Remove-Malware.com Forums

Keeping Malware At Bay...Together

Hi guys. please take a look.

Infected? Need help removing malware from your PC ?
Post in here and let our Malware Advisors help you....

If this topic has helped you then please...



Forum rules
Topic locked
 

Hi guys. please take a look.

Postby jan777 » Wed Jul 21, 2010 1:25 am

So recently i got infected by a wave of spyware.

I was advised to use Combofix, which was great, i think it deleted them all, but i still had a problem, where google search results redirect me to kdirectory or some other sites.

for now i have a "registered" malwarebytes that's blocking potential sites but obviously the virus is still there so i want to rid my pc of every single malware. can you help me,

here is a fresh haijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:25:01 PM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\aileen\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Garena\Garena.exe
C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\aileen\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PSPdisp.lnk = C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: d2cs service (d2cs) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe (file missing)
O23 - Service: d2dbs service (d2dbs) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PvPGN service (pvpgn) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

please tell me if there's something wrong. THANKS!
jan777
Junior Contributor
 
Posts: 18
Joined: Wed Jul 21, 2010 1:13 am
Has thanked: 0 time
Have thanks: 0 time
Top

Hi guys. please take a look.

Advertisement

Advertisement
 
Top

Re: Hi guys. please take a look.

Postby Dieselman » Wed Jul 21, 2010 4:09 am

Your using HiJackThis 1.99 which no longer works. Please download version 2.04.
Dieselman
 
Top

Re: Hi guys. please take a look.

Postby FieryDemon » Wed Jul 21, 2010 6:55 am

can you post your combofix log?

Also,
TDSSKiller

  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  • Next double-click the tdsskiller Folder on your desktop.
  • Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • Wait for the scan and disinfection process to be over.
  • Open tdskiller.txt on your desktop and post the contents in your next reply
Real-time protection: Avira, Comodo Firewall and D+, Malwarebytes Pro
Anti-keylogging: KeyScrambler
OS: Vista 32-bit
User avatar
FieryDemon
Regular Contributor
 
Posts: 567
Joined: Tue Feb 09, 2010 1:16 pm
Has thanked: 0 time
Have thanks: 3 times
Top

Re: Hi guys. please take a look.

Postby jan777 » Wed Jul 21, 2010 3:58 pm

ooops i didnt know about that.

combofix log:

ComboFix 10-07-20.01 - aileen 07/21/2010 10:39:29.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.71 [GMT 8:00]
Running from: c:\documents and settings\aileen\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\aileen\Application Data\BITS
c:\documents and settings\aileen\Application Data\BITS\BITS.ini
c:\documents and settings\aileen\Application Data\BITS\DHTTable.dat
c:\documents and settings\aileen\Application Data\BITS\ProxyList.ini
c:\documents and settings\aileen\Application Data\BITS\UPnP.ini
c:\documents and settings\aileen\Application Data\FlashGetBHO
c:\documents and settings\aileen\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\aileen\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\aileen\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\aileen\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\aileen\Local Settings\Application Data\{C2D5B9A2-536B-4639-9D27-5A97639DD7F4}
c:\documents and settings\aileen\Local Settings\Application Data\{C2D5B9A2-536B-4639-9D27-5A97639DD7F4}\chrome.manifest
c:\documents and settings\aileen\Local Settings\Application Data\{C2D5B9A2-536B-4639-9D27-5A97639DD7F4}\chrome\content\_cfg.js
c:\documents and settings\aileen\Local Settings\Application Data\{C2D5B9A2-536B-4639-9D27-5A97639DD7F4}\chrome\content\overlay.xul
c:\documents and settings\aileen\Local Settings\Application Data\{C2D5B9A2-536B-4639-9D27-5A97639DD7F4}\install.rdf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\AA Antimalware\AA Antimalware.exe
c:\program files\AA Antimalware\aa_global.dll
c:\program files\AA Antimalware\en-US\Res.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_001.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1309444450.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2MKeHuDuan.JPG
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_333775533.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_555889966.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_km.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WeiBiaoTi-100.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WeiBiaoTi-120.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WeiBiaoTi-3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1279509135.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\windows\system32\driVERs\DiagnosticScan.sys
c:\windows\system32\driVERs\Start1Driver.sys
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\zysauqdhnyc.exe
c:\windows\zyshbnmarcz.exe
c:\windows\zysjgpcfrbn.exe
c:\windows\zysrhupbxtf.exe

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_DiagnosticScan
-------\Legacy_Start1Driver
-------\Service_DiagnosticScan
-------\Service_Start1Driver


((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 01:46 . 2010-07-21 01:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-21 01:33 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-21 01:33 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-07-21 01:33 . 2001-08-17 06:07 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
2010-07-21 01:33 . 2001-08-17 06:07 25952 ----a-w- c:\windows\system32\drivers\hpn.sys
2010-07-21 00:46 . 2010-07-21 02:51 -------- d-----w- c:\program files\AA Antimalware
2010-07-20 21:27 . 2010-07-20 21:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-20 21:16 . 2010-07-21 01:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-20 20:54 . 2010-07-21 02:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-20 16:11 . 2010-07-20 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-20 16:10 . 2010-07-21 00:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-20 10:29 . 2010-07-20 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-20 10:29 . 2010-07-20 10:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 09:13 . 2010-07-20 09:15 -------- d-----w- C:\Hjt
2010-07-20 00:53 . 2010-07-21 03:01 767488 ----a-w- c:\windows\system32\drivers\ndwebs.sys
2010-07-19 07:20 . 2010-07-19 07:20 -------- d-----w- c:\documents and settings\aileen\Application Data\fofix
2010-07-17 06:18 . 2010-07-17 06:35 -------- d-----w- c:\documents and settings\aileen\Application Data\vlc
2010-07-17 06:14 . 2010-07-17 06:14 -------- d-----w- c:\program files\VideoLAN
2010-07-13 21:16 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 02:13 . 2010-07-11 02:13 -------- d-----w- c:\documents and settings\aileen\Local Settings\Application Data\tjnet
2010-07-10 04:10 . 2010-07-21 02:59 -------- d-----w- c:\documents and settings\aileen\Application Data\mjusbsp
2010-07-10 04:05 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-04 08:43 . 2010-07-04 08:43 -------- d-----w- c:\program files\Chikka Messenger
2010-07-03 06:44 . 2009-10-17 04:17 324096 ----a-w- c:\windows\SDL.dll
2010-07-03 06:44 . 2008-01-26 07:59 53248 ----a-w- c:\windows\DsPad.dll
2010-06-30 04:35 . 2010-07-21 01:12 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-06-30 03:57 . 2001-08-17 06:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-06-30 03:57 . 2001-08-17 06:02 2688 ----a-w- c:\windows\system32\drivers\HIDSwvd.sys
2010-06-30 03:57 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-06-30 03:57 . 2008-04-13 18:45 59136 ----a-w- c:\windows\system32\drivers\GcKernel.sys
2010-06-29 15:13 . 2010-06-29 15:13 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-29 09:17 . 2010-07-21 00:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 22:13 . 2010-06-27 22:15 -------- d-----w- c:\documents and settings\aileen\Application Data\PSPdisp
2010-06-27 22:13 . 2010-06-27 22:14 -------- d-----w- c:\program files\PSPdisp
2010-06-27 21:56 . 2010-06-27 21:56 -------- d-----w- c:\program files\PPJoy Joystick Driver
2010-06-27 21:47 . 2010-06-27 21:47 -------- d-----w- c:\program files\Parallel Port Joystick
2010-06-27 21:37 . 2010-06-27 21:37 -------- d-----w- c:\documents and settings\aileen\Application Data\TightVNC
2010-06-27 21:09 . 2010-06-27 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2010-06-27 07:32 . 2010-06-27 07:32 -------- d-----w- c:\windows\Ubisoft
2010-06-27 07:30 . 2010-06-27 07:30 -------- d-----w- c:\program files\directx
2010-06-27 07:24 . 2010-06-27 07:24 -------- d-----w- c:\program files\Ubi Soft
2010-06-27 07:20 . 2010-07-20 15:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-27 07:19 . 2010-06-27 16:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 02:08 . 2010-06-26 02:08 -------- d-----w- c:\documents and settings\aileen\Local Settings\Application Data\GameTuts
2010-06-26 02:08 . 2010-06-26 02:08 -------- d-----w- c:\documents and settings\aileen\Application Data\GameTuts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 01:47 . 2010-07-21 01:47 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-07-21 01:47 . 2010-07-21 01:47 356616 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-21 01:47 . 2010-07-21 01:47 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-07-21 01:47 . 2010-07-21 01:47 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-07-21 01:47 . 2010-07-21 01:47 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-07-21 01:47 . 2010-07-21 01:47 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-07-21 01:47 . 2010-07-21 01:47 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-07-21 01:47 . 2010-07-21 01:47 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-21 01:46 . 2010-04-03 07:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-21 01:46 . 2010-04-03 07:02 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-21 01:46 . 2010-04-03 07:02 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-20 23:58 . 2010-04-03 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-20 21:17 . 2010-07-21 01:44 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-20 21:16 . 2010-07-21 01:44 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-20 21:16 . 2010-07-21 01:44 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-20 21:16 . 2010-07-21 01:44 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-20 16:49 . 2010-07-20 16:49 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 16:49 . 2010-07-20 16:49 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 16:49 . 2010-07-20 16:49 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-20 16:49 . 2010-07-20 16:49 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-20 15:55 . 2008-04-02 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 15:21 . 2009-03-17 15:00 -------- d-----w- c:\documents and settings\aileen\Application Data\LimeWire
2010-07-20 15:19 . 2008-08-28 14:03 -------- d-----w- c:\documents and settings\aileen\Application Data\Media Player Classic
2010-07-20 15:14 . 2010-06-12 04:39 -------- d-----w- c:\program files\CCleaner
2010-07-20 06:22 . 2009-12-08 09:16 -------- d-----w- c:\program files\Garena
2010-07-20 05:00 . 2009-01-27 09:51 -------- d-----w- c:\documents and settings\aileen\Application Data\HPAppData
2010-07-20 04:59 . 2008-12-27 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-20 01:08 . 2008-08-28 14:03 -------- d-----w- c:\documents and settings\aileen\Application Data\uTorrent
2010-07-18 06:55 . 2010-06-04 20:27 -------- d-----w- c:\program files\JDownloader
2010-07-12 20:18 . 2010-04-07 16:21 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-12 20:18 . 2010-04-01 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-12 20:17 . 2010-07-12 20:17 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-12 20:17 . 2010-04-07 16:12 -------- d-----w- c:\program files\DivX
2010-07-12 20:17 . 2010-07-12 20:17 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-12 20:17 . 2010-07-12 20:17 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-12 20:16 . 2008-04-10 03:53 -------- d-----w- c:\program files\FlashGet
2010-07-12 20:15 . 2010-07-12 20:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-12 20:15 . 2010-04-07 16:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-12 20:15 . 2010-04-07 16:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-02 06:02 . 2010-05-16 22:33 -------- d-----w- c:\program files\RocketDock
2010-07-02 06:01 . 2010-04-08 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-02 06:01 . 2009-01-23 09:59 -------- d-----w- c:\program files\Norton Security Scan
2010-07-02 06:01 . 2010-06-06 08:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 19:30 . 2010-06-15 04:30 -------- d-----w- c:\documents and settings\aileen\Application Data\Image Zone Express
2010-06-23 02:40 . 2010-06-05 19:44 -------- d-----w- c:\documents and settings\aileen\Application Data\DivX
2010-06-14 14:31 . 2008-04-02 07:08 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 05:58 . 2010-06-12 05:58 -------- d-----w- c:\program files\RAM Def
2010-06-12 05:54 . 2010-06-12 05:54 -------- d-----w- c:\program files\Defraggler
2010-06-12 04:41 . 2010-06-12 04:41 -------- d-----w- c:\program files\Speccy
2010-06-05 19:44 . 2010-06-05 19:44 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-05 19:44 . 2010-06-05 19:44 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-05 02:18 . 2010-06-01 02:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 03:26 . 2010-05-28 08:13 -------- d-----w- c:\program files\AeroSnap
2010-05-29 02:21 . 2010-05-21 17:26 -------- d-----w- c:\program files\FileZilla Server
2010-05-28 08:22 . 2010-05-28 08:22 -------- d-----w- c:\documents and settings\aileen\Application Data\AeroSnapApp
2010-05-28 04:48 . 2010-05-28 04:48 -------- d-----w- c:\documents and settings\aileen\Application Data\VitySoft
2010-05-15 22:32 . 2010-05-15 22:32 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-15 20:12 . 2008-06-01 15:12 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-04 17:20 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 07:39 . 2010-05-01 23:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39 . 2010-05-01 23:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:15 . 2009-12-08 11:58 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-04-24 18:02 . 2010-04-24 17:34 157529 ----a-w- c:\windows\hpoins28.dat
2010-04-23 04:55 . 2010-04-23 04:55 523 ----a-w- c:\windows\eReg.dat
2008-06-25 14:17 . 2008-06-25 14:17 4736 -c--a-w- c:\program files\log467700245.txt
2008-05-09 10:55 . 2008-05-09 10:55 8 ---h--w- c:\program files\wiimiistat.dat
2006-05-03 10:06 . 2008-12-23 07:56 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-12-23 07:56 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2008-12-23 07:56 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-31 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"cdloader"="c:\documents and settings\aileen\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-21 2065760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"RAMDef"="c:\program files\RAM Def\ramdef.exe" [2002-10-28 122040]

c:\documents and settings\aileen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
PSPdisp.lnk - c:\program files\PSPdisp\bin\app\PSPdisp.exe [2010-4-21 676864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-21 01:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^Multiply AutoUploader.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
backup=c:\windows\pss\Multiply AutoUploader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^WinShake Control.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\WinShake Control.lnk
backup=c:\windows\pss\WinShake Control.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeroSnap]
2008-12-06 11:32 886784 ----a-w- c:\program files\AeroSnap\AeroSnap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-31 22:58 133104 ----atw- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 13:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 08:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 08:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]
2010-03-28 03:54 374272 ----a-w- c:\documents and settings\aileen\My Documents\Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-20 22:49 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ZincPlay\\Zion\\mirc.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Warcraft III 1.21 DotA 6.44b pack\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\aileen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Warcraft III 1.21 DotA 6.44b pack\\Warcraft III\\war3.exe"=
"c:\\Program Files\\PSPdisp\\bin\\app\\PSPdisp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Documents and Settings\\aileen\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27985:TCP"= 27985:TCP:limewire
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"2145:TCP"= 2145:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7/21/2010 5:16 AM 25168]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 3:02 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 3:02 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/21/2010 9:46 AM 308136]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [1/23/2004 4:33 PM 16056]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [1/23/2004 4:32 PM 31928]
R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [8/5/2009 12:04 AM 3072]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 d2cs;d2cs service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe --service [?]
S2 d2dbs;d2dbs service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe --service [?]
S2 pvpgn;PvPGN service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe --service [?]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/21/2010 9:46 AM 5897808]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/21/2010 5:16 AM 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/21/2010 5:16 AM 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/21/2010 5:16 AM 26192]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp --> c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/3/2007 7:48 AM 55296]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [12/8/2009 7:58 PM 36928]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [4/9/2008 9:45 PM 1466624]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/1/2008 11:12 PM 697328]

--- Other Services/Drivers In Memory ---

*Deregistered* - ndwebs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 03:20]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-725345543-1007Core.job
- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 22:58]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-725345543-1007UA.job
- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/portal/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add Hyperlink iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add Picture iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add Text iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\aileen\Application Data\Mozilla\Firefox\Profiles\bx42ntav.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
f", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-UDC Integration - (no file)
HKLM-Run-sta - sfqmp.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Flashget - c:\program files\FlashGet\FlashGet.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 10:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D82B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84eff28
\Driver\ACPI -> ACPI.sys @ 0xf8382cb8
\Driver\atapi -> atapi.sys @ 0xf8252852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf815fbd4
PacketIndicateHandler -> NDIS.sys @ 0xf816ba21
SendHandler -> NDIS.sys @ 0xf815fd44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ndwebs]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\aileen\Application Data\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2010-07-21 11:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 03:09
ComboFix2.txt 2008-04-09 05:52

Pre-Run: 9,367,314,432 bytes free
Post-Run: 9,369,014,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 014D46AC9484F0C44F0EF4868370F47E

--------------------

Thanks, Ill try out TDSSkiller later.
jan777
Junior Contributor
 
Posts: 18
Joined: Wed Jul 21, 2010 1:13 am
Has thanked: 0 time
Have thanks: 0 time
Top

Re: Hi guys. please take a look.

Postby jan777 » Wed Jul 21, 2010 4:17 pm

And here is a new Hijackthis log.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:17:16 AM, on 7/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\aileen\Application Data\mjusbsp\magicJack.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\aileen\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\aileen\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PSPdisp.lnk = C:\Program Files\PSPdisp\bin\app\PSPdisp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgrsstarter - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: d2cs service (d2cs) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe (file missing)
O23 - Service: d2dbs service (d2dbs) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PvPGN service (pvpgn) - Unknown owner - C:\Documents and Settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/

--
End of file - 11954 bytes
jan777
Junior Contributor
 
Posts: 18
Joined: Wed Jul 21, 2010 1:13 am
Has thanked: 0 time
Have thanks: 0 time
Top

Re: Hi guys. please take a look.

Postby FieryDemon » Wed Jul 21, 2010 6:56 pm

run TDSS killer please

Next,
Open up Notepad and paste the following:

Code: Select all

File::
c:\program files\wiimiistat.dat


FCOPY::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys | c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys | c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys


* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
Image
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below
Real-time protection: Avira, Comodo Firewall and D+, Malwarebytes Pro
Anti-keylogging: KeyScrambler
OS: Vista 32-bit
User avatar
FieryDemon
Regular Contributor
 
Posts: 567
Joined: Tue Feb 09, 2010 1:16 pm
Has thanked: 0 time
Have thanks: 3 times
Top

Re: Hi guys. please take a look.

Postby jan777 » Thu Jul 22, 2010 1:08 am

COMBOFIX LOG:


ComboFix 10-07-21.02 - aileen 07/22/2010 14:37:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.80 [GMT 8:00]
Running from: c:\documents and settings\aileen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\aileen\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\wiimiistat.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\wiimiistat.dat

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys --> c:\windows\$NtUninstallKB951748_0$\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys --> c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-21 21:49 . 2010-07-21 21:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-21 09:46 . 2010-07-21 09:47 -------- d-----w- c:\documents and settings\aileen\Application Data\PSPdisp
2010-07-21 09:42 . 2009-08-04 16:04 7808 ----a-w- c:\windows\system32\pspdisp.dll
2010-07-21 09:42 . 2009-08-04 16:04 3072 ----a-w- c:\windows\system32\drivers\pspdisp.sys
2010-07-21 01:33 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-21 01:33 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-07-21 01:33 . 2001-08-17 06:07 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
2010-07-21 01:33 . 2001-08-17 06:07 25952 ----a-w- c:\windows\system32\drivers\hpn.sys
2010-07-21 00:46 . 2010-07-21 03:46 -------- d-----w- c:\program files\AA Antimalware
2010-07-20 21:27 . 2010-07-20 21:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-07-20 20:54 . 2010-07-21 02:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-07-20 20:54 . 2010-07-20 20:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-20 16:11 . 2010-07-20 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-20 16:10 . 2010-07-21 00:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-20 10:29 . 2010-07-20 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-20 10:29 . 2010-07-20 10:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 09:13 . 2010-07-21 07:24 -------- d-----w- C:\Hjt
2010-07-19 07:20 . 2010-07-19 07:20 -------- d-----w- c:\documents and settings\aileen\Application Data\fofix
2010-07-17 06:18 . 2010-07-17 06:35 -------- d-----w- c:\documents and settings\aileen\Application Data\vlc
2010-07-17 06:14 . 2010-07-17 06:14 -------- d-----w- c:\program files\VideoLAN
2010-07-13 21:16 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 02:13 . 2010-07-11 02:13 -------- d-----w- c:\documents and settings\aileen\Local Settings\Application Data\tjnet
2010-07-10 04:10 . 2010-07-21 21:29 -------- d-----w- c:\documents and settings\aileen\Application Data\mjusbsp
2010-07-10 04:05 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-04 08:43 . 2010-07-04 08:43 -------- d-----w- c:\program files\Chikka Messenger
2010-07-03 06:44 . 2009-10-17 04:17 324096 ----a-w- c:\windows\SDL.dll
2010-07-03 06:44 . 2008-01-26 07:59 53248 ----a-w- c:\windows\DsPad.dll
2010-06-30 04:35 . 2010-07-21 01:12 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-06-30 03:57 . 2001-08-17 06:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-06-30 03:57 . 2001-08-17 06:02 2688 ----a-w- c:\windows\system32\drivers\HIDSwvd.sys
2010-06-30 03:57 . 2008-04-13 18:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2010-06-30 03:57 . 2008-04-13 18:45 59136 ----a-w- c:\windows\system32\drivers\GcKernel.sys
2010-06-29 15:13 . 2010-06-29 15:13 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-29 09:17 . 2010-07-21 10:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 22:13 . 2010-07-21 09:46 -------- d-----w- c:\program files\PSPdisp
2010-06-27 21:56 . 2010-06-27 21:56 -------- d-----w- c:\program files\PPJoy Joystick Driver
2010-06-27 21:47 . 2010-06-27 21:47 -------- d-----w- c:\program files\Parallel Port Joystick
2010-06-27 21:37 . 2010-06-27 21:37 -------- d-----w- c:\documents and settings\aileen\Application Data\TightVNC
2010-06-27 21:09 . 2010-06-27 21:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2010-06-27 07:32 . 2010-06-27 07:32 -------- d-----w- c:\windows\Ubisoft
2010-06-27 07:30 . 2010-06-27 07:30 -------- d-----w- c:\program files\directx
2010-06-27 07:24 . 2010-06-27 07:24 -------- d-----w- c:\program files\Ubi Soft
2010-06-27 07:20 . 2010-07-20 15:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-27 07:19 . 2010-06-27 16:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 02:08 . 2010-06-26 02:08 -------- d-----w- c:\documents and settings\aileen\Local Settings\Application Data\GameTuts
2010-06-26 02:08 . 2010-06-26 02:08 -------- d-----w- c:\documents and settings\aileen\Application Data\GameTuts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 06:00 . 2008-12-27 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-21 05:31 . 2009-12-08 09:16 -------- d-----w- c:\program files\Garena
2010-07-20 15:55 . 2008-04-02 07:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 15:21 . 2009-03-17 15:00 -------- d-----w- c:\documents and settings\aileen\Application Data\LimeWire
2010-07-20 15:19 . 2008-08-28 14:03 -------- d-----w- c:\documents and settings\aileen\Application Data\Media Player Classic
2010-07-20 15:14 . 2010-06-12 04:39 -------- d-----w- c:\program files\CCleaner
2010-07-20 05:00 . 2009-01-27 09:51 -------- d-----w- c:\documents and settings\aileen\Application Data\HPAppData
2010-07-20 01:08 . 2008-08-28 14:03 -------- d-----w- c:\documents and settings\aileen\Application Data\uTorrent
2010-07-18 06:55 . 2010-06-04 20:27 -------- d-----w- c:\program files\JDownloader
2010-07-12 20:18 . 2010-04-07 16:21 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-12 20:18 . 2010-04-01 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-12 20:17 . 2010-07-12 20:17 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-12 20:17 . 2010-04-07 16:12 -------- d-----w- c:\program files\DivX
2010-07-12 20:17 . 2010-07-12 20:17 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-12 20:17 . 2010-07-12 20:17 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-12 20:16 . 2008-04-10 03:53 -------- d-----w- c:\program files\FlashGet
2010-07-12 20:15 . 2010-07-12 20:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-12 20:15 . 2010-04-07 16:21 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-12 20:15 . 2010-04-07 16:21 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-02 06:02 . 2010-05-16 22:33 -------- d-----w- c:\program files\RocketDock
2010-07-02 06:01 . 2010-04-08 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-02 06:01 . 2009-01-23 09:59 -------- d-----w- c:\program files\Norton Security Scan
2010-07-02 06:01 . 2010-06-06 08:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-01 19:30 . 2010-06-15 04:30 -------- d-----w- c:\documents and settings\aileen\Application Data\Image Zone Express
2010-06-23 02:40 . 2010-06-05 19:44 -------- d-----w- c:\documents and settings\aileen\Application Data\DivX
2010-06-14 14:31 . 2008-04-02 07:08 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 05:58 . 2010-06-12 05:58 -------- d-----w- c:\program files\RAM Def
2010-06-12 05:54 . 2010-06-12 05:54 -------- d-----w- c:\program files\Defraggler
2010-06-12 04:41 . 2010-06-12 04:41 -------- d-----w- c:\program files\Speccy
2010-06-05 19:44 . 2010-06-05 19:44 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-05 19:44 . 2010-06-05 19:44 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-05 19:43 . 2010-06-05 19:43 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-05 02:18 . 2010-06-01 02:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 03:26 . 2010-05-28 08:13 -------- d-----w- c:\program files\AeroSnap
2010-05-29 02:21 . 2010-05-21 17:26 -------- d-----w- c:\program files\FileZilla Server
2010-05-28 08:22 . 2010-05-28 08:22 -------- d-----w- c:\documents and settings\aileen\Application Data\AeroSnapApp
2010-05-28 04:48 . 2010-05-28 04:48 -------- d-----w- c:\documents and settings\aileen\Application Data\VitySoft
2010-05-15 22:32 . 2010-05-15 22:32 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-15 20:12 . 2008-06-01 15:12 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-04 17:20 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 07:39 . 2010-05-01 23:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39 . 2010-05-01 23:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 00:15 . 2009-12-08 11:58 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-04-24 18:02 . 2010-04-24 17:34 157529 ----a-w- c:\windows\hpoins28.dat
2008-06-25 14:17 . 2008-06-25 14:17 4736 -c--a-w- c:\program files\log467700245.txt
2006-05-03 10:06 . 2008-12-23 07:56 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-12-23 07:56 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2008-12-23 07:56 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-31 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"cdloader"="c:\documents and settings\aileen\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"RAMDef"="c:\program files\RAM Def\ramdef.exe" [2002-10-28 122040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\documents and settings\aileen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
PSPdisp.lnk - c:\program files\PSPdisp\bin\app\PSPdisp.exe [2010-6-1 608256]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^Multiply AutoUploader.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
backup=c:\windows\pss\Multiply AutoUploader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^aileen^Start Menu^Programs^Startup^WinShake Control.lnk]
path=c:\documents and settings\aileen\Start Menu\Programs\Startup\WinShake Control.lnk
backup=c:\windows\pss\WinShake Control.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 17:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeroSnap]
2008-12-06 11:32 886784 ----a-w- c:\program files\AeroSnap\AeroSnap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-31 22:58 133104 ----atw- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 13:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 08:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 08:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]
2010-03-28 03:54 374272 ----a-w- c:\documents and settings\aileen\My Documents\Downloads\truetransparency-crystalxp.net-en-5139\TrueTransparency\TrueTransparency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-20 22:49 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\ZincPlay\\Zion\\mirc.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Warcraft III 1.21 DotA 6.44b pack\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\aileen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Warcraft III 1.21 DotA 6.44b pack\\Warcraft III\\war3.exe"=
"c:\\Program Files\\PSPdisp\\bin\\app\\PSPdisp.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Documents and Settings\\aileen\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27985:TCP"= 27985:TCP:limewire
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"2145:TCP"= 2145:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/2/2010 7:22 AM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/2/2010 7:22 AM 20952]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\drivers\PPJoyBus.sys [1/23/2004 4:33 PM 16056]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\drivers\PPortJoy.sys [1/23/2004 4:32 PM 31928]
R3 pspdisp;pspdisp;c:\windows\system32\drivers\pspdisp.sys [7/21/2010 5:42 PM 3072]
S0 ndwebs;ndwebs; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 d2cs;d2cs service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2cs.exe --service [?]
S2 d2dbs;d2dbs service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\d2dbs.exe --service [?]
S2 pvpgn;PvPGN service;c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe --service --> c:\documents and settings\aileen\Desktop\pvpgn-1.8.0\PvPGN.exe --service [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp --> c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/3/2007 7:48 AM 55296]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [12/8/2009 7:58 PM 36928]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 ZSMC0305;Look 316;c:\windows\system32\drivers\usbVM305.sys [4/9/2008 9:45 PM 1466624]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/1/2008 11:12 PM 697328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 03:20]

2010-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-27 13:13]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-725345543-1007Core.job
- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 22:58]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-725345543-1007UA.job
- c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 22:58]

2010-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 13:40]

2010-07-22 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/portal/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add Hyperlink iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add Picture iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add Text iComment - c:\program files\iComment 2.0.2\iComment.dll/267
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {BE52EBCC-24B7-4866-BB49-C0ECCC053302} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\aileen\Application Data\Mozilla\Firefox\Profiles\bx42ntav.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\aileen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox 4.0 Beta 1\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8325FB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85f7f28
\Driver\ACPI -> ACPI.sys @ 0xf848acb8
\Driver\atapi -> atapi.sys @ 0xf841c852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8329bd4
PacketIndicateHandler -> NDIS.sys @ 0xf8335a21
SendHandler -> NDIS.sys @ 0xf8329d44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\aileen\LOCALS~1\Temp\OLLC4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-22 15:04:17
ComboFix-quarantined-files.txt 2010-07-22 07:04
ComboFix2.txt 2010-07-21 03:09
ComboFix3.txt 2008-04-09 05:52

Pre-Run: 10,003,292,160 bytes free
Post-Run: 9,997,197,312 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 7E37D9A02693378F92703EE313ED0512



TDSSKILLER LOG:


14:00:30:015 3252 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
14:00:30:015 3252 ================================================================================
14:00:30:015 3252 SystemInfo:

14:00:30:015 3252 OS Version: 5.1.2600 ServicePack: 3.0
14:00:30:015 3252 Product type: Workstation
14:00:30:015 3252 ComputerName: JOSEPH-7
14:00:30:015 3252 UserName: aileen
14:00:30:015 3252 Windows directory: C:\WINDOWS
14:00:30:015 3252 System windows directory: C:\WINDOWS
14:00:30:015 3252 Processor architecture: Intel x86
14:00:30:015 3252 Number of processors: 2
14:00:30:015 3252 Page size: 0x1000
14:00:30:015 3252 Boot type: Normal boot
14:00:30:015 3252 ================================================================================
14:00:33:265 3252 Initialize success
14:00:33:265 3252
14:00:33:265 3252 Scanning Services ...
14:00:34:093 3252 Raw services enum returned 367 services
14:00:34:140 3252
14:00:34:140 3252 Scanning Drivers ...
14:00:35:656 3252 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\drivers\abp480n5.sys
14:00:35:703 3252 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:00:35:781 3252 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:00:35:875 3252 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:00:35:937 3252 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\drivers\adpu160m.sys
14:00:36:140 3252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:00:36:218 3252 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:00:36:390 3252 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\drivers\Aha154x.sys
14:00:36:421 3252 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\drivers\aic78u2.sys
14:00:36:593 3252 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\drivers\aic78xx.sys
14:00:36:640 3252 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\drivers\AliIde.sys
14:00:36:671 3252 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\drivers\amsint.sys
14:00:36:828 3252 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\drivers\asc.sys
14:00:36:859 3252 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\drivers\asc3350p.sys
14:00:36:906 3252 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\drivers\asc3550.sys
14:00:37:062 3252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:00:37:234 3252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:00:37:343 3252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:00:37:437 3252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:00:37:531 3252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:00:37:578 3252 CA561 (1fa7ff7ba22769b414aee5965fdb05b4) C:\WINDOWS\system32\Drivers\SPCA561.SYS
14:00:37:656 3252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:00:37:812 3252 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:00:37:875 3252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\drivers\cd20xrnt.sys
14:00:37:953 3252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:00:38:031 3252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:00:38:109 3252 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:00:38:171 3252 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
14:00:38:265 3252 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\drivers\CmdIde.sys
14:00:38:359 3252 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\drivers\Cpqarray.sys
14:00:38:437 3252 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\drivers\dac2w2k.sys
14:00:38:515 3252 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\drivers\dac960nt.sys
14:00:38:640 3252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:00:39:406 3252 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:00:39:906 3252 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:00:40:046 3252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:00:40:171 3252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:00:40:343 3252 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\drivers\dpti2o.sys
14:00:40:609 3252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:00:41:109 3252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:00:41:375 3252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:00:41:609 3252 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:00:41:687 3252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:00:41:875 3252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:00:42:046 3252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:00:42:093 3252 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:00:42:453 3252 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
14:00:42:531 3252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:00:42:625 3252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:00:42:703 3252 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
14:00:42:859 3252 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:00:42:984 3252 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\drivers\hpn.sys
14:00:43:109 3252 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:00:43:265 3252 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:00:43:515 3252 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:00:43:828 3252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:00:44:453 3252 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:00:44:609 3252 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\drivers\i2omp.sys
14:00:44:718 3252 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:00:45:687 3252 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:00:47:281 3252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:00:47:500 3252 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\drivers\ini910u.sys
14:00:47:593 3252 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\drivers\IntelIde.sys
14:00:47:687 3252 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:00:47:796 3252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:00:47:859 3252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:00:47:906 3252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:00:48:078 3252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:00:48:140 3252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:00:48:359 3252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:00:48:515 3252 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:00:48:578 3252 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:00:48:859 3252 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:00:49:031 3252 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
14:00:49:109 3252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:00:49:296 3252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:00:49:359 3252 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
14:00:49:640 3252 leafnets (51674c5c2eeff3d155edab0f5ef9a4d2) C:\WINDOWS\system32\DRIVERS\leafnets.sys
14:00:49:906 3252 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
14:00:50:015 3252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:00:50:109 3252 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:00:50:203 3252 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:00:50:375 3252 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:00:50:421 3252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:00:50:500 3252 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:00:50:734 3252 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\drivers\mraid35x.sys
14:00:50:968 3252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:00:51:187 3252 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:00:51:281 3252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:00:51:406 3252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:00:51:515 3252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:00:51:562 3252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:00:51:718 3252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:00:51:828 3252 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:00:51:921 3252 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:00:51:968 3252 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:00:52:203 3252 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:00:52:281 3252 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:00:52:437 3252 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:00:52:546 3252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:00:52:781 3252 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:00:52:984 3252 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:00:53:156 3252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:00:53:234 3252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:00:53:484 3252 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:00:53:593 3252 nocashio (03bba4dedefb48c510061529651b453a) C:\WINDOWS\system32\drivers\nocashio.sys
14:00:53:750 3252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:00:53:890 3252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:00:54:000 3252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:00:54:171 3252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:00:54:312 3252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:00:54:500 3252 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:00:54:546 3252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:00:54:609 3252 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:00:54:812 3252 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:00:54:875 3252 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:00:54:984 3252 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:00:55:109 3252 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\drivers\perc2.sys
14:00:55:281 3252 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\drivers\perc2hib.sys
14:00:55:343 3252 PPJoyBus (80cd87cfea9f96cca12cca13de8ea6bc) C:\WINDOWS\system32\drivers\PPJoyBus.sys
14:00:56:390 3252 PPortJoystick (fc6ac6ff02af91d661556fc5cd07689d) C:\WINDOWS\system32\drivers\PPortJoy.sys
14:00:56:796 3252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:00:56:875 3252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:00:56:921 3252 pspdisp (30c867c08b13e66710e3210c8938e902) C:\WINDOWS\system32\DRIVERS\pspdisp.sys
14:00:57:109 3252 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
14:00:57:593 3252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:00:57:640 3252 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\drivers\ql1080.sys
14:00:57:671 3252 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\drivers\Ql10wnt.sys
14:00:57:765 3252 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\drivers\ql12160.sys
14:00:57:890 3252 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\drivers\ql1240.sys
14:00:58:046 3252 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\drivers\ql1280.sys
14:00:58:078 3252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:00:58:171 3252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:00:58:312 3252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:00:58:343 3252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:00:58:375 3252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:00:58:390 3252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:00:58:578 3252 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:00:58:625 3252 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:00:58:718 3252 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:00:58:937 3252 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:00:59:218 3252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:00:59:265 3252 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:00:59:343 3252 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:00:59:468 3252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:00:59:609 3252 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:00:59:734 3252 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\drivers\Sparrow.sys
14:00:59:859 3252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:00:59:968 3252 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
14:00:59:968 3252 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
14:01:00:156 3252 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:01:00:234 3252 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
14:01:00:328 3252 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:01:00:406 3252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:01:00:453 3252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:01:00:500 3252 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\drivers\symc810.sys
14:01:00:531 3252 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\drivers\symc8xx.sys
14:01:00:593 3252 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\drivers\sym_hi.sys
14:01:00:625 3252 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\drivers\sym_u3.sys
14:01:00:671 3252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:01:00:734 3252 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
14:01:00:812 3252 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:01:00:843 3252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:01:00:875 3252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:01:00:906 3252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:01:00:953 3252 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\drivers\TosIde.sys
14:01:01:015 3252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:01:01:062 3252 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\drivers\ultra.sys
14:01:01:171 3252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:01:01:281 3252 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:01:01:406 3252 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:01:01:500 3252 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:01:01:531 3252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:01:01:656 3252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:01:01:718 3252 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:01:01:828 3252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:01:01:953 3252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:01:02:015 3252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:01:02:125 3252 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:01:02:156 3252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:01:02:265 3252 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
14:01:02:343 3252 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:01:02:406 3252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:01:02:468 3252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:01:02:515 3252 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:01:02:687 3252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:01:02:703 3252 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:01:02:765 3252 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:01:02:828 3252 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:01:02:906 3252 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
14:01:03:484 3252 ZSMC0305 (517aab1c63d30e4478db9ffea541cc51) C:\WINDOWS\system32\Drivers\usbVM305.sys
14:01:03:531 3252
14:01:03:531 3252 Completed
14:01:03:531 3252
14:01:03:531 3252 Results:
14:01:03:531 3252 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:01:03:531 3252 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:01:03:531 3252
14:01:03:593 3252 KLMD(ARK) unloaded successfully


Thanks for your time.
jan777
Junior Contributor
 
Posts: 18
Joined: Wed Jul 21, 2010 1:13 am
Has thanked: 0 time
Have thanks: 0 time
Top

Re: Hi guys. please take a look.

Postby FieryDemon » Thu Jul 22, 2010 8:16 am

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

* Double-click mbr.exe to start the program.
* When done scanning, it will save a log on the Desktop called mbr.log.
* Please post the contents of that log in your next reply.
Real-time protection: Avira, Comodo Firewall and D+, Malwarebytes Pro
Anti-keylogging: KeyScrambler
OS: Vista 32-bit
User avatar
FieryDemon
Regular Contributor
 
Posts: 567
Joined: Tue Feb 09, 2010 1:16 pm
Has thanked: 0 time
Have thanks: 3 times
Top

Re: Hi guys. please take a look.

Postby jan777 » Thu Jul 22, 2010 9:34 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


----------

oh and also, i notice that MBAM has been constantly blocking this site : 213.163.89.107
but the last digit seems to change sometimes like : 213.163.89.105 or 213.163.89.106
jan777
Junior Contributor
 
Posts: 18
Joined: Wed Jul 21, 2010 1:13 am
Has thanked: 0 time
Have thanks: 0 time
Top

Re: Hi guys. please take a look.

Postby FieryDemon » Thu Jul 22, 2010 10:32 am

Try the following:

reset TCP/IP manually:

1. To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
cmd
2. At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt

3. Reboot the computer.


-----
Then,

Download Bootkit Remover to your Desktop.


* You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
* After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
* It will show a Black screen with some data on it.
* Right click on the screen and click Select All.
* Press CTRL C
* Open a Notepad and press CTRL V
* Post the output back here.

-----
Update Malwarebytes and do a quick scan.
-----
Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.
Real-time protection: Avira, Comodo Firewall and D+, Malwarebytes Pro
Anti-keylogging: KeyScrambler
OS: Vista 32-bit
User avatar
FieryDemon
Regular Contributor
 
Posts: 567
Joined: Tue Feb 09, 2010 1:16 pm
Has thanked: 0 time
Have thanks: 3 times
Top
Next
Topic locked

Return to I'm Infected...Now What?

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron