Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

services.exe creates to many smtp connections


  • This topic is locked This topic is locked
2 replies to this topic

#1 LanMi

LanMi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 24 June 2010 - 04:21 PM

Here is my Combofix log so if anyone can help me. I try everything to remove this rootkit but it apears again and again.

I think that is some hidden trojan mail spammer that creates this smtp relayed connections using rootkit proces services.exe.

I doubt in wvcmk.sys file inside windows system32 drivers folder, it creates every time i start windows XP.

I can't delete that file. I located that hidden driver in Device Manager, and also located LEGACY_WVCMK registry key.

How to remove this rootkit? Can someone please help me.




ComboFix 10-06-19.03 - LanMi 20.06.2010 16:04:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.540 [GMT 2:00]
Running from: e:\softver\AVG Internet Security 9.0\ComboFix.exe
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\LanMi\Application Data\BITS
c:\documents and settings\LanMi\Application Data\BITS\BITS.ini
c:\documents and settings\LanMi\Application Data\BITS\DHTTable.dat
c:\documents and settings\LanMi\Application Data\BITS\ProxyList.ini
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000208.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000208.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000224.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000224.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000225.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000225.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000225.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000225.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523000225.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523003317.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523003317.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523003324.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523003324.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523035041.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523035041.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523035041.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523035041.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523035041.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092131.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092131.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092139.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092139.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092140.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092140.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523092140.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523093757.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523093757.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523093802.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523093802.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523133736.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523133736.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523133736.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523133736.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134306.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134306.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134807.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134807.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134810.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523134810.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523163342.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523163342.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523163342.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523163342.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523163342.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523180047.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523180047.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523180048.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100523180048.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524001857.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524001857.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524001859.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524001859.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524004400.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524004400.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524004407.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524004407.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent.seeds
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524032944.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224807.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224807.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224817.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224817.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224818.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100524224818.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013606.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013606.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013924.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013924.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013927.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525013927.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525014016.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525014016.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525014016.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525014016.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100525014016.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234654.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234654.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234655.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234655.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234656.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234656.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234657.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100526234657.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020045.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020045.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020050.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020050.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent.seeds
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527020051.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091934.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091934.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091935.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091935.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091936.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091936.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091937.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091937.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091938.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527091938.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230453.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230453.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230459.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230459.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230500.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230500.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230501.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230501.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230502.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100527230502.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230437.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230437.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230439.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230439.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230440.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230440.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230441.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230441.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230442.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528230442.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231833.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231833.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231834.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231834.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231835.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231835.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231836.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231836.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231837.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100528231837.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234224.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234224.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234246.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234246.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent.bits
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent.hybridlist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent.seeds
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100605234247.torrent.statistic
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100606144522.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100606144522.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607001840.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607001840.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607202142.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607202142.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607212512.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607212512.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607234950.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100607234950.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100608223428.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100608223428.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100610193620.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100610193620.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100611223256.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100611223256.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100614202701.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100614202701.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100615233644.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100615233644.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100616230026.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100616230026.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100617222909.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100617222909.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100618230601.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100618230601.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619121559.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619121559.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619130716.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619130716.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619181142.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619181142.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619232214.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100619232214.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620090541.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620090541.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620122443.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620122443.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620135845.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620135845.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620144644.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620144644.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620145803.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620145803.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620152928.torrent
c:\documents and settings\LanMi\Application Data\BITS\Torrent\20100620152928.torrent.filelist
c:\documents and settings\LanMi\Application Data\BITS\UPnP.ini
c:\documents and settings\LanMi\Application Data\FlashGetBHO
c:\documents and settings\LanMi\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\LanMi\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\LanMi\Application Data\FlashGetBHO\FlashGetHook1.dll
c:\documents and settings\LanMi\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\LanMi\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_107x7322222.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1309444450.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_44477.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_444777.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_500.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_km.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1276851913.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dat\torrent\28613937_[isoHunt] Sex and the City 2 (2010) DVDRip XviD-MAXSPEED.torrent
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\n.tmp
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\UNWISE.EXE
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SERV-U
-------\Service_Serv-U


((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 13:01 . 2010-06-20 13:01 -------- d-----w- C:\VundoFix Backups
2010-06-20 09:57 . 2010-06-20 09:57 69680 ----a-w- c:\windows\system32\PxSecure.dll
2010-06-20 09:57 . 2010-06-20 09:57 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-06-20 09:57 . 2010-06-20 09:57 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-06-20 09:57 . 2010-06-20 09:57 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-06-20 09:56 . 2010-06-20 09:56 -------- d-----w- c:\program files\Prevx
2010-06-20 09:56 . 2010-06-20 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-06-20 08:41 . 2010-06-20 08:41 63488 ----a-w- c:\documents and settings\LanMi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-20 08:41 . 2010-06-20 08:41 52224 ----a-w- c:\documents and settings\LanMi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-20 08:41 . 2010-06-20 08:41 117760 ----a-w- c:\documents and settings\LanMi\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-20 08:41 . 2010-06-20 08:41 -------- d-----w- c:\documents and settings\LanMi\Application Data\SUPERAntiSpyware.com
2010-06-20 08:41 . 2010-06-20 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-20 08:41 . 2010-06-20 08:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-01 21:37 . 2010-06-01 21:37 -------- d-----w- C:\zemljoradnickazad
2010-06-01 21:30 . 2010-06-01 21:30 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-01 21:30 . 2010-06-01 21:30 -------- d-----w- c:\program files\Riva
2010-06-01 21:26 . 2009-04-09 13:03 57407 ----a-w- c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2010-06-01 21:16 . 2010-06-01 21:17 3688936 ----a-w- c:\documents and settings\LanMi\Application Data\FlashgetSetup\fgcn_7.exe
2010-06-01 21:14 . 2010-06-01 21:14 -------- d-----w- c:\program files\VS Revo Group
2010-05-31 23:32 . 2010-05-31 23:32 -------- d-----w- c:\documents and settings\LanMi\Application Data\Moyea
2010-05-31 21:12 . 2010-05-31 21:12 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-31 21:12 . 2010-05-31 21:12 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-28 22:51 . 2010-05-28 22:51 -------- d-----w- c:\program files\TIVistadriver
2010-05-28 22:43 . 2006-12-30 12:25 78720 -c----w- c:\windows\system32\dllcache\sdbus.sys
2010-05-28 22:43 . 2006-12-30 12:18 11904 -c----w- c:\windows\system32\dllcache\sffdisk.sys
2010-05-28 22:43 . 2006-12-30 12:18 11008 -c----w- c:\windows\system32\dllcache\sffp_sd.sys
2010-05-28 22:43 . 2006-12-30 12:18 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys
2010-05-28 22:43 . 2006-12-30 12:18 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-05-21 23:40 . 2010-05-21 23:40 -------- d-sh--w- c:\documents and settings\LanMi\IECompatCache
2010-05-21 23:38 . 2010-05-21 23:38 -------- d-sh--w- c:\documents and settings\LanMi\PrivacIE
2010-05-21 23:35 . 2010-05-21 23:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-21 23:34 . 2010-05-21 23:34 -------- d-sh--w- c:\documents and settings\LanMi\IETldCache
2010-05-21 23:27 . 2010-05-21 23:30 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 14:25 . 2009-12-24 22:30 741376 ----a-w- c:\windows\system32\drivers\wvcmk.sys
2010-06-20 14:24 . 2007-03-28 08:45 -------- d-----w- c:\documents and settings\LanMi\Application Data\Skype
2010-06-20 14:23 . 2009-04-24 20:35 -------- d-----w- c:\documents and settings\LanMi\Application Data\skypePM
2010-06-20 14:23 . 2009-11-22 20:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-20 12:11 . 2010-02-27 11:24 0 ----a-w- c:\documents and settings\LanMi\Local Settings\Application Data\prvlcl.dat
2010-06-07 22:11 . 2006-06-13 14:37 60592 ----a-w- c:\documents and settings\LanMi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-01 21:25 . 2010-01-17 19:18 -------- d-----w- c:\documents and settings\LanMi\Application Data\FlashGet
2010-06-01 21:17 . 2010-04-06 18:24 -------- d-----w- c:\documents and settings\LanMi\Application Data\FlashgetSetup
2010-05-31 23:14 . 2006-06-14 11:38 3714 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-31 21:12 . 2009-04-17 08:40 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-31 21:12 . 2008-12-12 22:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-11 21:45 . 2007-02-28 12:24 -------- d-----w- c:\program files\KeePass Password Safe
2010-04-26 21:12 . 2009-10-17 12:04 -------- d-----w- c:\documents and settings\LanMi\Application Data\MySQL
2010-03-26 08:33 . 2010-05-01 22:01 1496064 ----a-w- c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 08:33 . 2010-05-01 22:01 43008 ----a-w- c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 08:33 . 2010-05-01 22:01 339456 ----a-w- c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 08:32 . 2010-05-01 22:01 346112 ----a-w- c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2006-06-17 17:23 . 2006-06-14 11:40 56 --sh--r- c:\windows\system32\4D388FA88B.sys
.

------- Sigcheck -------

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . C1783498EDB152656303B5D5BCABD86C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-23 5537792]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-04-01 299520]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-05-31 2065248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"MaxRecentDocs"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 23:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^LanMi^Start Menu^Programs^Startup^siszyd32.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatBar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-09-04 03:52 88363 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-15 18:15 133104 ----atw- c:\documents and settings\LanMi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 14:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-02-23 20:26 1495040 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional]
2005-09-20 17:09 422912 ----a-w- c:\program files\TweakNow PowerPack 2006\RAM2_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 08:42 69632 ----a-w- c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDesk]
2005-08-21 07:39 1746944 ----a-w- c:\program files\TweakNow PowerPack 2006\VirDesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iFtpSvc"=2 (0x2)
"wscsvc"=2 (0x2)
"Themes"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"AVGIDSWatcher"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Vypress Chat\\VyChat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\LanMi\\Application Data\\FlashgetSetup\\fgmini.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28.12.2009 1:16 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.6.2006 23:09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.6.2006 23:09 5248]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [20.6.2010 11:57 30320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.12.2008 0:51 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.4.2009 10:40 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [18.1.2008 1:37 24635]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5.3.2010 1:09 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5.3.2010 1:11 308064]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [20.6.2010 11:56 6385616]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [22.11.2009 22:22 583640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [20.6.2010 11:57 61624]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24.9.2006 21:22 11776]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [20.6.2010 11:57 24400]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24.9.2006 21:23 3584]
S0 aapdim;aapdim; [x]
S0 lnagnl;lnagnl; [x]
S0 trdmw;trdmw; [x]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [21.12.2007 4:01 60928]
S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys --> c:\windows\system32\drivers\Btcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys --> c:\windows\system32\DRIVERS\btkrnbdg.sys [?]
S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys --> c:\windows\system32\Drivers\csrbc01.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - wvcmk
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1965331169-839522115-1003Core.job
- c:\documents and settings\LanMi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 18:15]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1965331169-839522115-1003UA.job
- c:\documents and settings\LanMi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-15 18:15]

2010-06-20 c:\windows\Tasks\User_Feed_Synchronization-{56B7B76A-1CA2-4CB0-914B-FCC57D6B0B1C}.job
- c:\windows\system32\msfeedssync.exe [2007-02-25 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = proxy.studnet.lan:8080
uInternet Settings,ProxyOverride = localhost;127.0.0.1;studnet.lan;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all by FlashGet3 - c:\documents and settings\LanMi\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\LanMi\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zend Studio - Debug current page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: kuaiche.com\software
TCP: {FAAD1511-3297-43BA-B142-56C25DAFE4DE} = 194.106.162.2,194.106.162.3
FF - ProfilePath - c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\documents and settings\LanMi\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-RunOnce-FFTI - c:\documents and settings\LanMi\Application Data\Mozilla\Firefox\Profiles\sjmtqubb.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
MSConfigStartUp-sysgif32 - c:\windows\TEMP\~TMC.tmp
AddRemove-Astroburn Toolbar - c:\program files\Astroburn Toolbar\uninst.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B9A200]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7599fc3
\Driver\ACPI -> ACPI.sys @ 0xf73e6cb8
\Driver\atapi -> 0x86b9a200
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
ParseProcedure -> ntkrnlpa.exe @ 0x80576964
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7183bc3
PacketIndicateHandler -> NDIS.sys @ 0xf718fb21
SendHandler -> NDIS.sys @ 0xf7183d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wvcmk]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{364010BE-0DB9-8C06-836B-527291855B25}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abaiaaolfenllabjgmgccdlneapjkacllo"=hex:61,61,00,00
"bbaiaaolfenllabjgmbcbbidpeolkehknned"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fe,c3,2f,3b,df,6e,4c,7e,db,66,5f,28,64,6f,42,06,55,d3,6b,18,1e,
e8,87,4d,bc,2a,f9,fe,4b,70,2d,fa,10,c8,53,9e,0c,9c,79,c4,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f4b9b059-e212-4ab7-a1e2-99031ac2a2e0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000dc
"Therad"=dword:00000030
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,a3,4d,8a,86,a6,1f,8c,ed,c4,9f,27,cf,25,5d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\setuid.dll

- - - - - - - > 'explorer.exe'(5188)
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\program files\TortoiseCVS\TrtseShl.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\program files\UltraMon\Resources\en\UltraMonRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\CVSNT\cvslock.exe
c:\program files\CVSNT\cvsservice.exe
c:\xampp\filezillaftp\filezillaserver.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-06-20 16:29:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-20 14:29

Pre-Run: 541.782.016 bytes free
Post-Run: 553.082.880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - D919CE2189D86ECBE20D4346091ACBDD


BC AdBot (Login to Remove)

 


#2 LanMi

LanMi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 26 June 2010 - 06:21 PM

SOLVED.

This was the key line in COMBOFIX report which tells all.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wvcmk]

My AVG 9.0 antivirus didn't detected this rootkit virus, so i uninstalled AVG. During uninstallation i have some dificulties because some AVG keys in registry where changed somehow (maybe by virus infection). I used AVG repair tool from their site to fix my registry keys first.

After that i installed kaspersky 2011 trial version and he imidiately detected

26.6.2010 01:20:31
Kaspersky Anti-Virus Protection Center
Detected Virus Rootkit.Win32.Bubnix.au High Exact
C:\WINDOWS\system32\drivers\wvcmk.sys

and successfully desinfected and removed rootkit.

Now there are no more unwanted SMTP connections and unwanted driver loading by services.exe.

Edited by Pandy, 02 August 2010 - 06:24 AM.
Moved from AII as a CF log is included and closed as resolved ~Pandy


#3 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:51 PM

Posted 02 August 2010 - 06:27 AM

Since this issue appears to be resolve I will close it now. Should this topic need to be reopened please send me a PM. This applies to the topic starter only. To anyone else please start your own topic.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users