Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Police Pro and AntiSpyware 2010


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kristrin

Kristrin

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 September 2009 - 01:50 AM

My original topic is located here: http://www.bleepingcomputer.com/forums/t/254863/windows-police-pro-and-desoteexe/

I had/have Windows Police Pro and AntiSpyware 2010 on my computer, but I followed the guides on the site and it seems to have removed most of it. My scans are still finding a couple of things each time and my computer for some reason no longer recongizes me as Admin anymore, even though my account is the only one on this computer

I was told by garmanma to post a topic here with the following logs:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Katrina at 20:07:48.42 on Mon 09/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1406.487 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Katrina.YOUR-727A0A4E7C\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.neopets.com/portal/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Taskman=c:\recycler\s-1-5-21-4849632202-1797816538-074228904-9240\msimfo32.exe
BHO: c:\\windows\\system32\\tajf83ikdmf.dll - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {CD292324-974F-4224-D074-CACA427AA030} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [RegClean Expert Scheduler] "c:\program files\registry clean expert\RCHelper.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [7EE983E52D57964A] c:\windows\system32\7EE983E52D57964A.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Windows System Recover!] c:\windows\temp\winamp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\katrina.your-727a0a4e7c\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: myspace.com\profile
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} - hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182464066625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Notify: AtiExtEvent - Ati2evxx.dll
Notify: fccyvSJA - fccyvSJA.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gonereliv - {258c2995-ac20-41b6-9208-d672d8edb1be} - c:\windows\system32\yayutoto.dll
STS: jugezatag: {258c2995-ac20-41b6-9208-d672d8edb1be} - c:\windows\system32\yayutoto.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJDwXnL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-1 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-9-6 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-9-6 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-1 159600]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-1 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-1 1097096]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-9-1 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-9-6 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]

=============== Created Last 30 ================

2009-09-06 15:11 427 a------- c:\windows\system32\QuickTimeFavorites.qtr
2009-09-06 14:48 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-06 14:48 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-06 14:48 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-06 14:48 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-09-06 07:07 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-09-06 07:07 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-09-06 05:51 2,713 ---sh--- c:\windows\system32\riwiliko.exe
2009-09-06 00:22 --d----- c:\docume~1\katrin~1.you\applic~1\Malwarebytes
2009-09-06 00:19 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 00:19 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-06 00:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-06 00:19 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 13:58 0 a------- c:\windows\system32\7EE983E52D57964A.exe
2009-09-03 09:53 61,952 a------- c:\windows\system32\OLD4.tmp
2009-09-03 08:02 --d----- C:\spoolerlogs
2009-09-03 03:40 0 a------- C:\1273858819
2009-09-02 00:15 --d----- c:\program files\ABC Amber LIT Converter
2009-09-01 23:48 7,537 a------- c:\windows\system32\noval6.ctm
2009-09-01 23:15 7,537 a------- c:\windows\system32\novap6.ctm
2009-09-01 17:20 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-01 17:04 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-01 17:04 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-01 17:04 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-01 17:04 --d----- c:\program files\common files\PC Tools
2009-09-01 17:04 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 17:03 --d----- c:\program files\Spyware Doctor
2009-09-01 17:03 --d----- c:\docume~1\katrin~1.you\applic~1\PC Tools
2009-09-01 17:03 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-01 13:36 17,176 a------- c:\windows\system32\eliqy.bat
2009-09-01 13:36 16,432 a------- c:\program files\common files\celukap.dll
2009-09-01 13:36 14,542 a------- c:\docume~1\alluse~1\applic~1\imerific.scr
2009-09-01 13:36 12,918 a------- c:\docume~1\katrin~1.you\applic~1\usurivud.reg
2009-09-01 13:36 12,517 a------- c:\windows\kumexuqud.dll
2009-09-01 13:36 10,632 a------- c:\docume~1\alluse~1\applic~1\savubi.bat
2009-09-01 13:36 10,000 a------- c:\windows\system32\edykicu.vbs
2009-09-01 13:36 16,827 a------- c:\program files\common files\yfoma.reg
2009-09-01 13:36 12,732 a------- c:\program files\common files\vapofiboxy.dll
2009-09-01 13:24 19,540 a------- c:\program files\common files\liwi.sys
2009-09-01 13:24 18,623 a------- c:\windows\rygi.com
2009-09-01 13:24 17,526 a------- c:\docume~1\katrin~1.you\applic~1\fizifycev.dll
2009-09-01 13:24 17,412 a------- c:\windows\hysuwiry.lib
2009-09-01 13:24 16,748 a------- c:\windows\amapo.lib
2009-09-01 13:24 16,342 a------- c:\windows\owamyma.sys
2009-09-01 13:24 13,653 a------- c:\windows\hymew.dll
2009-09-01 13:24 13,279 a------- c:\windows\yvupycerow._dl
2009-09-01 13:24 12,966 a------- c:\docume~1\katrin~1.you\applic~1\xakiqet.com
2009-09-01 13:11 19,964 a------- c:\docume~1\katrin~1.you\applic~1\lirisid.bin
2009-09-01 13:11 19,758 a------- c:\windows\system32\sopo.sys
2009-09-01 13:11 18,805 a------- c:\windows\bomutel.vbs
2009-09-01 13:11 18,062 a------- c:\windows\system32\zyvah.lib
2009-09-01 13:11 17,666 a------- c:\windows\mezi.dat
2009-09-01 13:11 13,826 a------- c:\windows\etiqime.db
2009-09-01 13:11 13,245 a------- c:\windows\tifanaq.sys
2009-09-01 13:11 10,999 a------- c:\windows\zygenogope.vbs
2009-09-01 13:11 10,278 a------- c:\windows\uqepejazu.sys
2009-08-15 01:31 --d----- c:\program files\Oxin's Style!
2009-08-12 00:08 --d----- c:\windows\ServicePackFiles
2009-08-11 16:09 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 16:08 655,872 -------- c:\windows\system32\dllcache\mstscax.dll

==================== Find3M ====================

2009-09-04 23:49 37,888 a--sh--- c:\windows\system32\dukazewe.dll
2009-09-04 10:49 37,888 a--sh--- c:\windows\system32\yerofata.dll
2009-09-03 15:47 37,376 a--sh--- c:\windows\system32\gipekoji.dll
2009-09-01 13:24 14,353 a------- c:\program files\common files\jacyxevi.inf
2009-09-01 13:11 19,996 a------- c:\program files\common files\ikiro.dl
2009-09-01 13:11 19,927 a------- c:\program files\common files\umaxoxer.lib
2009-09-01 13:11 12,991 a------- c:\program files\common files\wukob.lib
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 06:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-19 08:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 08:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 06:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 03:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 03:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 03:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 03:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 03:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 03:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 03:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 06:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 06:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 06:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2007-01-03 19:49 22 ac-sh--- c:\windows\sminst\HPCD.sys
2008-07-25 18:58 869,547 a--sh--- c:\windows\system32\LnXwDJlm.ini2

============= FINISH: 20:09:58.07 ===============







ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/09/07 04:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDDEA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7BA8000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB5D0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\pc tools\threatfire\orig.db
Status: Allocation size mismatch (API: 425984, Raw: 393216)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf729dd72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf727e9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf727eb98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf729e568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf729e820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf729ca80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf729ec8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf729e036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf727e656

Hidden Services
-------------------
Service Name: rotscxtkbsiuyx
Image Path: C:\WINDOWS\system32\drivers\rotscxudjpmbny.sys

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 10 September 2009 - 12:22 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 15 September 2009 - 12:08 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users