====================

2009-07-25 01:24 81,984 a------- c:\windows\system32\bdod.bin
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-21 08:46 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 457,248 a------- c:\windows\system32\nvudisp.exe
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 03:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 14:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 14:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 04:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2007-06-12 05:22 0 a---h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2008-06-29 08:43 710,498 a--sh--- c:\windows\system32\ISvvxyay.ini2
2008-10-09 15:30 49,152 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080929\index.dat
2008-10-09 15:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100920081010\index.dat

============= FINISH: 20:23:45.46 ===============


Also Found 56 infections of trojen.TDSServ by Spyware Doctor.
Ouch!



Recent MBAM log below


Malwarebytes' Anti-Malware 1.39
Database version: 2513
Windows 5.1.2600 Service Pack 3

7/27/2009 8:16:53 PM
mbam-log-2009-07-27 (20-16-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 206609
Time elapsed: 28 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Attached Files


Edited by animesaint, 28 July 2009 - 12:29 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 28 July 2009 - 04:18 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 July 2009 - 04:23 PM

Quick Update, nothing unusual.
Starting scan now.
Appreciate the reply.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 28 July 2009 - 04:35 PM

Ok :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 28 July 2009 - 05:01 PM

Some unusual things happened such as:


The internet being on when ComboFix tried to download the Recovery Console. This makes it so that the Recovery Console not there during the scanning process. (Although I checked to see if that was right by going back to this forum and was successful)


Couple of "C\WINDOWS\system32\drivers(.sys, .dll, .dat, .db)"


The first time I used CF it rebooted, then went through the process, i waited for 10+minutes, assumed that it rebooted again because MSN mess, and AOL mess were on when i took them off.

Also a "writing of with data something" FAILED twice, the same file/data.

That is all, and now the log.txt.


ComboFix 09-07-28.01 - MyMobile02 07/28/2009 14:33.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.610 [GMT -7:00]
Running from: c:\documents and settings\MyMobile02\Desktop\Combo-Fix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\PRE45
c:\windows\Installer\1043c3d4.msp
c:\windows\Installer\1043c3d9.msp
c:\windows\Installer\10601b23.msp
c:\windows\Installer\10601b28.msp
c:\windows\Installer\10601b2d.msp
c:\windows\Installer\10601b32.msp
c:\windows\Installer\10e5ed8.msp
c:\windows\Installer\10e5edd.msp
c:\windows\Installer\10e5ee2.msp
c:\windows\Installer\10f963d0.msp
c:\windows\Installer\10f963d5.msp
c:\windows\Installer\10f963da.msp
c:\windows\Installer\10f963df.msp
c:\windows\Installer\11054d9a.msp
c:\windows\Installer\11054d9e.msp
c:\windows\Installer\11054da3.msp
c:\windows\Installer\11054da8.msp
c:\windows\Installer\11054dad.msp
c:\windows\Installer\11264944.msp
c:\windows\Installer\11264949.msp
c:\windows\Installer\1126494e.msp
c:\windows\Installer\121c20f0.msp
c:\windows\Installer\121c20f5.msp
c:\windows\Installer\123e269.msp
c:\windows\Installer\123e26e.msp
c:\windows\Installer\1315e389.msp
c:\windows\Installer\1315e38e.msp
c:\windows\Installer\1315e393.msp
c:\windows\Installer\1315e398.msp
c:\windows\Installer\1349a29b.msp
c:\windows\Installer\1349a2a0.msp
c:\windows\Installer\1349a2a5.msp
c:\windows\Installer\138989bc.msp
c:\windows\Installer\138989c1.msp
c:\windows\Installer\138989c6.msp
c:\windows\Installer\156a24c5.msp
c:\windows\Installer\156a24ca.msp
c:\windows\Installer\1586a16f.msp
c:\windows\Installer\1586a174.msp
c:\windows\Installer\1586a179.msp
c:\windows\Installer\1586a17e.msp
c:\windows\Installer\15c48231.msp
c:\windows\Installer\161fb467.msp
c:\windows\Installer\161fb46c.msp
c:\windows\Installer\161fb471.msp
c:\windows\Installer\162b8eee.msp
c:\windows\Installer\162b8ef2.msp
c:\windows\Installer\162b8ef7.msp
c:\windows\Installer\162b8efc.msp
c:\windows\Installer\162b8f01.msp
c:\windows\Installer\164cb0be.msp
c:\windows\Installer\164cb0c3.msp
c:\windows\Installer\164cb0c8.msp
c:\windows\Installer\167e3c6.msp
c:\windows\Installer\167e3cb.msp
c:\windows\Installer\174368f.msp
c:\windows\Installer\1743693.msp
c:\windows\Installer\1743698.msp
c:\windows\Installer\174369d.msp
c:\windows\Installer\17436a2.msp
c:\windows\Installer\1814d73.msp
c:\windows\Installer\1814d78.msp
c:\windows\Installer\1866410.msp
c:\windows\Installer\1866414.msp
c:\windows\Installer\1866419.msp
c:\windows\Installer\186641e.msp
c:\windows\Installer\1866423.msp
c:\windows\Installer\186fe239.msp
c:\windows\Installer\186fe23e.msp
c:\windows\Installer\186fe243.msp
c:\windows\Installer\18ecbac.msp
c:\windows\Installer\18ecbb1.msp
c:\windows\Installer\191fadc.msp
c:\windows\Installer\191fae0.msp
c:\windows\Installer\191fae5.msp
c:\windows\Installer\191faea.msp
c:\windows\Installer\191faef.msp
c:\windows\Installer\19b08a9a.msp
c:\windows\Installer\19b08a9f.msp
c:\windows\Installer\19b08aa4.msp
c:\windows\Installer\1a909111.msp
c:\windows\Installer\1a909116.msp
c:\windows\Installer\1aaceed9.msp
c:\windows\Installer\1aaceede.msp
c:\windows\Installer\1aaceee3.msp
c:\windows\Installer\1aaceee8.msp
c:\windows\Installer\1b30d3a.msp
c:\windows\Installer\1b30d3f.msp
c:\windows\Installer\1b30d44.msp
c:\windows\Installer\1b4624f4.msp
c:\windows\Installer\1b4624f9.msp
c:\windows\Installer\1b4624fe.msp
c:\windows\Installer\1b51d8dd.msp
c:\windows\Installer\1b51d8e1.msp
c:\windows\Installer\1b51d8e6.msp
c:\windows\Installer\1b51d8eb.msp
c:\windows\Installer\1b51d8f0.msp
c:\windows\Installer\1b72e262.msp
c:\windows\Installer\1b72e267.msp
c:\windows\Installer\1b72e26c.msp
c:\windows\Installer\1bb99f1.msi
c:\windows\Installer\1bc72ee.msp
c:\windows\Installer\1bc72f3.msp
c:\windows\Installer\1d9648c8.msp
c:\windows\Installer\1d9648cd.msp
c:\windows\Installer\1d9648d2.msp
c:\windows\Installer\1f36d45.msp
c:\windows\Installer\1f36d4a.msp
c:\windows\Installer\1f901.msp
c:\windows\Installer\1f906.msp
c:\windows\Installer\1f90b.msp
c:\windows\Installer\1fb73d44.msp
c:\windows\Installer\1fb73d49.msp
c:\windows\Installer\1fd3328e.msp
c:\windows\Installer\1fd33293.msp
c:\windows\Installer\1fd33298.msp
c:\windows\Installer\1fd3329d.msp
c:\windows\Installer\206c7442.msp
c:\windows\Installer\206c7447.msp
c:\windows\Installer\206c744c.msp
c:\windows\Installer\20785064.msp
c:\windows\Installer\20785068.msp
c:\windows\Installer\2078506d.msp
c:\windows\Installer\20785072.msp
c:\windows\Installer\20785077.msp
c:\windows\Installer\209976e7.msp
c:\windows\Installer\209976ec.msp
c:\windows\Installer\209976f1.msp
c:\windows\Installer\2134499b.msp
c:\windows\Installer\213449a0.msp
c:\windows\Installer\213449a5.msp
c:\windows\Installer\213449aa.msp
c:\windows\Installer\22bca584.msp
c:\windows\Installer\22bca589.msp
c:\windows\Installer\22bca58e.msp
c:\windows\Installer\23741182.msp
c:\windows\Installer\24608.msp
c:\windows\Installer\2460d.msp
c:\windows\Installer\24612.msp
c:\windows\Installer\24f99370.msp
c:\windows\Installer\24f99375.msp
c:\windows\Installer\24f9937a.msp
c:\windows\Installer\24f9937f.msp
c:\windows\Installer\2592f3b8.msp
c:\windows\Installer\2592f3bd.msp
c:\windows\Installer\2592f3c2.msp
c:\windows\Installer\259eb7fd.msp
c:\windows\Installer\259eb801.msp
c:\windows\Installer\259eb806.msp
c:\windows\Installer\259eb80b.msp
c:\windows\Installer\259eb810.msp
c:\windows\Installer\25bfe035.msp
c:\windows\Installer\25bfe03a.msp
c:\windows\Installer\25bfe03f.msp
c:\windows\Installer\26b6b4a.msp
c:\windows\Installer\26b6b4f.msp
c:\windows\Installer\27e3224b.msp
c:\windows\Installer\27e32250.msp
c:\windows\Installer\27e32255.msp
c:\windows\Installer\2a1fe7fe.msp
c:\windows\Installer\2a1fe803.msp
c:\windows\Installer\2a1fe808.msp
c:\windows\Installer\2a1fe80d.msp
c:\windows\Installer\2a91925.msp
c:\windows\Installer\2a9192a.msp
c:\windows\Installer\2ab931d0.msp
c:\windows\Installer\2ab931d5.msp
c:\windows\Installer\2ab931da.msp
c:\windows\Installer\2ac52a73.msp
c:\windows\Installer\2ac52a77.msp
c:\windows\Installer\2ac52a7c.msp
c:\windows\Installer\2ac52a81.msp
c:\windows\Installer\2ac52a86.msp
c:\windows\Installer\2ae67a57.msp
c:\windows\Installer\2ae67a5c.msp
c:\windows\Installer\2ae67a61.msp
c:\windows\Installer\2e5c6f07.msp
c:\windows\Installer\2e5c6f0b.msp
c:\windows\Installer\2e5c6f10.msp
c:\windows\Installer\2e5c6f15.msp
c:\windows\Installer\2e5c6f1a.msp
c:\windows\Installer\2e95849.msp
c:\windows\Installer\2e9584d.msp
c:\windows\Installer\2e95852.msp
c:\windows\Installer\2e95857.msp
c:\windows\Installer\2e9585c.msp
c:\windows\Installer\2f46686e.msp
c:\windows\Installer\2f466873.msp
c:\windows\Installer\2f466878.msp
c:\windows\Installer\2f46687d.msp
c:\windows\Installer\2fdfa04e.msp
c:\windows\Installer\2fdfa053.msp
c:\windows\Installer\2fdfa058.msp
c:\windows\Installer\300ca739.msp
c:\windows\Installer\300ca73e.msp
c:\windows\Installer\300ca743.msp
c:\windows\Installer\315bab72.msp
c:\windows\Installer\315bab77.msp
c:\windows\Installer\333ce7b.msp
c:\windows\Installer\333ce80.msp
c:\windows\Installer\346cc827.msp
c:\windows\Installer\346cc82c.msp
c:\windows\Installer\346cc831.msp
c:\windows\Installer\346cc836.msp
c:\windows\Installer\348e818.msp
c:\windows\Installer\348e825.msp
c:\windows\Installer\348e82a.msp
c:\windows\Installer\348e82f.msp
c:\windows\Installer\348e834.msp
c:\windows\Installer\35060094.msp
c:\windows\Installer\35060099.msp
c:\windows\Installer\3506009e.msp
c:\windows\Installer\3532e551.msp
c:\windows\Installer\3532e556.msp
c:\windows\Installer\3532e55b.msp
c:\windows\Installer\399319a7.msp
c:\windows\Installer\399319ac.msp
c:\windows\Installer\399319b1.msp
c:\windows\Installer\399319b6.msp
c:\windows\Installer\3a2c5e2a.msp
c:\windows\Installer\3a2c5e2f.msp
c:\windows\Installer\3a2c5e34.msp
c:\windows\Installer\3a2cebe.msp
c:\windows\Installer\3a2cec5.msp
c:\windows\Installer\3a2ceca.msp
c:\windows\Installer\3a2cecf.msp
c:\windows\Installer\3a2ced4.msp
c:\windows\Installer\3a30b69.msp
c:\windows\Installer\3a30b6d.msp
c:\windows\Installer\3a30b72.msp
c:\windows\Installer\3a30b77.msp
c:\windows\Installer\3a30b7c.msp
c:\windows\Installer\3a5932da.msp
c:\windows\Installer\3a5932df.msp
c:\windows\Installer\3a5932e4.msp
c:\windows\Installer\3d69542.msp
c:\windows\Installer\3d69547.msp
c:\windows\Installer\3d6954c.msp
c:\windows\Installer\3eb9892f.msp
c:\windows\Installer\3eb98934.msp
c:\windows\Installer\3eb98939.msp
c:\windows\Installer\3eb9893e.msp
c:\windows\Installer\3f529ea3.msp
c:\windows\Installer\3f529ea8.msp
c:\windows\Installer\3f529ead.msp
c:\windows\Installer\3f7faeb6.msp
c:\windows\Installer\3f7faebb.msp
c:\windows\Installer\3f7faec0.msp
c:\windows\Installer\3fcbcc6.msp
c:\windows\Installer\3fcbccb.msp
c:\windows\Installer\3fcbcd0.msp
c:\windows\Installer\416566d.msp
c:\windows\Installer\4165672.msp
c:\windows\Installer\4165677.msp
c:\windows\Installer\43e00450.msp
c:\windows\Installer\43e00455.msp
c:\windows\Installer\43e0045a.msp
c:\windows\Installer\43e0045f.msp
c:\windows\Installer\44791c83.msp
c:\windows\Installer\44791c88.msp
c:\windows\Installer\44791c8d.msp
c:\windows\Installer\49063e90.msp
c:\windows\Installer\49063e95.msp
c:\windows\Installer\49063e9a.msp
c:\windows\Installer\49063e9f.msp
c:\windows\Installer\499f7269.msp
c:\windows\Installer\499f726e.msp
c:\windows\Installer\499f7273.msp
c:\windows\Installer\4e2cb163.msp
c:\windows\Installer\4e2cb168.msp
c:\windows\Installer\4e2cb16d.msp
c:\windows\Installer\4e2cb172.msp
c:\windows\Installer\4ec5c0dc.msp
c:\windows\Installer\4ec5c0e1.msp
c:\windows\Installer\51af4fe.msp
c:\windows\Installer\51af503.msp
c:\windows\Installer\51e3cd6.msp
c:\windows\Installer\51e3cdb.msp
c:\windows\Installer\51e3ce0.msp
c:\windows\Installer\51e3ce5.msp
c:\windows\Installer\51f54af.msp
c:\windows\Installer\51f54b4.msp
c:\windows\Installer\529ea2.msp
c:\windows\Installer\529ea7.msp
c:\windows\Installer\53530082.msp
c:\windows\Installer\53530087.msp
c:\windows\Installer\5353008c.msp
c:\windows\Installer\53530091.msp
c:\windows\Installer\53ece210.msp
c:\windows\Installer\53ece215.msp
c:\windows\Installer\53ece21a.msp
c:\windows\Installer\5418aec.msp
c:\windows\Installer\5418af1.msp
c:\windows\Installer\54c4f9e.msp
c:\windows\Installer\58795762.msp
c:\windows\Installer\58795767.msp
c:\windows\Installer\5879576c.msp
c:\windows\Installer\58795771.msp
c:\windows\Installer\5d8a4af.msp
c:\windows\Installer\5d8a4b6.msp
c:\windows\Installer\5d8a4bb.msp
c:\windows\Installer\5d8a4c0.msp
c:\windows\Installer\5d8a4c5.msp
c:\windows\Installer\5d9fc8a4.msp
c:\windows\Installer\5d9fc8a9.msp
c:\windows\Installer\5d9fc8be.msp
c:\windows\Installer\5d9fc8c4.msp
c:\windows\Installer\5d9fc8d1.msp
c:\windows\Installer\5d9fc8d6.msp
c:\windows\Installer\5f71a0c.msp
c:\windows\Installer\5f71a11.msp
c:\windows\Installer\6135aa7.msp
c:\windows\Installer\6135aac.msp
c:\windows\Installer\6135ab1.msp
c:\windows\Installer\6135ab6.msp
c:\windows\Installer\62c62859.msp
c:\windows\Installer\62c6285e.msp
c:\windows\Installer\62c62862.msp
c:\windows\Installer\62c62867.msp
c:\windows\Installer\62c6286c.msp
c:\windows\Installer\634b9af.msp
c:\windows\Installer\67ec7c3a.msp
c:\windows\Installer\67ec7c3f.msp
c:\windows\Installer\67ec7c43.msp
c:\windows\Installer\67ec7c49.msp
c:\windows\Installer\67ec7c4e.msp
c:\windows\Installer\67ec7c53.msp
c:\windows\Installer\68e4832.msp
c:\windows\Installer\68e4837.msp
c:\windows\Installer\6a7b79c.msp
c:\windows\Installer\6a7b7a1.msp
c:\windows\Installer\6acdc43.msp
c:\windows\Installer\6acdc47.msp
c:\windows\Installer\6acdc4c.msp
c:\windows\Installer\6acdc51.msp
c:\windows\Installer\6acdc56.msp
c:\windows\Installer\6b53374.msp
c:\windows\Installer\6b53379.msp
c:\windows\Installer\6b885cb.msp
c:\windows\Installer\6b885cf.msp
c:\windows\Installer\6b885d4.msp
c:\windows\Installer\6b885d9.msp
c:\windows\Installer\6b885de.msp
c:\windows\Installer\6d12f056.msp
c:\windows\Installer\6d12f05b.msp
c:\windows\Installer\6d12f05f.msp
c:\windows\Installer\6d12f065.msp
c:\windows\Installer\6d12f06a.msp
c:\windows\Installer\6d12f06f.msp
c:\windows\Installer\6d97aaf.msp
c:\windows\Installer\6d97ab4.msp
c:\windows\Installer\6d97ab9.msp
c:\windows\Installer\719cf60.msp
c:\windows\Installer\719cf65.msp
c:\windows\Installer\723960f8.msp
c:\windows\Installer\723960fd.msp
c:\windows\Installer\72396101.msp
c:\windows\Installer\72396107.msp
c:\windows\Installer\7239610c.msp
c:\windows\Installer\72396111.msp
c:\windows\Installer\775fb8a2.msp
c:\windows\Installer\775fb8a7.msp
c:\windows\Installer\775fb8ab.msp
c:\windows\Installer\775fb8b1.msp
c:\windows\Installer\775fb8b6.msp
c:\windows\Installer\775fb8bb.msp
c:\windows\Installer\791c18d.msp
c:\windows\Installer\791c192.msp
c:\windows\Installer\7c862404.msp
c:\windows\Installer\7c862409.msp
c:\windows\Installer\7c86240d.msp
c:\windows\Installer\7c862413.msp
c:\windows\Installer\7c862418.msp
c:\windows\Installer\7c86241d.msp
c:\windows\Installer\7cf7c97.msp
c:\windows\Installer\7cf7c9c.msp
c:\windows\Installer\823cc5.msp
c:\windows\Installer\823cca.msp
c:\windows\Installer\823ccf.msp
c:\windows\Installer\85a105c.msp
c:\windows\Installer\85a1061.msp
c:\windows\Installer\8c92f04.msp
c:\windows\Installer\8c92f0b.msp
c:\windows\Installer\8c92f10.msp
c:\windows\Installer\8c92f15.msp
c:\windows\Installer\8c92f1a.msp
c:\windows\Installer\8fce452.msp
c:\windows\Installer\8fce457.msp
c:\windows\Installer\8fce45c.msp
c:\windows\Installer\922dfb5.msp
c:\windows\Installer\922dfba.msp
c:\windows\Installer\922dfbf.msp
c:\windows\Installer\93cdae4.msp
c:\windows\Installer\93cdae9.msp
c:\windows\Installer\93cdaee.msp
c:\windows\Installer\9473e.msp
c:\windows\Installer\94742.msp
c:\windows\Installer\94747.msp
c:\windows\Installer\9474c.msp
c:\windows\Installer\94751.msp
c:\windows\Installer\96dabb8.msp
c:\windows\Installer\96dabbd.msp
c:\windows\Installer\a414584.msp
c:\windows\Installer\a414589.msp
c:\windows\Installer\a448f41.msp
c:\windows\Installer\a448f46.msp
c:\windows\Installer\a448f4b.msp
c:\windows\Installer\a448f50.msp
c:\windows\Installer\aff095a.msp
c:\windows\Installer\aff0961.msp
c:\windows\Installer\aff0966.msp
c:\windows\Installer\aff096b.msp
c:\windows\Installer\aff0970.msp
c:\windows\Installer\b1d7fef.msp
c:\windows\Installer\b1d7ff4.msp
c:\windows\Installer\b25021.msp
c:\windows\Installer\b25028.msp
c:\windows\Installer\b2502d.msp
c:\windows\Installer\b25032.msp
c:\windows\Installer\b25037.msp
c:\windows\Installer\b39b7e0.msp
c:\windows\Installer\b39b7e5.msp
c:\windows\Installer\b39b7ea.msp
c:\windows\Installer\b39b7ef.msp
c:\windows\Installer\b5b698b.msp
c:\windows\Installer\b5b6992.msp
c:\windows\Installer\b5b6997.msp
c:\windows\Installer\b5b699c.msp
c:\windows\Installer\b5b69a1.msp
c:\windows\Installer\bb4885d.msp
c:\windows\Installer\bb48862.msp
c:\windows\Installer\bd30c41.msp
c:\windows\Installer\bd30c45.msp
c:\windows\Installer\bd30c4a.msp
c:\windows\Installer\bd30c4f.msp
c:\windows\Installer\bd30c54.msp
c:\windows\Installer\bdec77d.msp
c:\windows\Installer\bdec781.msp
c:\windows\Installer\bdec786.msp
c:\windows\Installer\bdec78b.msp
c:\windows\Installer\bdec790.msp
c:\windows\Installer\bffffc3.msp
c:\windows\Installer\bffffc8.msp
c:\windows\Installer\bffffcd.msp
c:\windows\Installer\cb3bd30.msp
c:\windows\Installer\cb84994.msp
c:\windows\Installer\cb84999.msp
c:\windows\Installer\cb8499e.msp
c:\windows\Installer\cf5bb7a.msp
c:\windows\Installer\cf5bb7f.msp
c:\windows\Installer\d0be0c.msp
c:\windows\Installer\d0be11.msp
c:\windows\Installer\def77ca.msp
c:\windows\Installer\def77d1.msp
c:\windows\Installer\def77d6.msp
c:\windows\Installer\def77db.msp
c:\windows\Installer\def77e0.msp
c:\windows\Installer\e2343fb.msp
c:\windows\Installer\e234400.msp
c:\windows\Installer\e234405.msp
c:\windows\Installer\e6334f0.msp
c:\windows\Installer\e6334f5.msp
c:\windows\Installer\e6334fa.msp
c:\windows\Installer\ed18b7.msp
c:\windows\Installer\ed18bc.msp
c:\windows\Installer\ed18c1.msp
c:\windows\Installer\ed18c6.msp
c:\windows\Installer\fb656.msp
c:\windows\Installer\fb65e.msp
c:\windows\Installer\fb684.msp
c:\windows\system32\dpccojvc.ini
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\drivers\UACotewlrpjbe.sys
c:\windows\system32\ISvvxyay.ini
c:\windows\system32\ISvvxyay.ini2
c:\windows\system32\mvbylmhk.ini
c:\windows\system32\sX3i19
c:\windows\system32\UACappqosupdj.dat
c:\windows\system32\UACcklqwmeocr.dll
c:\windows\system32\UACcojbitqgxm.dll
c:\windows\system32\UACdsmwmnphhm.db
c:\windows\system32\UAChhdlvmynix.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnxdoykevka.dll
c:\windows\system32\UACyvxmlfabyg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 05:07 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-28 05:07 . 2009-04-03 17:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-28 05:07 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-28 05:07 . 2009-07-28 05:08 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-28 05:07 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-28 05:07 . 2009-07-28 16:13 -------- d-----w- c:\program files\Spyware Doctor
2009-07-28 05:07 . 2009-07-28 05:07 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\PC Tools
2009-07-28 05:07 . 2009-07-28 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-07-27 18:07 . 2009-07-27 18:07 -------- d-----w- c:\program files\ERUNT
2009-07-27 17:33 . 2009-07-27 17:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\10279684
2009-07-27 17:32 . 2009-07-27 17:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-20 23:09 . 2009-07-21 15:09 -------- d-----w- c:\program files\NOS
2009-07-20 23:09 . 2009-07-21 15:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-18 19:23 . 2009-07-18 19:23 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-07-14 09:34 . 2009-07-14 09:34 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Auslogics
2009-07-14 09:33 . 2009-07-14 09:33 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\ZoomBrowser EX
2009-07-12 01:59 . 2009-07-12 01:59 -------- d-----w- c:\program files\OGPlanet
2009-07-09 03:21 . 2009-07-09 03:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-07-09 03:20 . 2009-07-09 03:21 -------- d-----w- c:\program files\Canon
2009-07-09 03:19 . 2009-07-09 03:19 -------- d-----w- c:\program files\Common Files\Canon
2009-07-05 22:48 . 2009-07-05 22:48 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Windows Search
2009-07-05 22:18 . 2009-07-05 22:18 -------- d-----w- C:\Games
2009-07-05 20:45 . 2009-07-28 21:48 -------- d-----w- c:\documents and settings\MyMobile02\Tracing
2009-07-05 20:40 . 2009-07-05 20:41 -------- d-----w- c:\program files\Microsoft
2009-07-05 20:39 . 2009-07-05 20:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 20:39 . 2009-07-05 20:41 -------- d-----w- c:\program files\Windows Live
2009-07-05 20:34 . 2009-07-05 20:34 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-05 20:34 . 2009-07-05 20:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-05 20:33 . 2009-07-05 20:33 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Windows Desktop Search
2009-07-05 20:33 . 2009-07-11 08:59 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-05 20:33 . 2009-07-05 20:33 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-05 20:32 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-05 20:32 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-05 20:32 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-01 22:01 . 2009-07-01 22:01 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Media Player Classic
2009-07-01 21:24 . 2009-07-01 21:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 21:22 . 2008-05-22 04:26 -------- d-----w- c:\program files\BitComet
2009-07-28 17:10 . 2009-02-17 02:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-28 17:08 . 2008-06-22 08:13 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-28 05:03 . 2008-10-09 18:51 -------- d-----w- c:\program files\SpywareBlaster
2009-07-28 03:27 . 2008-10-09 01:17 54907 ----a-w- C:\MGlogs.zip
2009-07-27 20:33 . 2008-06-22 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 16:41 . 2007-10-13 15:56 -------- d-----w- c:\program files\Warcraft III
2009-07-25 08:24 . 2009-06-12 07:47 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-20 17:01 . 2007-06-12 12:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 16:59 . 2009-06-12 03:59 -------- d-----w- c:\program files\Sword of The New World
2009-07-13 20:36 . 2008-09-25 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-06-22 21:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 22:15 . 2007-07-13 03:55 -------- d-----w- c:\program files\AIM
2009-07-07 21:11 . 2007-08-06 19:37 -------- d-----w- c:\program files\Steam
2009-07-05 20:45 . 2007-06-14 01:44 77408 ----a-w- c:\documents and settings\MyMobile02\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 20:40 . 2007-08-22 04:06 -------- d-----w- c:\program files\MSN Messenger
2009-07-01 21:25 . 2007-06-12 12:27 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 15:46 . 2008-02-04 04:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 07:10 . 2009-06-04 16:10 -------- d-----w- c:\program files\2029
2009-06-12 16:58 . 2009-06-12 16:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BitDefender
2009-06-12 16:41 . 2009-06-12 16:41 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\BitDefender
2009-06-12 16:40 . 2009-06-08 14:45 -------- d-----w- c:\program files\BitDefender
2009-06-12 16:40 . 2009-06-12 16:38 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-12 07:30 . 2008-09-28 05:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-06-12 06:54 . 2008-04-20 18:31 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\SystemRequirementsLab
2009-06-12 06:53 . 2008-02-04 04:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-11 15:17 . 2009-06-11 15:17 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\2K Sports
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2007-12-05 07:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2007-06-12 12:07 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 13:03 . 2007-06-12 12:04 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2007-06-12 12:04 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2007-06-12 12:04 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2007-06-12 12:04 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2004-08-11 22:08 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2004-08-11 22:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 06:40 . 2009-05-30 14:22 -------- d-----w- c:\program files\Electronic Arts
2009-06-07 07:21 . 2009-06-03 05:06 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 05:11 . 2009-06-03 05:11 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Stardock
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Stardock
2009-06-01 02:59 . 2009-06-01 02:59 -------- d-----w- c:\program files\Microsoft WSE
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 22:12 . 2007-06-12 12:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-11 22:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-13 04:30 . 2008-06-18 05:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 23:08 . 2009-06-12 18:26 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-06-22 2624824]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AIM"="c:\program files\AIM\aim.exe" [2005-07-21 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\MyMobile02\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\WinZip\\WINZIP32.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\SteamApps\\animesaint@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:frozen throne
"12472:TCP"= 12472:TCP:BitCometLite 12472 TCP
"12472:UDP"= 12472:UDP:BitCometLite 12472 UDP
"12028:TCP"= 12028:TCP:BitComet 12028 TCP
"12028:UDP"= 12028:UDP:BitComet 12028 UDP
"7808:TCP"= 7808:TCP:FS
"7808:UDP"= 7808:UDP:FS
"18768:TCP"= 18768:TCP:opera bitorrent
"18768:UDP"= 18768:UDP:opera bittorrent

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/27/2009 10:07 PM 130936]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 4:16 PM 82696]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 10:09 AM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 2:52 PM 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 5:16 PM 172032]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev\Grand Chase\GameGuard\dump_wmimmc.sys --> c:\ntreev\Grand Chase\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/27/2009 10:07 PM 348752]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva064;XDva064;\??\c:\windows\system32\XDva064.sys --> c:\windows\system32\XDva064.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
.
- - - - ORPHANS REMOVED - - - -

SSODL-MonSetSrv-{08AA84D9-CBF4-F2DD-3E1A-01F02C470590} - (no file)
Notify-ddcApoOF - ddcApoOF.dll
Notify-efcYSlmm - efcYSlmm.dll
Notify-khfdEWnk - (no file)
Notify-qoMEVlIa - qoMEVlIa.dll
Notify-xxyvwwwW - xxyvwwwW.dll


.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\docume~1\MYMOBI~1\APPLIC~1\Mozilla\Firefox\Profiles\s8qah0xr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\MyMobile02\Application Data\Mozilla\Firefox\Profiles\s8qah0xr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithProgids]
"?mkv_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,ed,35,9f,02,ed,a4,c7,98,71,5a,35,14,8a,9e,3a,d9,8b,8a,b6,f3,d9,0a,
fa,b1,6d,26,af,3d,6a,31,cd,10,b7,8d,e9,08,34,c4,b5,30,16,4c,29,a7,17,bf,3a,\
"??"=hex:e4,5e,97,26,36,79,4b,35,c9,c9,83,54,52,bb,45,85

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="FjN/AyMaXJMWZJ6KvM2zapY7eo0zbkIGGJiUi3fdw8++/JofAKWHMQ=="
"PLCK"="rUJbJsp7V57zHmONr5DUuCC1ogXDmMlY"
"Percents"="0 0.0877 0.2356 0.4232 0.6247 0.8798 0.8863 "
"Increment"=".003472"
"PHSH"=""

[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play]
@="Play with VLC"

[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play\command]
@="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe --started-from-file \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\searchindexer.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-07-28 14:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 21:56

Pre-Run: 48,861,220,864 bytes free
Post-Run: 48,771,264,512 bytes free

803 --- E O F --- 2009-07-25 08:24



A list of the noted rootkits I guess: (NOTE: I used asterisks and quotations to shorthand the repeats!)

"C:\WINDOWS\system32/drivers\"TDSSERV.sys
" " UACotewrlrpjbe.sys

*C:\WINDOWS\system32\UAC*nxdoykevka.dll
* * yvxmlfabyg.dll
* * appqosupdj.dat
* * dsmwmnphhm.db
* * cklqwmeocr.dll
* * cojbitqgxm.dll
* * hhdlvmynix.dll

Edited by animesaint, 28 July 2009 - 05:07 PM.


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 29 July 2009 - 01:30 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

DirLook::
c:\program files\2029

RegLock::
[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithProgids]
[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play]
[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play\command]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 July 2009 - 04:08 AM

Okay I am going to proceed, but let me tell you this. I forgot to turn off auto-scan that goes off at midnight, and it found and deleted 5 things (Bitdefender). I have the log, but I am going to continue as planned. Sorry if this causes major problems with this recent instructions you have gave me.
Also, there is this thing during the bootup at the desktop. There is the desktop then suddenly a black screen and then back to the desktop. Symptoms?



Now The Combofix.txt
ComboFix 09-07-28.01 - MyMobile02 07/29/2009 2:17.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.475 [GMT -7:00]
Running from: c:\documents and settings\MyMobile02\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\MyMobile02\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe"
.

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-28 05:07 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-28 05:07 . 2009-04-03 17:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-28 05:07 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-28 05:07 . 2009-07-28 05:08 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-28 05:07 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-28 05:07 . 2009-07-28 16:13 -------- d-----w- c:\program files\Spyware Doctor
2009-07-28 05:07 . 2009-07-28 05:07 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\PC Tools
2009-07-28 05:07 . 2009-07-28 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-07-27 18:07 . 2009-07-27 18:07 -------- d-----w- c:\program files\ERUNT
2009-07-27 17:33 . 2009-07-27 17:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\10279684
2009-07-27 17:32 . 2009-07-27 17:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-20 23:09 . 2009-07-21 15:09 -------- d-----w- c:\program files\NOS
2009-07-20 23:09 . 2009-07-21 15:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-18 19:23 . 2009-07-18 19:23 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-07-14 09:34 . 2009-07-14 09:34 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Auslogics
2009-07-14 09:33 . 2009-07-14 09:33 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-07-14 03:30 . 2009-07-14 03:30 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\ZoomBrowser EX
2009-07-12 01:59 . 2009-07-12 01:59 -------- d-----w- c:\program files\OGPlanet
2009-07-09 03:21 . 2009-07-09 03:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-07-09 03:20 . 2009-07-09 03:21 -------- d-----w- c:\program files\Canon
2009-07-09 03:19 . 2009-07-09 03:19 -------- d-----w- c:\program files\Common Files\Canon
2009-07-05 22:48 . 2009-07-05 22:48 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Windows Search
2009-07-05 22:18 . 2009-07-05 22:18 -------- d-----w- C:\Games
2009-07-05 20:45 . 2009-07-29 09:24 -------- d-----w- c:\documents and settings\MyMobile02\Tracing
2009-07-05 20:40 . 2009-07-05 20:41 -------- d-----w- c:\program files\Microsoft
2009-07-05 20:39 . 2009-07-05 20:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 20:39 . 2009-07-05 20:41 -------- d-----w- c:\program files\Windows Live
2009-07-05 20:34 . 2009-07-05 20:34 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-05 20:34 . 2009-07-05 20:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-05 20:33 . 2009-07-05 20:33 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Windows Desktop Search
2009-07-05 20:33 . 2009-07-11 08:59 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-05 20:33 . 2009-07-05 20:33 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-05 20:32 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-05 20:32 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-05 20:32 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-01 22:01 . 2009-07-01 22:01 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Media Player Classic
2009-07-01 21:24 . 2009-07-01 21:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 09:25 . 2008-05-22 04:26 -------- d-----w- c:\program files\BitComet
2009-07-29 09:04 . 2007-10-13 15:56 -------- d-----w- c:\program files\Warcraft III
2009-07-28 17:10 . 2009-02-17 02:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-28 17:08 . 2008-06-22 08:13 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-28 05:03 . 2008-10-09 18:51 -------- d-----w- c:\program files\SpywareBlaster
2009-07-28 03:27 . 2008-10-09 01:17 54907 ----a-w- C:\MGlogs.zip
2009-07-27 20:33 . 2008-06-22 21:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 08:24 . 2009-06-12 07:47 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-20 17:01 . 2007-06-12 12:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 16:59 . 2009-06-12 03:59 -------- d-----w- c:\program files\Sword of The New World
2009-07-13 20:36 . 2008-09-25 03:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-06-22 21:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 22:15 . 2007-07-13 03:55 -------- d-----w- c:\program files\AIM
2009-07-07 21:11 . 2007-08-06 19:37 -------- d-----w- c:\program files\Steam
2009-07-05 20:45 . 2007-06-14 01:44 77408 ----a-w- c:\documents and settings\MyMobile02\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 20:40 . 2007-08-22 04:06 -------- d-----w- c:\program files\MSN Messenger
2009-07-01 21:25 . 2007-06-12 12:27 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 15:46 . 2008-02-04 04:45 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 07:10 . 2009-06-04 16:10 -------- d-----w- c:\program files\2029
2009-06-12 16:58 . 2009-06-12 16:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BitDefender
2009-06-12 16:41 . 2009-06-12 16:41 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\BitDefender
2009-06-12 16:40 . 2009-06-08 14:45 -------- d-----w- c:\program files\BitDefender
2009-06-12 16:40 . 2009-06-12 16:38 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-12 07:30 . 2008-09-28 05:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-06-12 06:54 . 2008-04-20 18:31 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\SystemRequirementsLab
2009-06-12 06:53 . 2008-02-04 04:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-11 15:17 . 2009-06-11 15:17 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\2K Sports
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2007-12-05 07:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2007-06-12 12:07 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 13:03 . 2007-06-12 12:04 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2007-06-12 12:04 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2007-06-12 12:04 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2007-06-12 12:04 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2004-08-11 22:08 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2004-08-11 22:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 06:40 . 2009-05-30 14:22 -------- d-----w- c:\program files\Electronic Arts
2009-06-07 07:21 . 2009-06-03 05:06 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 05:11 . 2009-06-03 05:11 -------- d-----w- c:\documents and settings\MyMobile02\Application Data\Stardock
2009-06-03 05:07 . 2009-06-03 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Stardock
2009-06-01 02:59 . 2009-06-01 02:59 -------- d-----w- c:\program files\Microsoft WSE
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-13 05:15 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 22:12 . 2007-06-12 12:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-11 22:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-13 04:30 . 2008-06-18 05:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-05 23:08 . 2009-06-12 18:26 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\2029 ----

2009-06-08 19:53 . 2009-06-08 19:53 62 ----a-w- c:\program files\2029\bin\Log\gamenetclient.log
2009-06-08 19:53 . 2009-06-08 19:53 83 ----a-w- c:\program files\2029\bin\Log\gamenetcommon.log
2009-06-08 19:30 . 2009-06-08 19:53 221961 ----a-w- c:\program files\2029\bin\Log\public.log
2009-06-08 19:30 . 2009-06-08 19:30 447 ----a-w- c:\program files\2029\bin\Log\gfx.log
2009-06-05 01:23 . 2009-06-05 01:23 30259 ----a-w- c:\program files\2029\bin\errorlog.txt
2009-06-04 16:21 . 2009-06-08 19:53 28 ----a-w- c:\program files\2029\bin\Chat\Mercury_Aries1_.xml
2009-06-04 16:21 . 2009-06-08 19:53 28 ----a-w- c:\program files\2029\bin\Chat\Mercury_Aries1_aznyumiboy.xml
2009-06-04 16:14 . 2009-06-08 19:30 5018 ----a-w- c:\program files\2029\bin\Log\gameclient.log
2009-06-04 16:14 . 2009-06-04 16:14 257701 ----a-w- c:\program files\2029\Patch\from.1.26.0052.to.1.26.0053.upd


((((((((((((((((((((((((((((( SnapShot@2009-07-28_21.50.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-29 09:10 . 2009-07-29 09:10 122880 c:\windows\erdnt\AutoBackup\7-29-2009\Users\00000002\UsrClass.dat
+ 2009-07-29 09:10 . 2005-10-20 19:02 163328 c:\windows\erdnt\AutoBackup\7-29-2009\ERDNT.EXE
+ 2009-07-29 09:10 . 2009-07-29 09:10 11857920 c:\windows\erdnt\AutoBackup\7-29-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-06-22 2624824]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"AIM"="c:\program files\AIM\aim.exe" [2005-07-21 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\MyMobile02\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\WinZip\\WINZIP32.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\SteamApps\\animesaint@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:frozen throne
"12472:TCP"= 12472:TCP:BitCometLite 12472 TCP
"12472:UDP"= 12472:UDP:BitCometLite 12472 UDP
"12028:TCP"= 12028:TCP:BitComet 12028 TCP
"12028:UDP"= 12028:UDP:BitComet 12028 UDP
"7808:TCP"= 7808:TCP:FS
"7808:UDP"= 7808:UDP:FS
"18768:TCP"= 18768:TCP:opera bitorrent
"18768:UDP"= 18768:UDP:opera bittorrent

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/27/2009 10:07 PM 130936]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 4:16 PM 82696]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 10:09 AM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 2:52 PM 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 5:16 PM 172032]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ntreev\Grand Chase\GameGuard\dump_wmimmc.sys --> c:\ntreev\Grand Chase\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/27/2009 10:07 PM 348752]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva064;XDva064;\??\c:\windows\system32\XDva064.sys --> c:\windows\system32\XDva064.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\docume~1\MYMOBI~1\APPLIC~1\Mozilla\Firefox\Profiles\s8qah0xr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\MyMobile02\Application Data\Mozilla\Firefox\Profiles\s8qah0xr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 02:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithProgids]
"?mkv_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,ed,35,9f,02,ed,a4,c7,98,71,5a,35,14,8a,9e,3a,d9,8b,8a,b6,f3,d9,0a,
fa,b1,6d,26,af,3d,6a,31,cd,10,b7,8d,e9,08,34,c4,b5,30,16,4c,29,a7,17,bf,3a,\
"??"=hex:e4,5e,97,26,36,79,4b,35,c9,c9,83,54,52,bb,45,85

[HKEY_USERS\S-1-5-21-1839197628-156813167-3889703343-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="FjN/AyMaXJMWZJ6KvM2zapY7eo0zbkIGGJiUi3fdw8++/JofAKWHMQ=="
"PLCK"="rUJbJsp7V57zHmONr5DUuCC1ogXDmMlY"
"Percents"="0 0.0877 0.2356 0.4232 0.6247 0.8798 0.8863 "
"Increment"=".003472"
"PHSH"=""

[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play]
@="Play with VLC"

[HKEY_LOCAL_MACHINE\software\Classes\ m*k*v*_*a*u*t*o*_*f*i*l*e*\shell\Play\command]
@="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe --started-from-file \"%1\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
.
**************************************************************************
.
Completion time: 2009-07-29 2:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 09:30
ComboFix2.txt 2009-07-28 21:56

Pre-Run: 44,363,710,464 bytes free
Post-Run: 44,561,911,808 bytes free

319 --- E O F --- 2009-07-25 08:24



And finally the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:22 AM, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198337010468
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8194 bytes



I took a quick look, at the previous and current log, and found that kdja is still in the recycle bin. I have manually deleted this file before, but it seems stubborn to be out of existance, if that is possible. I shall retire until later morning.

Edited by animesaint, 29 July 2009 - 04:41 AM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 29 July 2009 - 11:32 AM

Can you empty the Recycle Bin and see if the file kdja.exe flused out too? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 July 2009 - 01:02 PM

Oh I did that, but I peeked into the Recycle Bin and saw no kdja.exe, but I have yet to use CCleaner.
And what i mean by my post before is that months ago I saw kdja.exe and deleted it, but yesterday, in the Combo Fix log i saw this,
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
So is there any problems left?
By the way, I wanna let you know that I am appreciative of what you have done for this computer I am using, and I have no more redirections of searches from search engines, but I do fear there is something else. Please, if you can, reassure me that everything on the log has been dealt with.

Edited by animesaint, 29 July 2009 - 06:53 PM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 29 July 2009 - 04:53 PM

Can you peek into this folder and tell me what you find?

c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 July 2009 - 07:30 PM

okay I did take a peek into that folder and found nothing to my surprise since there was nothing in the recycle bin in the first place. (When I checked the desktop one)
One thing I did was to allow the recycle bin not to store any files but to delete them before they hit the folder. Is that okay?

Edited by animesaint, 29 July 2009 - 07:33 PM.


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 29 July 2009 - 11:42 PM

One thing I did was to allow the recycle bin not to store any files but to delete them before they hit the folder. Is that okay?


Not advisable but its really up to you :thumbup2:

Lets do an online scan to make sure we don't miss any..

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 29 July 2009 - 11:50 PM

A box popped up that wanted me to resend the information after the ActiveX controll asked to install...
Now I opened a new online scanner and closed the previous one... I feel eerie about this not going smoothly.
The new scanner window did the same and now I should wait... Should I dl the .exe on another browser and see how that goes?
Okay update, it has gone through and I am currently waiting for the scanning process to finish. Sorry to make you worried, but what has me worried is that the warning that the results maybe altered by Bitdefender...


BTW, the computer still has that desktop>black screen>desktop flickering effect. (One cycle and that is all)
All the previous discreptancies are gone except that one on the top, and me being paranoid I believe that there is something still lurking in the system, but this online ESET scanner will find it...



Okay, here is a list of preventions I currently have installed:
Bitdefender
Hijack This
Spyware Blaster
Spyware Doctor
Spybot Search & Destroy
mbam

The only problem is that Bitdefender was the only one getting updated daily while I neglected the others because I felt safe; boy was I wrong.

Edited by animesaint, 30 July 2009 - 12:15 AM.


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 30 July 2009 - 12:05 AM

Lets wait for the ESET result and then test run your computer for a while :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 animesaint

animesaint
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 30 July 2009 - 01:10 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=5ad39f6eb9190441919499eaad13045f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-30 06:00:57
# local_time=2009-07-29 11:00:57 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2054 21 100 97 45290781250
# scanned=108530
# found=11
# cleaned=11
# scan_time=3568
C:\PROTECTION\MGtools.exe probably a variant of Win32/TrojanDropper.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpccojvc.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ISvvxyay.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ISvvxyay.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mvbylmhk.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACotewlrpjbe.sys.vir Win32/Olmarik.JQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000001.sys Win32/Olmarik.JQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000033.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000034.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000035.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000474.exe probably a variant of Win32/TrojanDropper.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C



I deleted the files from quarentine (MGtools.exe even if its innocuous to me I deleted it)Lol it found the old virus problems in a quarentine folder I used from some "geek??????" site.

Edited by animesaint, 30 July 2009 - 01:14 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users