Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect malware


  • This topic is locked This topic is locked
20 replies to this topic

#1 alikim

alikim

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 09 September 2009 - 08:05 PM

Hi,

So following this topic http://www.bleepingcomputer.com/forums/t/256103/google-redirect-malware-moved/ I post DDS and RootRepeal logs:

---------------------------------------------------------------------------
DDS (Ver_09-07-30.01) - FAT32x86
Run by alikim at 10:43:31.53 on Thu 10/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1919.1236 [GMT 10:00]

FW: Tiny Firewall 6.5 *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Far\Far.exe
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Documents and Settings\alikim\Рабочий стол\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.100.132.148:3128
uInternet Settings,ProxyOverride = ;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Lingvo Launcher] "c:\program files\abbyy lingvo 10 multilingual dictionary\Lvagent.exe" /STARTUP
mRun: [Control Center] c:\program files\asus\wlan card utilities\Center.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alikim\главно~1\програ~1\автоза~1\taskmg~1.lnk - c:\windows\system32\taskmgr.exe
StartupFolder: c:\docume~1\alluse~1\главно~1\програ~1\автоза~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\SC_Acrobat.exe
IE: &Экспорт в Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Translate with Lingvo - c:\program files\abbyy lingvo 10 multilingual dictionary\Lingvo.exe/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\alikim\главное меню\программы\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250867169328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {DD02E832-E78B-44AE-8C59-0C8EA01DD026} = 10.0.0.38
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 10:46:10.73 ===============





Maybe I should add that I don't use Kaspersky AV on this computer as its license had been expired long ago.

Attached Files


Edited by alikim, 09 September 2009 - 08:08 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 10 September 2009 - 12:52 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 10 September 2009 - 08:13 PM

Here you go:
The only error I got during the process was a MS crash window of "PEV.cfxxe"


ComboFix 09-09-10.01 - alikim 11/09/2009 10:49.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1919.1547 [GMT 10:00]
Running from: c:\documents and settings\alikim\Рабочий стол\Combo-Fix.exe
FW: Tiny Firewall 6.5 *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2022-08-29 18:59 . 2022-08-29 18:59 -------- d-----w- c:\documents and settings\NetworkService\Главное меню
2022-08-29 14:07 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2022-08-29 14:07 . 2001-10-19 11:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2022-08-29 14:07 . 2001-10-19 11:06 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2022-08-29 14:06 . 2001-08-17 20:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2022-08-29 14:06 . 2001-08-17 10:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2022-08-29 14:06 . 2004-08-03 12:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2022-08-29 14:06 . 2004-08-03 12:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2022-08-29 14:06 . 2004-08-03 12:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2022-08-29 14:06 . 2001-10-19 10:36 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2022-08-29 14:05 . 2001-08-17 11:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2022-08-29 14:05 . 2001-10-19 11:06 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2022-08-29 14:05 . 2001-10-19 11:06 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2022-08-29 14:05 . 2004-08-18 06:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2022-08-29 14:05 . 2004-08-18 06:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2022-08-29 14:05 . 2001-08-17 11:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2022-08-29 14:05 . 2004-08-03 12:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2022-08-29 14:05 . 2001-08-17 10:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2022-08-29 14:05 . 2004-08-03 12:29 25471 ----a-w- c:\windows\system32\dllcache\watv10nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2022-08-29 14:03 . 2001-08-17 11:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2022-08-29 14:03 . 2001-08-17 11:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2022-08-29 14:03 . 2001-08-17 11:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2022-08-29 14:03 . 2001-08-17 11:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2022-08-29 14:03 . 2001-08-17 11:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2022-08-29 14:03 . 2001-08-17 11:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2022-08-29 14:03 . 2001-08-17 11:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2022-08-29 14:03 . 2001-08-17 11:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2022-08-29 14:03 . 2001-08-17 11:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2022-08-29 14:02 . 2004-08-17 05:52 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2022-08-29 14:02 . 2008-04-14 16:10 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
2022-08-29 14:02 . 2001-10-19 11:06 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2022-08-29 14:02 . 2001-10-19 11:06 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2022-08-29 14:02 . 2001-10-19 11:06 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2022-08-29 14:02 . 2001-10-19 11:06 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2022-08-29 14:02 . 2001-10-19 11:06 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2022-08-29 14:02 . 2001-08-17 11:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2022-08-29 14:02 . 2001-10-19 11:06 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2022-08-29 14:01 . 2001-10-19 11:06 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2022-08-29 14:01 . 2001-10-19 11:06 212480 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2022-08-29 14:01 . 2001-10-19 11:06 216576 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2022-08-29 14:01 . 2001-08-17 11:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2022-08-29 14:01 . 2001-08-17 11:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2022-08-29 14:01 . 2004-08-18 06:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2022-08-29 14:01 . 2001-08-17 10:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2022-08-29 14:01 . 2001-10-19 11:06 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2022-08-29 14:01 . 2001-08-17 10:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2022-08-29 14:01 . 2001-10-19 11:05 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2022-08-29 13:59 . 2001-08-17 10:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2022-08-29 13:59 . 2001-10-19 11:05 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2022-08-29 13:59 . 2004-08-18 06:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2022-08-29 13:59 . 2001-08-17 10:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2022-08-29 13:59 . 2004-08-18 06:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2022-08-29 13:59 . 2001-08-17 10:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2022-08-29 13:59 . 2004-08-18 06:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2022-08-29 13:59 . 2001-08-17 11:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2022-08-29 13:59 . 2001-08-17 11:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2022-08-29 13:59 . 2001-08-17 10:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2022-08-29 13:59 . 2001-10-19 11:05 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2022-08-29 13:59 . 2001-08-17 12:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2022-08-29 13:59 . 2001-08-17 12:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2022-08-29 13:58 . 2001-08-17 12:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2022-08-29 13:58 . 2001-08-17 12:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2022-08-29 13:58 . 2001-10-19 11:06 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2022-08-29 13:58 . 2001-08-17 11:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2022-08-29 13:58 . 2001-08-17 12:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2022-08-29 13:58 . 2001-10-19 11:06 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2022-08-29 13:58 . 2001-10-19 11:06 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2022-08-29 13:58 . 2001-10-19 11:06 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2022-08-29 13:58 . 2001-10-19 11:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2022-08-29 13:58 . 2001-10-19 10:22 286208 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2022-08-29 13:57 . 2001-10-19 10:21 17024 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2022-08-29 13:57 . 2001-08-17 10:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2022-08-29 13:57 . 2001-10-19 11:06 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2022-08-29 13:57 . 2004-08-18 06:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2022-08-29 13:57 . 2001-10-19 11:06 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2022-08-29 13:57 . 2001-08-17 11:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2022-08-29 13:57 . 2001-10-19 11:06 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2022-08-29 13:57 . 2001-08-17 12:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2022-08-29 13:57 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2022-08-29 13:57 . 2001-08-17 10:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2022-08-29 13:57 . 2001-10-19 11:06 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2022-08-29 13:55 . 2001-10-19 11:06 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2022-08-29 13:54 . 2001-10-19 11:05 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2022-08-29 13:54 . 2001-08-17 10:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2022-08-29 13:54 . 2001-10-19 11:05 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2022-08-29 13:54 . 2001-08-17 10:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2022-08-29 13:54 . 2004-08-18 06:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2022-08-29 13:54 . 2001-10-19 10:42 161664 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2022-08-29 13:54 . 2001-07-21 12:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2022-08-29 13:54 . 2001-08-17 10:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2022-08-29 13:54 . 2001-10-19 11:05 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2022-08-29 13:54 . 2001-08-17 10:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2022-08-29 13:54 . 2001-10-19 10:41 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2022-08-29 13:54 . 2001-10-19 10:41 17920 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2022-08-29 13:54 . 2001-10-19 11:06 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2022-08-29 13:53 . 2001-08-17 11:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2022-08-29 13:53 . 2001-08-17 11:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2022-08-29 13:53 . 2001-10-19 11:06 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2022-08-29 13:53 . 2001-10-19 10:41 17536 ----a-w- c:\windows\system32\dllcache\scr111.sys
2022-08-29 13:53 . 2001-10-19 10:41 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2022-08-29 13:53 . 2001-08-17 11:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2022-08-29 13:53 . 2001-10-19 10:41 24064 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2022-08-29 13:53 . 2001-10-19 11:04 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2022-08-29 13:53 . 2001-08-17 10:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2022-08-29 13:53 . 2001-10-19 11:05 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2022-08-29 13:53 . 2001-08-17 10:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2022-08-29 13:53 . 2001-10-19 11:05 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2022-08-29 13:51 . 2004-08-03 12:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2022-08-29 13:51 . 2001-08-17 10:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2022-08-29 13:51 . 2001-08-17 10:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2022-08-29 13:51 . 2001-10-19 11:06 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2022-08-29 13:51 . 2001-08-17 10:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2022-08-29 13:51 . 2001-08-17 10:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2022-08-29 13:51 . 2001-10-19 11:04 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2022-08-29 13:51 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2022-08-29 13:51 . 2004-08-18 06:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2022-08-29 13:51 . 2004-08-03 12:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2022-08-29 13:51 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2022-08-29 13:51 . 2001-10-19 10:37 714986 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2022-08-29 13:49 . 2001-10-19 11:06 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2022-08-29 13:48 . 2001-08-17 12:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:12 . 2006-11-29 11:30 25568 ----a-w- c:\documents and settings\alikim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:19 . 2009-08-27 12:19 47360 ----a-w- c:\documents and settings\alikim\Application Data\pcouffin.sys
2009-08-11 02:35 . 2006-08-16 23:44 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:01 . 2004-09-22 07:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2004-09-22 07:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2004-09-22 07:50 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 19:23 . 2009-04-22 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-09-22 07:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2004-09-22 07:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 07:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-09-22 07:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-09-22 07:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-09-22 07:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-09-22 07:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-09-22 07:51 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-09-22 07:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-09-22 07:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 22:44 . 2009-06-20 22:44 4096 ----a-w- c:\windows\d3dx.dat
2009-06-15 10:45 . 2004-09-22 07:51 79872 ----a-w- c:\windows\system32\telnet.exe
2008-05-10 10:49 . 2008-05-10 10:49 454656 ----a-w- c:\program files\putty.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-07_14.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\drivers\usbaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 01:11 . 2008-12-12 01:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 01:18 . 2008-12-12 01:18 87336 c:\windows\system32\dns-sd.exe
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 00:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 00:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-29 03:14 . 2009-09-07 14:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-08-29 03:14 . 2009-09-11 00:47 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-08-16 23:42 . 2009-09-11 00:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-08 12:40 . 2009-09-08 12:40 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 10398 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 25214 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
+ 2009-09-08 12:42 . 2009-09-08 12:42 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-09-08 13:19 . 2009-09-08 13:19 354304 c:\windows\Installer\aee880.msi
+ 2009-09-08 12:43 . 2009-09-08 12:43 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-09-08 12:42 . 2009-09-08 12:43 4945408 c:\windows\Installer\8b1db3.msi
+ 2009-09-08 12:42 . 2009-09-08 12:42 1659392 c:\windows\Installer\8b1daf.msi
+ 2009-09-08 12:41 . 2009-09-08 12:42 8992256 c:\windows\Installer\8b1da9.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 1549312 c:\windows\Installer\8b1b49.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 3295232 c:\windows\Installer\8b1b1a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-16 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-02 13594624]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 1689600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-02 86016]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-02 17530368]

c:\documents and settings\alikim\ѓўҐ Ґо\ЏаЈал\ЂўвЈагЄ\
taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-9-22 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"RasMan"=3 (0x3)
"gusvc"=2 (0x2)
"navapsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"StarWindService"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"AVP"=3 (0x3)
"ASWLSVC"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/09/2009 02:23 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/07/2009 00:49 1029456]
R3 IRCOMM;IRCOMM;c:\windows\system32\drivers\Ircomm.sys [2/12/2006 19:55 54132]
R3 KRNBRIDG;IrBridge Kernel-Level Interface;c:\windows\system32\drivers\krnbridg.sys [2/12/2006 19:55 14436]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 22:34 1684736]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [17/08/2006 10:05 16269]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 SNPHV71;QB-300;c:\windows\system32\drivers\snphv71.sys [10/07/2003 14:54 226048]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.100.132.148:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Translate with Lingvo - c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\alikim\Главное меню\Программы\IMVU\Run IMVU.lnk
TCP: {DD02E832-E78B-44AE-8C59-0C8EA01DD026} = 10.0.0.38
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath - c:\documents and settings\alikim\Application Data\Mozilla\Firefox\Profiles\fgcm7ply.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 11:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-11 11:06
ComboFix-quarantined-files.txt 2009-09-11 01:06
ComboFix2.txt 2009-09-08 10:26
ComboFix3.txt 2009-09-07 14:53

Pre-Run: 7,947,681,792 байт свободно
Post-Run: 10,292,232,192 байт свободно

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
360

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 10 September 2009 - 11:55 PM

This is not good.. Delete your version of ComboFix >> download a fresh one from below >> run it >> Make sure you INSTALL Recovery Console >> post the log here..
Link 2
Link 3

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 12:24 AM

well, I've downloaded it today before the run, I guess it's fresh enough.. in regards to the console it doesn't ask me to install it, there is some sort of window popping up during the combofix run but it disappears so quiclky that I'm unable to see what's in it..

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 11 September 2009 - 12:28 AM

Please do as I requested please.. There's reason why I asked you to download a fresh one, and install the Recovery Console..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 06:22 AM

Ok, I downloaded and run it again, here is the report.

Still, ComboFix doesn't ask me to install the recovery console.. do you want me to do it manually?


---------------------------------------------------------------------------
ComboFix 09-09-10.03 - alikim 11/09/2009 21:00.4.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1919.1539 [GMT 10:00]
Running from: c:\documents and settings\alikim\Рабочий стол\Combo-Fix.exe
FW: Tiny Firewall 6.5 *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2022-08-29 18:59 . 2022-08-29 18:59 -------- d-----w- c:\documents and settings\NetworkService\Главное меню
2022-08-29 14:07 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2022-08-29 14:07 . 2001-10-19 11:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2022-08-29 14:07 . 2001-10-19 11:06 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2022-08-29 14:06 . 2001-08-17 20:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2022-08-29 14:06 . 2001-08-17 10:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2022-08-29 14:06 . 2004-08-03 12:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2022-08-29 14:06 . 2004-08-03 12:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2022-08-29 14:06 . 2004-08-03 12:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2022-08-29 14:06 . 2001-10-19 10:36 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2022-08-29 14:05 . 2001-08-17 11:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2022-08-29 14:05 . 2001-10-19 11:06 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2022-08-29 14:05 . 2001-10-19 11:06 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2022-08-29 14:05 . 2004-08-18 06:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2022-08-29 14:05 . 2004-08-18 06:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2022-08-29 14:05 . 2001-08-17 11:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2022-08-29 14:05 . 2004-08-03 12:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2022-08-29 14:05 . 2001-08-17 10:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2022-08-29 14:05 . 2004-08-03 12:29 25471 ----a-w- c:\windows\system32\dllcache\watv10nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2022-08-29 14:03 . 2001-08-17 11:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2022-08-29 14:03 . 2001-08-17 11:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2022-08-29 14:03 . 2001-08-17 11:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2022-08-29 14:03 . 2001-08-17 11:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2022-08-29 14:03 . 2001-08-17 11:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2022-08-29 14:03 . 2001-08-17 11:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2022-08-29 14:03 . 2001-08-17 11:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2022-08-29 14:03 . 2001-08-17 11:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2022-08-29 14:03 . 2001-08-17 11:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2022-08-29 14:02 . 2004-08-17 05:52 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2022-08-29 14:02 . 2008-04-14 16:10 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
2022-08-29 14:02 . 2001-10-19 11:06 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2022-08-29 14:02 . 2001-10-19 11:06 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2022-08-29 14:02 . 2001-10-19 11:06 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2022-08-29 14:02 . 2001-10-19 11:06 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2022-08-29 14:02 . 2001-10-19 11:06 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2022-08-29 14:02 . 2001-08-17 11:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2022-08-29 14:02 . 2001-10-19 11:06 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2022-08-29 14:01 . 2001-10-19 11:06 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2022-08-29 14:01 . 2001-10-19 11:06 212480 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2022-08-29 14:01 . 2001-10-19 11:06 216576 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2022-08-29 14:01 . 2001-08-17 11:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2022-08-29 14:01 . 2001-08-17 11:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2022-08-29 14:01 . 2004-08-18 06:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2022-08-29 14:01 . 2001-08-17 10:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2022-08-29 14:01 . 2001-10-19 11:06 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2022-08-29 14:01 . 2001-08-17 10:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2022-08-29 14:01 . 2001-10-19 11:05 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2022-08-29 13:59 . 2001-08-17 10:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2022-08-29 13:59 . 2001-10-19 11:05 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2022-08-29 13:59 . 2004-08-18 06:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2022-08-29 13:59 . 2001-08-17 10:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2022-08-29 13:59 . 2004-08-18 06:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2022-08-29 13:59 . 2001-08-17 10:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2022-08-29 13:59 . 2004-08-18 06:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2022-08-29 13:59 . 2001-08-17 11:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2022-08-29 13:59 . 2001-08-17 11:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2022-08-29 13:59 . 2001-08-17 10:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2022-08-29 13:59 . 2001-10-19 11:05 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2022-08-29 13:59 . 2001-08-17 12:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2022-08-29 13:59 . 2001-08-17 12:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2022-08-29 13:58 . 2001-08-17 12:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2022-08-29 13:58 . 2001-08-17 12:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2022-08-29 13:58 . 2001-10-19 11:06 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2022-08-29 13:58 . 2001-08-17 11:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2022-08-29 13:58 . 2001-08-17 12:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2022-08-29 13:58 . 2001-10-19 11:06 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2022-08-29 13:58 . 2001-10-19 11:06 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2022-08-29 13:58 . 2001-10-19 11:06 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2022-08-29 13:58 . 2001-10-19 11:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2022-08-29 13:58 . 2001-10-19 10:22 286208 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2022-08-29 13:57 . 2001-10-19 10:21 17024 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2022-08-29 13:57 . 2001-08-17 10:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2022-08-29 13:57 . 2001-10-19 11:06 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2022-08-29 13:57 . 2004-08-18 06:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2022-08-29 13:57 . 2001-10-19 11:06 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2022-08-29 13:57 . 2001-08-17 11:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2022-08-29 13:57 . 2001-10-19 11:06 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2022-08-29 13:57 . 2001-08-17 12:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2022-08-29 13:57 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2022-08-29 13:57 . 2001-08-17 10:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2022-08-29 13:57 . 2001-10-19 11:06 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2022-08-29 13:55 . 2001-10-19 11:06 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2022-08-29 13:54 . 2001-10-19 11:05 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2022-08-29 13:54 . 2001-08-17 10:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2022-08-29 13:54 . 2001-10-19 11:05 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2022-08-29 13:54 . 2001-08-17 10:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2022-08-29 13:54 . 2004-08-18 06:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2022-08-29 13:54 . 2001-10-19 10:42 161664 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2022-08-29 13:54 . 2001-07-21 12:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2022-08-29 13:54 . 2001-08-17 10:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2022-08-29 13:54 . 2001-10-19 11:05 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2022-08-29 13:54 . 2001-08-17 10:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2022-08-29 13:54 . 2001-10-19 10:41 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2022-08-29 13:54 . 2001-10-19 10:41 17920 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2022-08-29 13:54 . 2001-10-19 11:06 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2022-08-29 13:53 . 2001-08-17 11:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2022-08-29 13:53 . 2001-08-17 11:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2022-08-29 13:53 . 2001-10-19 11:06 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2022-08-29 13:53 . 2001-10-19 10:41 17536 ----a-w- c:\windows\system32\dllcache\scr111.sys
2022-08-29 13:53 . 2001-10-19 10:41 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2022-08-29 13:53 . 2001-08-17 11:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2022-08-29 13:53 . 2001-10-19 10:41 24064 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2022-08-29 13:53 . 2001-10-19 11:04 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2022-08-29 13:53 . 2001-08-17 10:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2022-08-29 13:53 . 2001-10-19 11:05 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2022-08-29 13:53 . 2001-08-17 10:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2022-08-29 13:53 . 2001-10-19 11:05 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2022-08-29 13:51 . 2004-08-03 12:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2022-08-29 13:51 . 2001-08-17 10:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2022-08-29 13:51 . 2001-08-17 10:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2022-08-29 13:51 . 2001-10-19 11:06 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2022-08-29 13:51 . 2001-08-17 10:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2022-08-29 13:51 . 2001-08-17 10:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2022-08-29 13:51 . 2001-10-19 11:04 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2022-08-29 13:51 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2022-08-29 13:51 . 2004-08-18 06:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2022-08-29 13:51 . 2004-08-03 12:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2022-08-29 13:51 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2022-08-29 13:51 . 2001-10-19 10:37 714986 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2022-08-29 13:49 . 2001-10-19 11:06 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2022-08-29 13:48 . 2001-08-17 12:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:12 . 2006-11-29 11:30 25568 ----a-w- c:\documents and settings\alikim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:19 . 2009-08-27 12:19 47360 ----a-w- c:\documents and settings\alikim\Application Data\pcouffin.sys
2009-08-11 02:35 . 2006-08-16 23:44 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:01 . 2004-09-22 07:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2004-09-22 07:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2004-09-22 07:50 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 19:23 . 2009-04-22 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-09-22 07:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2004-09-22 07:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 07:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-09-22 07:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-09-22 07:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-09-22 07:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-09-22 07:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-09-22 07:51 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-09-22 07:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-09-22 07:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 22:44 . 2009-06-20 22:44 4096 ----a-w- c:\windows\d3dx.dat
2009-06-15 10:45 . 2004-09-22 07:51 79872 ----a-w- c:\windows\system32\telnet.exe
2008-05-10 10:49 . 2008-05-10 10:49 454656 ----a-w- c:\program files\putty.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-07_14.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\drivers\usbaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 01:11 . 2008-12-12 01:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 01:18 . 2008-12-12 01:18 87336 c:\windows\system32\dns-sd.exe
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-29 03:14 . 2009-09-07 14:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-08-29 03:14 . 2009-09-11 10:58 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-08 12:40 . 2009-09-08 12:40 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 10398 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 25214 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
+ 2009-09-08 12:42 . 2009-09-08 12:42 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-09-08 13:19 . 2009-09-08 13:19 354304 c:\windows\Installer\aee880.msi
+ 2009-09-08 12:43 . 2009-09-08 12:43 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-09-08 12:42 . 2009-09-08 12:43 4945408 c:\windows\Installer\8b1db3.msi
+ 2009-09-08 12:42 . 2009-09-08 12:42 1659392 c:\windows\Installer\8b1daf.msi
+ 2009-09-08 12:41 . 2009-09-08 12:42 8992256 c:\windows\Installer\8b1da9.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 1549312 c:\windows\Installer\8b1b49.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 3295232 c:\windows\Installer\8b1b1a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-16 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-02 13594624]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-05-04 1689600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-02 86016]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-02 17530368]

c:\documents and settings\alikim\ѓўҐ Ґо\ЏаЈал\ЂўвЈагЄ\
taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-9-22 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"RasMan"=3 (0x3)
"gusvc"=2 (0x2)
"navapsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"StarWindService"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"AVP"=3 (0x3)
"ASWLSVC"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/09/2009 02:23 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/07/2009 00:49 1029456]
R3 IRCOMM;IRCOMM;c:\windows\system32\drivers\Ircomm.sys [2/12/2006 19:55 54132]
R3 KRNBRIDG;IrBridge Kernel-Level Interface;c:\windows\system32\drivers\krnbridg.sys [2/12/2006 19:55 14436]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 22:34 1684736]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [17/08/2006 10:05 16269]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 SNPHV71;QB-300;c:\windows\system32\drivers\snphv71.sys [10/07/2003 14:54 226048]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.100.132.148:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Translate with Lingvo - c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\alikim\Главное меню\Программы\IMVU\Run IMVU.lnk
TCP: {DD02E832-E78B-44AE-8C59-0C8EA01DD026} = 10.0.0.38
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath - c:\documents and settings\alikim\Application Data\Mozilla\Firefox\Profiles\fgcm7ply.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 21:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-11 21:18
ComboFix-quarantined-files.txt 2009-09-11 11:18
ComboFix2.txt 2009-09-11 01:06
ComboFix3.txt 2009-09-08 10:26
ComboFix4.txt 2009-09-07 14:53

Pre-Run: 10,333,093,888 байт свободно
Post-Run: 10,330,701,824 байт свободно

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
361

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 11 September 2009 - 06:52 AM

Something is definitely not right here.. Lets do this instead...

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.


NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 07:47 AM

Something is definitely not right here..


I've no doubt about that...

---------------------------------
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 11 September 2009 - 08:21 AM

Please download avz4.zip and unzip it to your Desktop

AVZ FIX :

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before this fix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

  • Close all windows then double click on AVZ.exe
  • Click File >> Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    SetServiceStart('kbiwkmlmlkmxdu', 4);
    StopService('kbiwkmlmlkmxdu');
    DeleteService('kbiwkmlmlkmxdu');
    DeleteFile('C:\WINDOWS\system32\drivers\kbiwkmyxilrunq.sys');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_DisableSvc('kbiwkmlmlkmxdu');
    BC_DeleteSvc('kbiwkmlmlkmxdu');
    BC_DeleteFile('C:\WINDOWS\system32\drivers\kbiwkmyxilrunq.sys');
    BC_Activate;
    RebootWindows(true);
    end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.

Run ComboFix again and then post the log here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 09:10 AM

ComboFix 09-09-10.03 - alikim 11/09/2009 23:50.5.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1919.1442 [GMT 10:00]
Running from: c:\documents and settings\alikim\Рабочий стол\Combo-Fix.exe
FW: Tiny Firewall 6.5 *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbiwkmquwntiql.dll
c:\windows\system32\kbiwkmubodruyx.dll
c:\windows\system32\kbiwkmuirqtqlh.dat
c:\windows\system32\kbiwkmxrlnstje.dat
c:\windows\system32\kbiwkmyiqrmkkd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmlmlkmxdu
-------\Service_kbiwkmlmlkmxdu


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2022-08-29 18:59 . 2022-08-29 18:59 -------- d-----w- c:\documents and settings\NetworkService\Главное меню
2022-08-29 14:07 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2022-08-29 14:07 . 2001-10-19 11:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2022-08-29 14:07 . 2001-10-19 11:06 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2022-08-29 14:06 . 2001-08-17 20:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2022-08-29 14:06 . 2001-08-17 10:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2022-08-29 14:06 . 2004-08-03 12:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2022-08-29 14:06 . 2004-08-03 12:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2022-08-29 14:06 . 2004-08-03 12:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2022-08-29 14:06 . 2001-10-19 10:36 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2022-08-29 14:05 . 2001-08-17 11:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2022-08-29 14:05 . 2001-10-19 11:06 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2022-08-29 14:05 . 2001-10-19 11:06 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2022-08-29 14:05 . 2004-08-18 06:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2022-08-29 14:05 . 2004-08-18 06:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2022-08-29 14:05 . 2001-08-17 11:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2022-08-29 14:05 . 2004-08-03 12:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2022-08-29 14:05 . 2001-08-17 10:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2022-08-29 14:05 . 2004-08-03 12:29 25471 ----a-w- c:\windows\system32\dllcache\watv10nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2022-08-29 14:03 . 2001-08-17 11:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2022-08-29 14:03 . 2001-08-17 11:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2022-08-29 14:03 . 2001-08-17 11:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2022-08-29 14:03 . 2001-08-17 11:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2022-08-29 14:03 . 2001-08-17 11:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2022-08-29 14:03 . 2001-08-17 11:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2022-08-29 14:03 . 2001-08-17 11:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2022-08-29 14:03 . 2001-08-17 11:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2022-08-29 14:03 . 2001-08-17 11:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2022-08-29 14:02 . 2004-08-17 05:52 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2022-08-29 14:02 . 2008-04-14 16:10 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
2022-08-29 14:02 . 2001-10-19 11:06 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2022-08-29 14:02 . 2001-10-19 11:06 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2022-08-29 14:02 . 2001-10-19 11:06 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2022-08-29 14:02 . 2001-10-19 11:06 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2022-08-29 14:02 . 2001-10-19 11:06 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2022-08-29 14:02 . 2001-08-17 11:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2022-08-29 14:02 . 2001-10-19 11:06 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2022-08-29 14:01 . 2001-10-19 11:06 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2022-08-29 14:01 . 2001-10-19 11:06 212480 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2022-08-29 14:01 . 2001-10-19 11:06 216576 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2022-08-29 14:01 . 2001-08-17 11:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2022-08-29 14:01 . 2001-08-17 11:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2022-08-29 14:01 . 2004-08-18 06:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2022-08-29 14:01 . 2001-08-17 10:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2022-08-29 14:01 . 2001-10-19 11:06 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2022-08-29 14:01 . 2001-08-17 10:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2022-08-29 14:01 . 2001-10-19 11:05 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2022-08-29 13:59 . 2001-08-17 10:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2022-08-29 13:59 . 2001-10-19 11:05 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2022-08-29 13:59 . 2004-08-18 06:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2022-08-29 13:59 . 2001-08-17 10:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2022-08-29 13:59 . 2004-08-18 06:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2022-08-29 13:59 . 2001-08-17 10:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2022-08-29 13:59 . 2004-08-18 06:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2022-08-29 13:59 . 2001-08-17 11:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2022-08-29 13:59 . 2001-08-17 11:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2022-08-29 13:59 . 2001-08-17 10:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2022-08-29 13:59 . 2001-10-19 11:05 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2022-08-29 13:59 . 2001-08-17 12:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2022-08-29 13:59 . 2001-08-17 12:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2022-08-29 13:58 . 2001-08-17 12:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2022-08-29 13:58 . 2001-08-17 12:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2022-08-29 13:58 . 2001-10-19 11:06 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2022-08-29 13:58 . 2001-08-17 11:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2022-08-29 13:58 . 2001-08-17 12:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2022-08-29 13:58 . 2001-10-19 11:06 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2022-08-29 13:58 . 2001-10-19 11:06 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2022-08-29 13:58 . 2001-10-19 11:06 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2022-08-29 13:58 . 2001-10-19 11:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2022-08-29 13:58 . 2001-10-19 10:22 286208 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2022-08-29 13:57 . 2001-10-19 10:21 17024 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2022-08-29 13:57 . 2001-08-17 10:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2022-08-29 13:57 . 2001-10-19 11:06 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2022-08-29 13:57 . 2004-08-18 06:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2022-08-29 13:57 . 2001-10-19 11:06 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2022-08-29 13:57 . 2001-08-17 11:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2022-08-29 13:57 . 2001-10-19 11:06 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2022-08-29 13:57 . 2001-08-17 12:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2022-08-29 13:57 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2022-08-29 13:57 . 2001-08-17 10:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2022-08-29 13:57 . 2001-10-19 11:06 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2022-08-29 13:55 . 2001-10-19 11:06 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2022-08-29 13:54 . 2001-10-19 11:05 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2022-08-29 13:54 . 2001-08-17 10:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2022-08-29 13:54 . 2001-10-19 11:05 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2022-08-29 13:54 . 2001-08-17 10:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2022-08-29 13:54 . 2004-08-18 06:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2022-08-29 13:54 . 2001-10-19 10:42 161664 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2022-08-29 13:54 . 2001-07-21 12:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2022-08-29 13:54 . 2001-08-17 10:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2022-08-29 13:54 . 2001-10-19 11:05 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2022-08-29 13:54 . 2001-08-17 10:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2022-08-29 13:54 . 2001-10-19 10:41 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2022-08-29 13:54 . 2001-10-19 10:41 17920 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2022-08-29 13:54 . 2001-10-19 11:06 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2022-08-29 13:53 . 2001-08-17 11:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2022-08-29 13:53 . 2001-08-17 11:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2022-08-29 13:53 . 2001-10-19 11:06 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2022-08-29 13:53 . 2001-10-19 10:41 17536 ----a-w- c:\windows\system32\dllcache\scr111.sys
2022-08-29 13:53 . 2001-10-19 10:41 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2022-08-29 13:53 . 2001-08-17 11:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2022-08-29 13:53 . 2001-10-19 10:41 24064 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2022-08-29 13:53 . 2001-10-19 11:04 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2022-08-29 13:53 . 2001-08-17 10:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2022-08-29 13:53 . 2001-10-19 11:05 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2022-08-29 13:53 . 2001-08-17 10:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2022-08-29 13:53 . 2001-10-19 11:05 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2022-08-29 13:51 . 2004-08-03 12:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2022-08-29 13:51 . 2001-08-17 10:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2022-08-29 13:51 . 2001-08-17 10:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2022-08-29 13:51 . 2001-10-19 11:06 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2022-08-29 13:51 . 2001-08-17 10:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2022-08-29 13:51 . 2001-08-17 10:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2022-08-29 13:51 . 2001-10-19 11:04 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2022-08-29 13:51 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2022-08-29 13:51 . 2004-08-18 06:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2022-08-29 13:51 . 2004-08-03 12:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2022-08-29 13:51 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2022-08-29 13:51 . 2001-10-19 10:37 714986 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2022-08-29 13:49 . 2001-10-19 11:06 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2022-08-29 13:48 . 2001-08-17 12:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:12 . 2006-11-29 11:30 25568 ----a-w- c:\documents and settings\alikim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:19 . 2009-08-27 12:19 47360 ----a-w- c:\documents and settings\alikim\Application Data\pcouffin.sys
2009-08-11 02:35 . 2006-08-16 23:44 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:01 . 2004-09-22 07:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2004-09-22 07:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2004-09-22 07:50 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 19:23 . 2009-04-22 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-09-22 07:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2004-09-22 07:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 07:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-09-22 07:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-09-22 07:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-09-22 07:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-09-22 07:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-09-22 07:51 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-09-22 07:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-09-22 07:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 22:44 . 2009-06-20 22:44 4096 ----a-w- c:\windows\d3dx.dat
2009-06-15 10:45 . 2004-09-22 07:51 79872 ----a-w- c:\windows\system32\telnet.exe
2008-05-10 10:49 . 2008-05-10 10:49 454656 ----a-w- c:\program files\putty.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-07_14.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-11 14:00 . 2009-09-11 14:00 16384 c:\windows\temp\Perflib_Perfdata_6cc.dat
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\drivers\usbaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 01:11 . 2008-12-12 01:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 01:18 . 2008-12-12 01:18 87336 c:\windows\system32\dns-sd.exe
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-29 03:14 . 2009-09-11 10:58 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-29 03:14 . 2009-09-07 14:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-08 12:40 . 2009-09-08 12:40 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 10398 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 25214 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
+ 2009-09-08 12:42 . 2009-09-08 12:42 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2007-11-06 12:02 . 2007-11-06 12:02 627200 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcr90.dll
+ 2007-11-06 12:02 . 2007-11-06 12:02 851456 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcp90.dll
+ 2007-11-06 10:24 . 2007-11-06 10:24 245248 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcm90.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-09-08 13:19 . 2009-09-08 13:19 354304 c:\windows\Installer\aee880.msi
+ 2009-09-11 13:11 . 2009-09-11 13:11 686080 c:\windows\Installer\7a4c7d.msi
+ 2009-09-08 12:43 . 2009-09-08 12:43 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-09-08 12:42 . 2009-09-08 12:43 4945408 c:\windows\Installer\8b1db3.msi
+ 2009-09-08 12:42 . 2009-09-08 12:42 1659392 c:\windows\Installer\8b1daf.msi
+ 2009-09-08 12:41 . 2009-09-08 12:42 8992256 c:\windows\Installer\8b1da9.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 1549312 c:\windows\Installer\8b1b49.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 3295232 c:\windows\Installer\8b1b1a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-16 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-02 13594624]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-02 86016]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-02 17530368]

c:\documents and settings\alikim\ѓўҐ Ґо\ЏаЈал\ЂўвЈагЄ\
taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-9-22 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"RasMan"=3 (0x3)
"gusvc"=2 (0x2)
"navapsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"StarWindService"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"AVP"=3 (0x3)
"ASWLSVC"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/09/2009 02:23 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [17/08/2006 10:05 16269]
R3 IRCOMM;IRCOMM;c:\windows\system32\drivers\Ircomm.sys [2/12/2006 19:55 54132]
R3 KRNBRIDG;IrBridge Kernel-Level Interface;c:\windows\system32\drivers\krnbridg.sys [2/12/2006 19:55 14436]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/07/2009 00:49 1029456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 22:34 1684736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 SNPHV71;QB-300;c:\windows\system32\drivers\snphv71.sys [10/07/2003 14:54 226048]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.100.132.148:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Translate with Lingvo - c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\alikim\Главное меню\Программы\IMVU\Run IMVU.lnk
TCP: {DD02E832-E78B-44AE-8C59-0C8EA01DD026} = 10.0.0.38
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath - c:\documents and settings\alikim\Application Data\Mozilla\Firefox\Profiles\fgcm7ply.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 00:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2344)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\LOCATOR.EXE
c:\windows\SYSTEM32\USRBRIDG.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\program files\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-11 0:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 14:06
ComboFix2.txt 2009-09-11 11:18
ComboFix3.txt 2009-09-11 01:06
ComboFix4.txt 2009-09-08 10:26
ComboFix5.txt 2009-09-11 13:49

Pre-Run: 10,236,329,984 байт свободно
Post-Run: 10,086,154,240 байт свободно

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
401

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 11 September 2009 - 10:00 AM

That's better.. Now please rerun ComboFix and install the Recovery Console when asked.. Then post the log here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 10:46 AM

Here you are.. I am still not asked to install the console though..

---------------------------------------------------------------------------
ComboFix 09-09-10.03 - alikim 12/09/2009 1:34.6.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1049.18.1919.1387 [GMT 10:00]
Running from: c:\documents and settings\alikim\Рабочий стол\Combo-Fix.exe
FW: Tiny Firewall 6.5 *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2022-08-29 18:59 . 2022-08-29 18:59 -------- d-----w- c:\documents and settings\NetworkService\Главное меню
2022-08-29 14:07 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2022-08-29 14:07 . 2001-10-19 11:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2022-08-29 14:07 . 2001-10-19 11:06 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2022-08-29 14:06 . 2001-08-17 20:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2022-08-29 14:06 . 2001-08-17 10:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2022-08-29 14:06 . 2004-08-03 12:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2022-08-29 14:06 . 2004-08-03 12:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2022-08-29 14:06 . 2004-08-03 12:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2022-08-29 14:06 . 2001-10-19 10:36 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2022-08-29 14:05 . 2001-08-17 11:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2022-08-29 14:05 . 2001-10-19 11:06 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2022-08-29 14:05 . 2001-10-19 11:06 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2022-08-29 14:05 . 2004-08-18 06:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2022-08-29 14:05 . 2004-08-18 06:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2022-08-29 14:05 . 2001-08-17 11:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2022-08-29 14:05 . 2004-08-03 12:29 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2022-08-29 14:05 . 2001-08-17 10:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2022-08-29 14:05 . 2004-08-03 12:29 25471 ----a-w- c:\windows\system32\dllcache\watv10nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 22271 ----a-w- c:\windows\system32\dllcache\watv06nt.sys
2022-08-29 14:05 . 2004-08-03 12:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2022-08-29 14:03 . 2001-08-17 11:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2022-08-29 14:03 . 2001-08-17 11:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2022-08-29 14:03 . 2001-08-17 11:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2022-08-29 14:03 . 2001-08-17 11:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2022-08-29 14:03 . 2001-08-17 11:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2022-08-29 14:03 . 2001-08-17 11:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2022-08-29 14:03 . 2001-08-17 11:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2022-08-29 14:03 . 2001-08-17 11:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2022-08-29 14:03 . 2001-08-17 11:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2022-08-29 14:02 . 2004-08-17 05:52 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2022-08-29 14:02 . 2008-04-14 16:10 76288 ----a-w- c:\windows\system32\dllcache\uniime.dll
2022-08-29 14:02 . 2001-10-19 11:06 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2022-08-29 14:02 . 2001-10-19 11:06 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2022-08-29 14:02 . 2001-10-19 11:06 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2022-08-29 14:02 . 2001-10-19 11:06 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2022-08-29 14:02 . 2001-10-19 11:06 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2022-08-29 14:02 . 2001-08-17 11:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2022-08-29 14:02 . 2001-10-19 11:06 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2022-08-29 14:01 . 2001-10-19 11:06 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2022-08-29 14:01 . 2001-10-19 11:06 212480 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2022-08-29 14:01 . 2001-10-19 11:06 216576 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2022-08-29 14:01 . 2001-08-17 11:52 36736 ----a-w- c:\windows\system32\dllcache\ultra.sys
2022-08-29 14:01 . 2001-08-17 11:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2022-08-29 14:01 . 2004-08-18 06:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2022-08-29 14:01 . 2001-08-17 10:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2022-08-29 14:01 . 2001-10-19 11:06 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2022-08-29 14:01 . 2001-08-17 10:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2022-08-29 14:01 . 2001-10-19 11:05 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2022-08-29 13:59 . 2001-08-17 10:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2022-08-29 13:59 . 2001-10-19 11:05 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2022-08-29 13:59 . 2004-08-18 06:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2022-08-29 13:59 . 2001-08-17 10:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2022-08-29 13:59 . 2004-08-18 06:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2022-08-29 13:59 . 2001-08-17 10:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2022-08-29 13:59 . 2004-08-18 06:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2022-08-29 13:59 . 2001-08-17 11:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2022-08-29 13:59 . 2001-08-17 11:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2022-08-29 13:59 . 2001-08-17 10:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2022-08-29 13:59 . 2001-10-19 11:05 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2022-08-29 13:59 . 2001-08-17 12:07 32640 ----a-w- c:\windows\system32\dllcache\symc8xx.sys
2022-08-29 13:59 . 2001-08-17 12:07 16256 ----a-w- c:\windows\system32\dllcache\symc810.sys
2022-08-29 13:58 . 2001-08-17 12:07 30688 ----a-w- c:\windows\system32\dllcache\sym_u3.sys
2022-08-29 13:58 . 2001-08-17 12:07 28384 ----a-w- c:\windows\system32\dllcache\sym_hi.sys
2022-08-29 13:58 . 2001-10-19 11:06 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2022-08-29 13:58 . 2001-08-17 11:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2022-08-29 13:58 . 2001-08-17 12:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2022-08-29 13:58 . 2001-10-19 11:06 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2022-08-29 13:58 . 2001-10-19 11:06 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2022-08-29 13:58 . 2001-10-19 11:06 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2022-08-29 13:58 . 2001-10-19 11:06 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2022-08-29 13:58 . 2001-10-19 11:06 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2022-08-29 13:58 . 2001-10-19 10:22 286208 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2022-08-29 13:57 . 2001-10-19 10:21 17024 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2022-08-29 13:57 . 2001-08-17 10:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2022-08-29 13:57 . 2001-10-19 11:06 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2022-08-29 13:57 . 2004-08-18 06:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2022-08-29 13:57 . 2001-10-19 11:06 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2022-08-29 13:57 . 2001-08-17 11:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2022-08-29 13:57 . 2001-10-19 11:06 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2022-08-29 13:57 . 2001-08-17 12:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2022-08-29 13:57 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2022-08-29 13:57 . 2001-08-17 10:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2022-08-29 13:57 . 2001-10-19 11:06 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2022-08-29 13:55 . 2001-10-19 11:06 33792 ----a-w- c:\windows\system32\dllcache\smb0w.dll
2022-08-29 13:54 . 2001-10-19 11:05 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2022-08-29 13:54 . 2001-08-17 10:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2022-08-29 13:54 . 2001-10-19 11:05 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2022-08-29 13:54 . 2001-08-17 10:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2022-08-29 13:54 . 2004-08-18 06:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2022-08-29 13:54 . 2001-10-19 10:42 161664 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2022-08-29 13:54 . 2001-07-21 12:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2022-08-29 13:54 . 2001-08-17 10:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2022-08-29 13:54 . 2001-10-19 11:05 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2022-08-29 13:54 . 2001-08-17 10:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2022-08-29 13:54 . 2001-10-19 10:41 6912 ----a-w- c:\windows\system32\dllcache\serscan.sys
2022-08-29 13:54 . 2001-10-19 10:41 17920 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2022-08-29 13:54 . 2001-10-19 11:06 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2022-08-29 13:53 . 2001-08-17 11:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2022-08-29 13:53 . 2001-08-17 11:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2022-08-29 13:53 . 2001-10-19 11:06 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2022-08-29 13:53 . 2001-10-19 10:41 17536 ----a-w- c:\windows\system32\dllcache\scr111.sys
2022-08-29 13:53 . 2001-10-19 10:41 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2022-08-29 13:53 . 2001-08-17 11:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2022-08-29 13:53 . 2001-10-19 10:41 24064 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2022-08-29 13:53 . 2001-10-19 11:04 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2022-08-29 13:53 . 2001-08-17 10:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2022-08-29 13:53 . 2001-10-19 11:05 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2022-08-29 13:53 . 2001-08-17 10:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2022-08-29 13:53 . 2001-10-19 11:05 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2022-08-29 13:51 . 2004-08-03 12:31 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2022-08-29 13:51 . 2001-08-17 10:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2022-08-29 13:51 . 2001-08-17 10:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2022-08-29 13:51 . 2001-10-19 11:06 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2022-08-29 13:51 . 2001-08-17 10:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2022-08-29 13:51 . 2001-08-17 10:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2022-08-29 13:51 . 2001-10-19 11:04 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2022-08-29 13:51 . 2001-10-19 11:06 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2022-08-29 13:51 . 2004-08-18 06:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2022-08-29 13:51 . 2004-08-03 12:41 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2022-08-29 13:51 . 2001-08-17 11:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2022-08-29 13:51 . 2001-10-19 10:37 714986 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2022-08-29 13:49 . 2001-10-19 11:06 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2022-08-29 13:48 . 2001-08-17 12:04 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:12 . 2006-11-29 11:30 25568 ----a-w- c:\documents and settings\alikim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 12:19 . 2009-08-27 12:19 47360 ----a-w- c:\documents and settings\alikim\Application Data\pcouffin.sys
2009-08-11 02:35 . 2006-08-16 23:44 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:01 . 2004-09-22 07:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2004-09-22 07:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2004-09-22 07:50 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 19:23 . 2009-04-22 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:03 . 2004-09-22 07:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 13:43 . 2004-09-22 07:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2004-09-22 07:51 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-09-22 07:51 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-09-22 07:51 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-09-22 07:51 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-09-22 07:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-09-22 07:51 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-09-22 07:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-09-22 07:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 22:44 . 2009-06-20 22:44 4096 ----a-w- c:\windows\d3dx.dat
2009-06-15 10:45 . 2004-09-22 07:51 79872 ----a-w- c:\windows\system32\telnet.exe
2008-05-10 10:49 . 2008-05-10 10:49 454656 ----a-w- c:\program files\putty.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-07_14.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-09-08 12:40 . 2009-07-09 02:16 39424 c:\windows\system32\drivers\usbaapl.sys
+ 2009-09-08 12:42 . 2009-03-19 06:32 23400 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 01:11 . 2008-12-12 01:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 01:18 . 2008-12-12 01:18 87336 c:\windows\system32\dns-sd.exe
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-16 23:42 . 2009-09-07 14:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-16 23:42 . 2009-09-11 10:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-29 03:14 . 2009-09-07 14:34 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-08-29 03:14 . 2009-09-11 10:58 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-09-08 12:40 . 2009-09-08 12:40 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 10398 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
+ 2009-09-08 13:19 . 2009-09-08 13:19 25214 c:\windows\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
+ 2009-09-08 12:42 . 2009-09-08 12:42 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2007-11-06 12:02 . 2007-11-06 12:02 627200 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcr90.dll
+ 2007-11-06 12:02 . 2007-11-06 12:02 851456 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcp90.dll
+ 2007-11-06 10:24 . 2007-11-06 10:24 245248 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_0296e955\msvcm90.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-09-08 12:42 . 2008-04-17 02:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-09-08 13:19 . 2009-09-08 13:19 354304 c:\windows\Installer\aee880.msi
+ 2009-09-11 13:11 . 2009-09-11 13:11 686080 c:\windows\Installer\7a4c7d.msi
+ 2009-09-08 12:43 . 2009-09-08 12:43 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-09-08 12:40 . 2009-07-09 02:16 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-09-08 12:42 . 2009-09-08 12:43 4945408 c:\windows\Installer\8b1db3.msi
+ 2009-09-08 12:42 . 2009-09-08 12:42 1659392 c:\windows\Installer\8b1daf.msi
+ 2009-09-08 12:41 . 2009-09-08 12:42 8992256 c:\windows\Installer\8b1da9.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 1549312 c:\windows\Installer\8b1b49.msi
+ 2009-09-08 12:40 . 2009-09-08 12:40 3295232 c:\windows\Installer\8b1b1a.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-16 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-02 13594624]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-20 761945]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lvagent.exe" [2004-10-09 110592]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-02 86016]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-02 17530368]

c:\documents and settings\alikim\ѓўҐ Ґо\ЏаЈал\ЂўвЈагЄ\
taskmgr.exe.lnk - c:\windows\system32\taskmgr.exe [2004-9-22 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Windows Search.lnk]
path=c:\documents and settings\All Users\Главное меню\Программы\Автозагрузка\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"RasMan"=3 (0x3)
"gusvc"=2 (0x2)
"navapsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"wscsvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"StarWindService"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=2 (0x2)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"AVP"=3 (0x3)
"ASWLSVC"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apache2"=3 (0x3)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/09/2009 02:23 64160]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [16/01/2009 16:31 161064]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [17/08/2006 10:05 16269]
R3 IRCOMM;IRCOMM;c:\windows\system32\drivers\Ircomm.sys [2/12/2006 19:55 54132]
R3 KRNBRIDG;IrBridge Kernel-Level Interface;c:\windows\system32\drivers\krnbridg.sys [2/12/2006 19:55 14436]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys --> c:\windows\system32\drivers\klbg.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/07/2009 00:49 1029456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 22:34 1684736]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S3 SNPHV71;QB-300;c:\windows\system32\drivers\snphv71.sys [10/07/2003 14:54 226048]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-15 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 212.100.132.148:3128
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Translate with Lingvo - c:\program files\ABBYY Lingvo 10 Multilingual Dictionary\Lingvo.exe/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\alikim\Главное меню\Программы\IMVU\Run IMVU.lnk
TCP: {DD02E832-E78B-44AE-8C59-0C8EA01DD026} = 10.0.0.38
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} - hxxps://w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath - c:\documents and settings\alikim\Application Data\Mozilla\Firefox\Profiles\fgcm7ply.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 01:41
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-11 1:43
ComboFix-quarantined-files.txt 2009-09-11 15:43
ComboFix2.txt 2009-09-11 11:18
ComboFix3.txt 2009-09-11 01:06
ComboFix4.txt 2009-09-08 10:26
ComboFix5.txt 2009-09-11 13:49

Pre-Run: 10,135,797,760 байт свободно
Post-Run: 10,119,413,760 байт свободно

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
370

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 11 September 2009 - 11:05 AM

Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 alikim

alikim
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 11 September 2009 - 09:15 PM

voila

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users