Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 patched.DY problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 blodg

blodg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 14 July 2010 - 06:30 AM

I logged on my pc a few days ago and i found that the internet would not work I just got an X across the screens at the bottom so I did the obvious and started an AVG scan this came up with a virus in

As said in my 1st topic http://www.bleepingcomputer.com/forums/topic331281.html

AVG Scan Said

Files: Windows\system32\drivers\pciide.sys
Infection: Win32/patched.DY
Result: object is white-listed (critical/system file that should not be removed)

This problem seems to be blocking my internet

The Scan results are As Follows




*************DDS Scan****************

DDS (Ver_10-03-17.01) - NTFSx86
Run by Asus at 11:27:58.12 on 14/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3071.1735 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dgdersvc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\vsnpstd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\Explorer.exe
C:\Users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Asus\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\users\asus\desktop\maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IDMIECC.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IDMan] c:\users\asus\desktop\maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IDMan.exe /onboot
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [KiesTrayAgent] c:\program files\samsung\kies\/\KiesTrayAgent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [none] c:\AUTOEXEC.BAT
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\users\asus\desktop\maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\asus\desktop\maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEGetVL.htm
IE: Download with IDM - c:\users\asus\desktop\maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\asus\appdata\roaming\mozilla\firefox\profiles\rx2mxe92.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\msn toolbar\platform\6.0.2156.0\firefox\components\DomBridge.dll
FF - component: c:\users\asus\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\asus\appdata\roaming\mozilla\firefox\profiles\rx2mxe92.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\6.0.2156.0\npwinext.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-6 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-6 29584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-15 308064]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-6-4 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-20 217088]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-6-4 18136]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-20 36640]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-6 242896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-1 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-6-7 1424232]
S3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\samsung\kies\wiselinkpro\WiselinkPro.exe [2010-6-4 9241088]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-5-20 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-5-20 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-5-20 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-5-20 100224]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-5-20 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-5-20 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-5-20 123648]
S3 TNET1130;TNET1130 Long Range PCI Wireless Network Card;c:\windows\system32\drivers\TNET1130.sys [2008-9-5 386688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2099-01-04 22:36:39 0 d-----w- c:\windows\Panther
2099-01-04 22:36:24 333257 --sha-r- C:\bootmgr
2099-01-04 22:36:24 0 d-----w- C:\Boot
2099-01-04 14:40:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-14 10:25:27 0 ----a-w- c:\users\asus\defogger_reenable
2010-07-14 10:12:49 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-14 10:03:03 0 d-----w- C:\ComboFix
2010-07-11 23:31:27 0 d-----w- c:\program files\Metin2
2010-07-10 14:16:15 0 d-----w- c:\programdata\DivX
2010-07-03 23:14:30 0 d-----w- c:\users\asus\appdata\roaming\NCH Software
2010-07-01 09:37:57 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-07-01 09:34:07 0 d-----w- c:\program files\MSN Toolbar
2010-07-01 09:33:51 0 d-----w- c:\program files\Bing Bar Installer
2010-07-01 09:29:22 754688 ----a-w- c:\windows\system32\webservices.dll
2010-06-30 09:17:20 0 d-----w- c:\program files\Trend Micro
2010-06-30 08:21:19 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-30 08:21:19 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 02:00:11 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:00:11 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:00:11 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:00:11 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:00:11 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 23:03:18 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 23:03:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-07-14 10:23:22 34805 ----a-w- c:\programdata\nvModes.dat
2010-07-14 10:22:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-10 13:40:16 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-10 13:40:16 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-10 13:40:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-09 15:54:30 315992 ----a-w- C:\IMG_0000.DAT
2010-06-07 16:33:38 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-06-04 09:05:44 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-06-04 09:02:32 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-06-04 09:02:32 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-06-04 09:02:32 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-06-04 09:02:32 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-06-02 18:01:28 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 06:51:00 106609 ----a-w- c:\windows\system32\MaJUtilLib.dll
2010-04-26 14:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 07:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-22 10:05:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-14 12:42:10 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-16 10:31:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-02-16 10:31:18 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-02-16 10:35:44 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-15 06:17:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-09 14:35:31 8 --sh--r- c:\windows\system32\1E5CE78B07.sys
2010-01-18 16:52:24 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:28:39.18 ===============






*************Combofix Scan****************





ComboFix 10-07-10.02 - Asus 14/07/2010 11:03:49.11.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3071.1958 [GMT 1:00]
Running from: c:\users\Asus\Documents\Downloads\Programs\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2099-01-04 22:36 . 2099-01-04 14:40 -------- d-----w- c:\windows\Panther
2099-01-04 22:36 . 2010-01-30 16:09 -------- d-----w- C:\Boot
2099-01-04 14:42 . 2008-10-20 09:42 -------- d-----w- c:\windows\Debug
2010-07-14 10:10 . 2010-07-14 10:14 -------- d-----w- c:\users\Asus\AppData\Local\temp
2010-07-14 10:10 . 2010-07-14 10:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-14 10:10 . 2010-07-14 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-11 23:31 . 2010-07-12 00:03 -------- d-----w- c:\program files\Metin2
2010-07-10 14:16 . 2010-07-10 14:18 -------- d-----w- c:\programdata\DivX
2010-07-03 23:14 . 2010-07-03 23:14 -------- d-----w- c:\users\Asus\AppData\Roaming\NCH Software
2010-07-01 09:37 . 2010-06-07 16:09 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-07-01 09:34 . 2010-07-01 09:34 -------- d-----w- c:\program files\MSN Toolbar
2010-07-01 09:33 . 2010-07-01 09:34 -------- d-----w- c:\program files\Bing Bar Installer
2010-07-01 09:32 . 2010-07-01 09:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-01 09:29 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-07-01 09:28 . 2010-07-09 14:03 -------- d-----w- c:\users\Asus\AppData\Local\Windows Live
2010-06-30 09:17 . 2010-06-30 09:17 -------- d-----w- c:\program files\Trend Micro
2010-06-30 08:21 . 2010-06-30 10:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-30 08:21 . 2010-06-30 09:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 02:00 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:00 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:00 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:00 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:00 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 23:03 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 23:03 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-01-04 14:40 . 2099-01-04 14:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-07-14 10:14 . 2010-04-08 16:20 -------- d-----w- c:\users\Asus\AppData\Roaming\Skype
2010-07-14 10:13 . 2010-05-21 10:10 34805 ----a-w- c:\programdata\nvModes.dat
2010-07-14 10:11 . 2008-09-18 18:25 -------- d-----w- c:\programdata\NVIDIA
2010-07-14 10:11 . 2010-05-09 18:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-14 10:00 . 2010-04-08 16:22 -------- d-----w- c:\users\Asus\AppData\Roaming\skypePM
2010-07-12 10:12 . 2010-05-22 21:53 -------- d-----w- c:\program files\Ask.com
2010-07-11 20:05 . 2010-07-11 20:05 2956168 ----a-w- c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rx2mxe92.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-11 15:01 . 2009-12-06 18:41 -------- d-----w- c:\programdata\avg9
2010-07-11 09:22 . 2009-10-18 14:09 -------- d-----w- c:\program files\Cheat Engine
2010-07-10 14:18 . 2010-07-10 14:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 14:18 . 2010-07-10 14:18 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-10 14:18 . 2010-07-10 14:18 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 14:18 . 2009-10-28 12:39 -------- d-----w- c:\program files\DivX
2010-07-10 14:18 . 2010-07-10 14:18 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-10 14:18 . 2010-07-10 14:18 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-10 14:18 . 2010-07-10 14:18 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-10 14:18 . 2010-07-10 14:18 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-10 14:18 . 2009-10-28 12:39 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-10 14:16 . 2010-07-10 14:18 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-10 14:16 . 2010-07-10 14:18 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-04 07:35 . 2008-10-16 12:36 -------- d-----w- c:\users\Asus\AppData\Roaming\uTorrent
2010-07-03 23:14 . 2009-07-04 10:04 -------- d-----w- c:\program files\NCH Software
2010-07-01 11:04 . 2009-11-03 16:56 106160 ----a-w- c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 09:38 . 2008-10-16 13:24 -------- d-----w- c:\program files\Windows Live
2010-07-01 09:10 . 2009-09-19 08:29 -------- d-----w- c:\users\Asus\AppData\Roaming\FrostWire
2010-06-30 09:17 . 2010-06-30 09:17 388096 ----a-r- c:\users\Asus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-26 02:00 . 2009-06-18 16:28 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 13:35 . 2010-06-23 13:35 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4EC4.tmp.exe
2010-06-13 12:21 . 2010-06-13 11:50 -------- d-----w- c:\program files\Dekaron Slayers
2010-06-11 08:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 08:05 . 2008-10-16 12:36 -------- d-----w- c:\program files\uTorrent
2010-06-10 23:21 . 2009-06-18 16:25 -------- d-----w- c:\programdata\Microsoft Help
2010-06-10 15:34 . 2010-06-10 15:34 -------- d-----w- c:\program files\MyFree Codec
2010-06-10 14:31 . 2009-07-26 13:20 -------- d-----w- c:\program files\Warcraft III
2010-06-10 13:41 . 2008-09-05 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-10 13:41 . 2009-07-26 13:53 -------- d-----w- c:\program files\Garena
2010-06-10 13:37 . 2010-05-20 10:30 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-10 13:36 . 2009-07-20 14:37 -------- d-----w- c:\users\Asus\AppData\Roaming\Samsung
2010-06-10 13:36 . 2010-05-20 10:29 -------- d-----w- c:\programdata\Samsung
2010-06-10 13:36 . 2010-05-20 10:28 -------- d-----w- c:\program files\Common Files\Samsung
2010-06-10 13:36 . 2009-07-20 14:37 -------- d-----w- c:\program files\Samsung
2010-06-09 15:54 . 2010-06-09 21:32 315992 ----a-w- C:\IMG_0000.DAT
2010-06-09 12:58 . 2010-05-16 13:23 -------- d-----w- c:\program files\iTunes
2010-06-07 16:33 . 2010-06-07 16:33 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-06-05 10:02 . 2009-04-29 13:55 -------- d-----w- c:\users\Asus\AppData\Roaming\IDM
2010-06-05 08:19 . 2010-04-04 23:49 -------- d-----w- c:\program files\Hotspot Shield
2010-06-05 03:54 . 2010-07-11 15:08 265528 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-06-05 03:52 . 2010-07-11 15:08 4608 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\en-GB\MCS.Thunder.Update.resources.dll
2010-06-05 03:50 . 2010-07-11 15:08 47616 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-06-05 03:49 . 2010-07-11 15:08 12288 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-06-04 10:02 . 2010-07-11 15:08 9728 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-06-04 10:00 . 2010-07-11 15:08 204288 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\CabLib.dll
2010-06-04 09:59 . 2010-07-11 15:08 6656 ----a-w- c:\users\Asus\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-06-04 09:05 . 2009-07-20 14:38 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-06-04 09:02 . 2010-06-04 09:02 95568 ----a-w- c:\windows\system32\dgdersvc.exe
2010-06-04 09:02 . 2010-06-04 09:02 726352 ----a-w- c:\windows\system32\dgderapi.dll
2010-06-04 09:02 . 2010-06-04 09:02 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-06-04 09:02 . 2010-06-04 09:02 18136 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2010-06-03 08:56 . 2010-06-03 08:56 -------- d-----w- c:\programdata\PC Suite
2010-06-03 08:56 . 2010-06-03 08:56 -------- d-----w- c:\users\Asus\AppData\Roaming\PC Suite
2010-06-02 18:01 . 2009-12-06 18:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 18:01 . 2009-12-06 18:41 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 16:40 . 2009-04-29 13:55 -------- d-----w- c:\users\Asus\AppData\Roaming\DMCache
2010-05-31 16:40 . 2009-06-23 17:12 218544 ----a-w- c:\users\Asus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-31 16:38 . 2010-05-31 16:38 3205464 ----a-w- c:\users\Asus\AppData\Roaming\IDM\idmupdt.exe
2010-05-27 15:04 . 2010-05-27 15:04 680 ----a-w- c:\users\Asus\AppData\Local\d3d9caps.dat
2010-05-26 17:06 . 2010-06-10 10:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 10:14 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 12:47 . 2010-02-06 16:38 -------- d-----w- c:\program files\GameHi_USA
2010-05-26 12:43 . 2009-12-12 15:24 -------- d-----w- c:\programdata\Norton
2010-05-26 11:39 . 2010-05-26 11:39 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-05-22 22:24 . 2008-10-31 18:02 -------- d-----w- c:\programdata\Symantec
2010-05-22 21:54 . 2010-05-22 21:53 -------- d-----w- c:\users\Asus\AppData\Roaming\ManyCam
2010-05-21 10:07 . 2010-05-21 10:06 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-20 10:31 . 2010-05-20 10:31 -------- d-----w- c:\program files\DIFX
2010-05-20 10:29 . 2010-05-20 10:29 -------- d-----w- c:\program files\MarkAny
2010-05-16 13:23 . 2010-05-16 13:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-16 13:23 . 2010-05-16 13:23 -------- d-----w- c:\program files\iPod
2010-05-16 13:23 . 2008-11-24 10:50 -------- d-----w- c:\program files\Common Files\Apple
2010-05-16 13:21 . 2010-05-16 13:21 -------- d-----w- c:\program files\QuickTime
2010-05-16 13:19 . 2010-05-16 13:19 -------- d-----w- c:\program files\Bonjour
2010-05-16 13:15 . 2010-05-16 13:15 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-13 22:05 . 2010-05-13 22:05 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2010-05-13 11:12 . 2010-05-13 11:12 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-13 11:12 . 2010-05-13 11:09 38784 ----a-w- c:\users\Asus\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-04 05:59 . 2010-06-10 10:14 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 10:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 10:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 10:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 10:14 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 06:51 . 2010-05-01 06:51 106609 ----a-w- c:\windows\system32\MaJUtilLib.dll
2010-04-23 14:13 . 2010-05-26 12:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 23:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 23:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 23:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 23:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 07:33 . 2010-04-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 07:33 . 2010-04-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-09 14:35 . 2010-01-09 14:35 8 --sh--r- c:\windows\System32\1E5CE78B07.sys
2010-01-18 16:52 . 2010-01-09 14:35 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-30 21:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-05-13 22:06 220208 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files\Samsung\Kies\" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-06-07 4176760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
"IDMan"="c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IDMan.exe" [2010-05-26 3220912]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"none"="c:\AUTOEXEC.BAT" [2010-02-16 57]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk]
backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 09:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 10:20 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-10-22 19:39 757760 ----a-w- c:\program files\Warcraft III\eb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 13:03 3220912 ----a-w- c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 14:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 13:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 20:54 339968 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-20 22:00 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-07-03 16:00 2161160 ----a-w- c:\program files\XpertVision\TBPANEL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:b1,34,0e,16,9f,6a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3000718428-1516675723-597361126-1000]
"EnableNotificationsRef"=dword:00000001

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\Asus\AppData\Local\Temp\SFK9523.tmp [x]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-06-04 9241088]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-24 3117818]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2006-11-02 311808]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2009-10-09 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2009-10-09 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2009-10-09 123648]
R3 TNET1130;TNET1130 Long Range PCI Wireless Network Card;c:\windows\system32\DRIVERS\tnet1130.sys [2004-06-17 386688]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 vtayn;vtayn;c:\users\Asus\AppData\Local\Temp\vtayn.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-26 721904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-06-04 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-05-13 322608]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-06-04 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-04 36640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 20:30]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 20:30]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{6B29FBF7-8C42-469D-B822-75F0D91D6B0E}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEGetVL.htm
IE: Download with IDM - c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\Windows Live\Companion\companioncore.dll
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rx2mxe92.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\MSN Toolbar\Platform\6.0.2156.0\Firefox\components\DomBridge.dll
FF - component: c:\users\Asus\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\rx2mxe92.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 11:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cwtqvuxvyvdfnkc]
"imagepath"="\??\c:\windows\TEMP\5954.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Asus\AppData\Local\Temp\SFK9523.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\neqnbprwdnfxxms]
"imagepath"="\??\c:\windows\TEMP\2E80.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rbfuprvehpmoppx]
"imagepath"="\??\c:\windows\TEMP\8EA8.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tipscinkmpgvymt]
"imagepath"="\??\c:\windows\TEMP\B737.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000\Software\SecuROM\License information*]
"datasecu"=hex:21,f7,68,63,d3,63,37,8b,f6,a0,e9,4e,50,6e,94,b4,51,e4,86,35,03,
95,28,31,3d,37,9b,e1,91,f0,96,13,a2,8f,19,5a,03,e5,68,40,26,2b,99,33,c9,46,\
"rkeysecu"=hex:51,c1,52,70,56,d1,0a,d3,c7,ec,ac,54,57,4d,9a,98

[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000_Classes\CLSID\{0d52e29b-56db-40a7-9769-ff89e71c5932}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000093
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,f8,0b,f2,c4,7d,43,2e,bd,55,33,b6,8f,47,db,56,1c,3d,48,9c,d7,05,35,\

[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000_Classes\CLSID\{5191f4f1-d7b3-40b4-8048-07eae193569d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ed
"Therad"=dword:00000019
"MData"=hex(0):8a,6a,b8,13,42,8d,21,03,85,df,9a,2f,43,19,38,4d,83,ed,e9,9b,f1,
21,d1,c0,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):fd,28,f3,8c,71,3b,bc,64,47,7f,2c,12,7e,a3,92,7d,a7,1f,93,c2,20,
04,f4,71,e9,b7,f6,ef,8e,2f,8c,a8,39,05,51,f2,e6,a4,3d,d2,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3000718428-1516675723-597361126-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):61,9f,d9,00,2f,77,b6,33,12,87,b1,3e,75,69,db,85,f4,ef,84,be,b3,
73,f9,76,c8,c3,15,bd,c5,fc,77,f2,0d,e7,b3,09,75,3c,37,d1,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(5400)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\idmmkb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ASUS\AASP\1.00.33\aaCenter.exe
c:\users\Asus\Desktop\Maintenance\idman5.17.5.full\idman5.17.5.full\idman5.17.5.full\IEMonitor.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-14 11:19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 10:19
ComboFix2.txt 2010-07-12 10:32
ComboFix3.txt 2010-07-11 09:53
ComboFix4.txt 2010-05-27 12:41
ComboFix5.txt 2010-07-14 10:03

Pre-Run: 136,788,684,800 bytes free
Post-Run: 136,732,295,168 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3BB98807FEED1F5F95B67CA7F4271B57






*********************GMER LOG*******************





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-14 12:23:24
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kxldrpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\pciide.sys entry point in ".rsrc" section [0x864F1014]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvstor \Device\00000069 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 902FB728
Device \Driver\nvstor \Device\RaidPort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x96 0xEA 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x1B 0xA1 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x96 0xEA 0x67 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x1B 0xA1 0xCC ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\pciide.sys suspicious modification

---- EOF - GMER 1.0.15 ----


All logs are Attached As asked Thanks!!!

Attached Files


Edited by blodg, 14 July 2010 - 06:35 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 19 July 2010 - 07:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run Combofix, you have a rootkit which needs to be removed.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 24 July 2010 - 07:30 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users