Results 1 to 10 of 37

Thread: shvhost.exe application error

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2010-06-15, 08:40 #1
    PUHLuR
    PUHLuR is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    21

    Default shvhost.exe application error

    I 've a svchost.exe application error and when i press ok or cancel i get a "DCOM server Process launcher service terminated unexpectedly" error and after a minute my pc restart.
    I 've some anti malware but always i get the same message.

    I would like some help dealing with this thing.
    Thanks in advance

    here is my dds


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by astra at 9:15:54,65 on ’¨* 15/06/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.gr/
    uInternet Settings,ProxyOverride = local
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - g:\program files\pdfforge toolbar\SearchSettings.dll
    mWinlogon: UIHost=G:\Yellow flower.exe
    uWinlogon: Shell="g:\program files\emerge desktop\emergeCore.exe"
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - g:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - g:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - g:\program files\daemon tools toolbar\DTToolbar.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - g:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [CTFMON.EXE] g:\windows\system32\ctfmon.exe
    mRun: [vmware-tray] "g:\program files\vmware\vmware workstation\vmware-tray.exe"
    mRun: [TWCU] "g:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
    mRun: [MSSE] "g:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [COMODO Internet Security] "g:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: g:\docume~1\alluse~1\startm~1\f2da~1\599a~1\rainme~1.lnk - g:\program files\rainmeter\Rainmeter.exe
    IE: Ε&ξαγωγή στο Microsoft Excel - g:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: g:\program files\vmware\vmware workstation\vsocklib.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229157474656
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239954420281
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: g:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
    SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - g:\program files\winfax\WfxSeh32.Dll

    ================= FIREFOX ===================

    FF - ProfilePath - g:\docume~1\astra\applic~1\mozilla\firefox\profiles\pvs1v4h5.default\
    FF - component: g:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
    FF - plugin: g:\documents and settings\astra\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: g:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: g:\program files\opera\program\plugins\np_gp.dll
    FF - plugin: g:\program files\opera\program\plugins\npjp2.dll
    FF - plugin: g:\program files\opera\program\plugins\npzzatif.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - g:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============


    ============== File Associations ===============

    .scr=AutoCADLTScriptFile

    =============== Created Last 30 ================

    2010-06-15 06:15:13 5164 ----a-w- G:\fraglist.luar
    2010-06-14 14:05:42 132096 ----atw- g:\windows\system32\DarkSpyKernel.sys
    2010-06-14 14:01:19 522636 ----a-w- g:\windows\system32\drivers\cmcantirootkit.sys
    2010-06-13 21:05:52 12872 ----a-w- g:\windows\system32\bootdelete.exe
    2010-06-13 20:27:44 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
    2010-06-13 20:27:32 0 d-----w- g:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-06-13 18:08:31 0 d-----w- g:\docume~1\astra\applic~1\Malwarebytes
    2010-06-13 18:08:21 0 d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-12 19:57:18 0 d-----w- g:\program files\Gnaural
    2010-06-12 19:56:20 0 d-----w- g:\program files\GTK2-Runtime
    2010-06-12 19:18:47 256 ----a-w- g:\documents and settings\astra\.pulse-cookie
    2010-06-12 17:04:00 0 d-----w- g:\program files\JRE
    2010-06-12 14:45:01 0 d-----w- g:\program files\iPod
    2010-06-12 14:44:57 0 d-----w- g:\program files\iTunes
    2010-06-12 14:44:57 0 d-----w- g:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-12 14:05:38 0 d-----w- g:\program files\Phyxion.net
    2010-06-12 07:34:54 0 d-----w- g:\program files\PeerBlock
    2010-06-12 07:23:54 0 d-----w- g:\docume~1\alluse~1\applic~1\COMODO
    2010-06-12 07:11:34 0 d-----w- g:\docume~1\astra\applic~1\ComodoGroup
    2010-06-12 06:39:10 0 d-----w- g:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-06-12 06:14:05 0 d-----w- g:\documents and settings\astra\Application DataComodoGroup
    2010-06-11 11:54:22 0 d-----w- g:\program files\BrainWave Generator
    2010-06-11 11:33:14 0 d-----w- g:\program files\zabkat
    2010-06-11 08:28:57 0 d-----w- g:\documents and settings\astra\.freeplane
    2010-06-10 22:11:05 0 d-----w- g:\windows\SHELLNEW
    2010-06-08 20:48:18 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
    2010-06-08 20:48:18 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
    2010-06-08 20:48:18 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
    2010-06-08 20:48:17 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
    2010-06-08 20:48:17 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
    2010-06-08 20:48:16 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
    2010-06-08 20:48:16 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
    2010-06-08 20:48:16 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
    2010-06-08 20:48:15 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
    2010-06-08 20:48:15 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
    2010-06-08 20:48:15 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
    2010-06-08 20:48:14 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
    2010-06-08 18:47:50 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
    2010-06-06 15:53:24 0 d-----w- g:\docume~1\astra\applic~1\Search Settings
    2010-06-06 15:53:15 0 d-----w- g:\docume~1\astra\applic~1\pdfforge
    2010-06-06 15:43:04 0 d-----w- g:\program files\Application Updater
    2010-06-06 15:43:02 0 d-----w- g:\program files\pdfforge Toolbar
    2010-06-06 15:42:37 137000 ----a-w- g:\windows\system32\MSMAPI32.OCX
    2010-06-06 15:42:37 116224 ----a-w- g:\windows\system32\pdfcmnnt.dll
    2010-06-06 15:42:36 23552 ----a-w- g:\windows\system32\MSMPIDE.DLL
    2010-06-06 15:42:35 0 d-----w- g:\program files\PDFCreator
    2010-06-06 15:26:51 0 d-----w- g:\docume~1\astra\applic~1\Zeon
    2010-06-06 15:26:49 0 d-----w- g:\docume~1\alluse~1\applic~1\Nuance
    2010-06-06 15:26:16 0 d-----w- g:\docume~1\alluse~1\applic~1\Downloaded Installations
    2010-06-04 08:55:58 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
    2010-06-04 07:42:55 0 d-----w- g:\program files\common files\ABBYY
    2010-06-04 07:40:19 0 d-----w- g:\program files\ABBYY FineReader 9.0
    2010-06-01 16:00:52 278288 ----a-w- g:\windows\system32\guard32.dll
    2010-06-01 16:00:22 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
    2010-06-01 16:00:20 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys
    2010-05-16 07:19:05 73728 ----a-w- g:\windows\system32\javacpl.cpl
    2010-05-16 07:19:05 411368 ----a-w- g:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-06-14 11:46:21 681950 ----a-w- g:\windows\system32\perfh008.dat
    2010-06-14 11:46:21 143680 ----a-w- g:\windows\system32\perfc008.dat
    2010-05-21 11:14:28 221568 ------w- g:\windows\system32\MpSigStub.exe
    2010-05-14 05:03:56 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
    2010-05-06 10:33:33 916480 ----a-w- g:\windows\system32\wininet.dll
    2010-05-02 08:07:34 1851520 ----a-w- g:\windows\system32\win32k.sys
    2010-04-20 05:30:47 285696 ----a-w- g:\windows\system32\atmfd.dll
    2010-03-18 13:47:22 17760 ----a-w- g:\windows\system32\aspnet_counters.dll
    2010-03-18 10:16:28 771424 ----a-w- g:\windows\system32\msvcr100_clr0400.dll
    2010-03-18 10:16:28 70472 ----a-w- g:\windows\system32\dxva2.dll
    2010-03-18 10:16:28 486216 ----a-w- g:\windows\system32\evr.dll
    2010-03-18 07:09:00 99176 ----a-w- g:\windows\system32\PresentationHostProxy.dll
    2010-03-18 07:09:00 49488 ----a-w- g:\windows\system32\netfxperf.dll
    2010-03-18 07:09:00 297808 ----a-w- g:\windows\system32\mscoree.dll
    2010-03-18 07:09:00 295264 ----a-w- g:\windows\system32\PresentationHost.exe
    2008-10-28 20:30:56 23 --sha-w- g:\windows\system32\bdcca4_d.dll

    ============= FINISH: 9:16:06,07 ===============
  2. 2010-06-19, 10:17 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    ΅Torrent


    I'd like you to read this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


    After that:

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2010-06-20, 19:21 #3
    PUHLuR
    PUHLuR is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    21

    Default ComboFix.txt New dds log.

    thanks for the reply to my post
    here is the file ComboFix.txt

    ComboFix 10-06-19.04 - astra 20/06/2010 19:57:14.4.4 - x86
    Running from: g:\documents and settings\astra\Επιφάνεια εργασίας\ComboFix.exe
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
    .

    2010-06-16 19:33 . 2010-06-16 19:36 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
    2010-06-14 20:12 . 2010-06-14 20:12 -------- d-----r- g:\documents and settings\LocalService\Τα έγγραφά μου
    2010-06-14 14:01 . 2010-06-14 14:01 522636 ----a-w- g:\windows\system32\drivers\cmcantirootkit.sys
    2010-06-13 21:05 . 2010-06-13 21:05 12872 ----a-w- g:\windows\system32\bootdelete.exe
    2010-06-13 20:27 . 2010-06-13 21:10 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
    2010-06-13 20:27 . 2010-06-13 21:05 -------- d-----w- g:\documents and settings\All Users\Application Data\Hitman Pro
    2010-06-13 18:32 . 2010-06-13 18:32 -------- d-----w- g:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-06-13 18:08 . 2010-06-13 18:08 -------- d-----w- g:\documents and settings\astra\Application Data\Malwarebytes
    2010-06-13 18:08 . 2010-06-13 18:08 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-13 17:25 . 2010-06-13 17:31 -------- d-----w- g:\program files\Windows Live Safety Center
    2010-06-12 17:04 . 2010-06-12 17:04 -------- d-----w- g:\program files\JRE
    2010-06-12 14:45 . 2010-06-12 14:45 -------- d-----w- g:\program files\iPod
    2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\program files\iTunes
    2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-12 14:05 . 2010-06-12 14:05 -------- d-----w- g:\program files\Phyxion.net
    2010-06-12 07:34 . 2010-06-13 13:18 -------- d-----w- g:\program files\PeerBlock
    2010-06-12 07:23 . 2010-06-12 07:24 -------- d-----w- g:\documents and settings\All Users\Application Data\COMODO
    2010-06-12 07:11 . 2010-06-12 07:11 -------- d-----w- g:\documents and settings\astra\Application Data\ComodoGroup
    2010-06-12 06:39 . 2010-06-12 07:20 -------- d-----w- g:\documents and settings\All Users\Application Data\Comodo Downloader
    2010-06-12 06:14 . 2010-06-12 06:14 -------- d-----w- g:\documents and settings\astra\Application DataComodoGroup
    2010-06-11 19:09 . 2010-06-11 19:09 53632 ----a-w- g:\documents and settings\astra\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-06-11 11:33 . 2010-06-11 11:33 -------- d-----w- g:\program files\zabkat
    2010-06-11 08:28 . 2010-06-11 09:08 -------- d-----w- g:\documents and settings\astra\.freeplane
    2010-06-10 22:11 . 2010-06-10 22:11 -------- d-----w- g:\windows\SHELLNEW
    2010-06-08 20:48 . 2010-06-02 01:55 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
    2010-06-08 20:48 . 2010-06-02 01:55 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
    2010-06-08 20:48 . 2010-06-02 01:55 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
    2010-06-08 20:48 . 2010-05-26 08:41 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
    2010-06-08 20:48 . 2010-05-26 08:41 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
    2010-06-08 20:48 . 2010-05-26 08:41 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
    2010-06-08 20:48 . 2010-05-26 08:41 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
    2010-06-08 20:48 . 2010-05-26 08:41 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
    2010-06-08 20:48 . 2010-02-04 07:01 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
    2010-06-08 20:48 . 2010-02-04 07:01 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
    2010-06-08 20:48 . 2010-02-04 07:01 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
    2010-06-08 20:48 . 2010-02-04 07:01 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
    2010-06-08 18:47 . 2010-05-06 10:33 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
    2010-06-06 15:53 . 2010-06-06 15:53 -------- d-----w- g:\documents and settings\astra\Application Data\Search Settings
    2010-06-06 15:53 . 2010-06-06 15:53 -------- d-----w- g:\documents and settings\astra\Application Data\pdfforge
    2010-06-06 15:43 . 2010-06-19 06:35 -------- d-----w- g:\program files\pdfforge Toolbar
    2010-06-06 15:42 . 2001-10-28 14:42 116224 ----a-w- g:\windows\system32\pdfcmnnt.dll
    2010-06-06 15:42 . 1998-07-05 22:00 23552 ----a-w- g:\windows\system32\MSMPIDE.DLL
    2010-06-06 15:42 . 2010-06-06 15:43 -------- d-----w- g:\program files\PDFCreator
    2010-06-06 15:26 . 2010-06-06 15:26 -------- d-----w- g:\documents and settings\astra\Application Data\Zeon
    2010-06-06 15:26 . 2010-06-06 15:27 -------- d-----w- g:\documents and settings\All Users\Application Data\Nuance
    2010-06-06 15:26 . 2010-06-06 15:26 -------- d-----w- g:\documents and settings\All Users\Application Data\Downloaded Installations
    2010-06-06 13:10 . 2010-06-06 13:11 -------- d-----w- g:\documents and settings\astra\Application Data\dvdcss
    2010-06-04 08:55 . 2010-06-04 08:55 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
    2010-06-04 07:42 . 2010-06-04 07:42 -------- d-----w- g:\program files\Common Files\ABBYY
    2010-06-04 07:40 . 2010-06-04 07:45 -------- d-----w- g:\program files\ABBYY FineReader 9.0
    2010-06-01 16:00 . 2010-06-01 16:00 278288 ----a-w- g:\windows\system32\guard32.dll
    2010-06-01 16:00 . 2010-06-01 16:00 87824 ----a-w- g:\windows\system32\drivers\inspect.sys
    2010-06-01 16:00 . 2010-06-01 16:00 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
    2010-06-01 16:00 . 2010-06-01 16:00 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys
    2010-05-31 13:45 . 2010-05-31 13:45 503808 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-358678da-n\msvcp71.dll
    2010-05-31 13:45 . 2010-05-31 13:45 499712 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-358678da-n\jmc.dll
    2010-05-31 13:45 . 2010-05-31 13:45 348160 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-358678da-n\msvcr71.dll
    2010-05-31 13:45 . 2010-05-31 13:45 61440 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-644afa58-n\decora-sse.dll
    2010-05-31 13:45 . 2010-05-31 13:45 12800 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-644afa58-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-20 16:51 . 2008-11-02 18:41 -------- d-----w- g:\documents and settings\LocalService\Application Data\VMware
    2010-06-20 16:51 . 2008-11-02 18:40 -------- d-----w- g:\documents and settings\All Users\Application Data\VMware
    2010-06-20 16:33 . 2004-09-07 12:00 684902 ----a-w- g:\windows\system32\perfh008.dat
    2010-06-20 16:33 . 2004-09-07 12:00 145016 ----a-w- g:\windows\system32\perfc008.dat
    2010-06-20 16:23 . 2009-07-17 21:19 -------- d-----w- g:\documents and settings\astra\Application Data\TeraCopy
    2010-06-19 12:53 . 2008-11-02 18:45 -------- d-----w- g:\documents and settings\astra\Application Data\VMware
    2010-06-19 06:28 . 2010-06-17 07:36 -------- d-----w- g:\program files\Safer Networking
    2010-06-17 06:33 . 2009-07-28 20:10 1 ----a-w- g:\documents and settings\astra\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-06-17 05:29 . 2010-06-17 05:29 -------- d-----w- g:\documents and settings\Administrator\Application Data\Mp3tag
    2010-06-15 08:00 . 2010-01-23 09:51 -------- d-----w- g:\documents and settings\astra\Application Data\uTorrent
    2010-06-14 21:12 . 2010-01-11 11:51 -------- d-----w- g:\documents and settings\astra\Application Data\Media Player Classic
    2010-06-13 10:07 . 2009-07-21 17:30 -------- d-----w- g:\program files\Startup Manager
    2010-06-12 20:19 . 2010-04-03 12:04 -------- d-----w- g:\documents and settings\astra\Application Data\gtk-2.0
    2010-06-12 17:37 . 2008-10-27 23:20 117496 ----a-w- g:\documents and settings\astra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-12 17:03 . 2009-07-28 20:08 -------- d-----w- g:\program files\OpenOffice.org 3
    2010-06-12 14:44 . 2009-01-01 20:19 -------- d-----w- g:\documents and settings\All Users\Application Data\Apple Computer
    2010-06-12 13:51 . 2009-04-24 22:53 -------- d-----w- g:\documents and settings\astra\Application Data\Audacity
    2010-06-12 13:42 . 2010-04-10 21:20 -------- d-----w- g:\documents and settings\astra\Application Data\foobar2000
    2010-06-12 07:20 . 2008-10-28 09:03 -------- d-----w- g:\program files\COMODO
    2010-06-11 19:09 . 2010-02-26 17:51 -------- d-----w- g:\program files\XnView
    2010-06-11 19:09 . 2009-11-19 18:07 -------- d-----w- g:\program files\Common Files\Adobe AIR
    2010-06-11 16:34 . 2008-10-28 09:48 -------- d-----w- g:\program files\Mozilla Thunderbird
    2010-06-11 05:19 . 2009-08-07 15:46 -------- d-----w- g:\program files\FreeMind
    2010-06-10 22:11 . 2010-04-14 19:27 -------- d-----w- g:\program files\Microsoft.NET
    2010-06-10 14:56 . 2010-01-17 16:07 -------- d-----w- g:\documents and settings\astra\Application Data\vlc
    2010-06-08 21:44 . 2010-01-11 17:25 -------- d-----w- g:\program files\Calendar
    2010-06-06 15:32 . 2008-10-28 21:08 -------- d-----w- g:\program files\Common Files\Adobe
    2010-06-06 15:29 . 2009-11-30 09:52 -------- d-----w- g:\program files\Foxit Software
    2010-06-06 15:27 . 2010-03-13 08:42 -------- d-----w- g:\documents and settings\astra\Application Data\Nuance
    2010-06-05 12:56 . 2010-01-02 22:16 -------- d-----w- g:\program files\Notepad++
    2010-06-05 12:56 . 2010-01-02 22:16 -------- d-----w- g:\documents and settings\astra\Application Data\Notepad++
    2010-06-04 11:16 . 2010-02-02 12:29 -------- d-----w- g:\program files\Microsoft Silverlight
    2010-06-04 07:48 . 2010-04-10 16:28 -------- d-----w- g:\documents and settings\All Users\Application Data\ABBYY
    2010-06-04 06:13 . 2010-05-14 05:41 -------- d-----w- g:\program files\adma
    2010-06-01 22:04 . 2008-10-28 07:55 -------- d-----w- g:\program files\CCleaner
    2010-05-22 20:01 . 2009-12-06 22:05 256 ----a-w- g:\windows\system32\pool.bin
    2010-05-22 19:09 . 2009-07-27 04:41 -------- d-----w- g:\program files\Emerge Desktop
    2010-05-21 11:14 . 2009-10-02 06:41 221568 ------w- g:\windows\system32\MpSigStub.exe
    2010-05-17 08:31 . 2009-02-15 16:18 -------- d-----w- g:\program files\FMY
    2010-05-16 07:18 . 2010-05-16 07:19 411368 ----a-w- g:\windows\system32\deployJava1.dll
    2010-05-14 05:03 . 2009-01-09 17:51 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
    2010-05-13 17:48 . 2010-04-25 20:31 -------- d-----w- g:\program files\TP-LINK
    2010-05-13 17:47 . 2008-10-27 22:10 -------- d--h--w- g:\program files\InstallShield Installation Information
    2010-05-06 10:33 . 2004-09-07 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
    2010-05-02 10:09 . 2010-05-02 10:09 -------- d-----w- g:\documents and settings\astra\Application Data\adma
    2010-05-02 08:07 . 2004-09-07 12:00 1851520 ----a-w- g:\windows\system32\win32k.sys
    2010-04-25 21:00 . 2010-04-25 20:27 -------- d-----w- g:\documents and settings\All Users\Application Data\TP-LINK
    2010-04-25 20:31 . 2010-04-25 20:31 -------- d-----w- g:\documents and settings\All Users\Application Data\Atheros
    2010-04-20 05:30 . 2004-09-07 12:00 285696 ----a-w- g:\windows\system32\atmfd.dll
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\UC.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\RAR.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKZIP.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKUNZIP.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\NOCLOSE.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\LHA.PIF
    2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\ARJ.PIF
    2010-04-01 03:46 . 2010-04-01 03:46 65536 ----a-r- g:\documents and settings\astra\Application Data\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
    2010-03-31 12:10 . 2010-03-31 12:10 503808 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615666f2-n\msvcp71.dll
    2010-03-31 12:10 . 2010-03-31 12:10 499712 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615666f2-n\jmc.dll
    2010-03-31 12:10 . 2010-03-31 12:10 348160 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615666f2-n\msvcr71.dll
    2010-03-31 12:10 . 2010-03-31 12:10 61440 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a04ec09-n\decora-sse.dll
    2010-03-31 12:10 . 2010-03-31 12:10 12800 ----a-w- g:\documents and settings\astra\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a04ec09-n\decora-d3d.dll
    2008-10-28 20:30 . 2008-10-28 20:30 23 --sha-w- g:\windows\system32\bdcca4_d.dll
    .

    ------- Sigcheck -------

    [-] 2009-08-11 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . g:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\system32\dllcache\tcpip.sys
    [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . g:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . g:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-12 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vmware-tray"="g:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]
    "TWCU"="g:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-02-04 561263]
    "MSSE"="g:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
    "COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="g:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

    g:\documents and settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε€ž©ž\
    Rainmeter.lnk - g:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "g:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="G:\Yellow flower.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=g:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ pgdfgsvc G 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^MagicDisc.lnk]
    backup=g:\windows\pss\MagicDisc.lnkStartup
    path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\MagicDisc.lnk

    [HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.1.lnk]
    backup=g:\windows\pss\OpenOffice.org 3.1.lnkStartup
    path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\OpenOffice.org 3.1.lnk

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-w- g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- g:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- g:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-08-12 12:53 133104 ----atw- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
    2007-11-02 12:52 36864 ----a-w- g:\program files\HP\HP UT\bin\hppusg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 16:30 1695232 ------w- g:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2009-11-02 10:53 18782720 ----a-w- g:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MDM"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "Autodesk Licensing Service"=3 (0x3)
    "Ati HotKey Poller"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "ABBYY.Licensing.FineReader.Professional.10.0"=2 (0x2)
    "iPod Service"=3 (0x3)
    "ABBYY.Licensing.FineReader.Professional.9.0"=3 (0x3)
    "WMPNetworkSvc"=3 (0x3)
    "wfxsvc"=2 (0x2)
    "ose"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\uTorrent\\utorrent.exe"=
    "d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
    "d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
    "d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
    "g:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R0 CFRMD;CFRMD;g:\windows\System32\drivers\CFRMD.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
    R3 aswArKrn;aswArKrn;g:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [x]
    R3 CheckFSD;Antiy Labs FSD Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\CheckFSD.sys [2008-04-09 8728]
    R3 CheckSSDT;Antiy Labs SSDT Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\SSDT.sys [2008-04-09 8856]
    R3 CMC AntiRootkit Service;CMC AntiRootkit Servic;g:\windows\system32\drivers\cmcantirootkit.sys [2010-06-14 522636]
    R3 HookMsg;Antiy Labs MsgHook Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\ABaseDrv.sys [2008-04-09 8472]
    R3 IRPFile;Antiy Labs IRP FILE;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\IrpFile.sys [2008-07-25 11848]
    R3 LQIHFPK;LQIHFPK;g:\docume~1\astra\LOCALS~1\Temp\LQIHFPK.exe [x]
    R3 NK;NK;g:\docume~1\astra\LOCALS~1\Temp\NK.exe [x]
    R3 NNFQO;NNFQO;g:\docume~1\astra\LOCALS~1\Temp\NNFQO.exe [x]
    R3 pbfilter;pbfilter;g:\program files\PeerBlock\pbfilter.sys [2010-06-09 18544]
    R3 PEN;PEN;g:\docume~1\astra\LOCALS~1\Temp\PEN.exe [x]
    R3 rk_remover-boot;rk_remover-boot;g:\windows\system32\drivers\rk_remover.sys [2010-06-16 52736]
    R3 SunkFilt62;Alcor Micro Corp - 6362;g:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;g:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 100048]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 YYWDKYIS;YYWDKYIS;g:\docume~1\astra\LOCALS~1\Temp\YYWDKYIS.exe [x]
    R4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;g:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
    R4 Application Updater;Application Updater;g:\program files\Application Updater\ApplicationUpdater.exe [x]
    R4 sptd;sptd;g:\windows\system32\Drivers\sptd.sys [2009-11-14 691696]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 229312]
    S1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
    S2 vmci;VMware vmci;g:\windows\system32\Drivers\vmci.sys [2010-01-22 70704]
    S2 VMUSBArbService;VMware USB Arbitration Service;g:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-19 g:\windows\Tasks\COMODO System Cleaner Update.job
    - g:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 12:41]

    2010-06-18 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003Core.job
    - g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]

    2010-06-20 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003UA.job
    - g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]

    2010-06-20 g:\windows\Tasks\MP Scheduled Scan.job
    - g:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.gr/
    uInternet Settings,ProxyOverride = local
    IE: Ε&ξαγωγή στο Microsoft Excel - g:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    LSP: g:\program files\VMware\VMware Workstation\vsocklib.dll
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    FF - ProfilePath - g:\documents and settings\astra\Application Data\Mozilla\Firefox\Profiles\pvs1v4h5.default\
    FF - plugin: g:\documents and settings\astra\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: g:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: g:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    g:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADLTScriptFile
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
    MSConfigStartUp-SearchSettings - g:\program files\pdfforge Toolbar\SearchSettings.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-20 20:00
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 10]
    "GameDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2010\\"
    "HistoryDir"="g:\\Documents and Settings\\astra\\Επιφάνεια εργασίας\\FM Genie Scout 10\\History Points"
    "LangDB"="g:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:0000006f
    "UniqueID"="E5-E280-E46F"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009]
    "GameDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009"
    "SaveDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\"
    "HistoryDir"="g:\\Documents and Settings\\astra\\Επιφάνεια εργασίας\\FM Genie Scout 2009\\History Points"
    "LangDB"="g:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
    "LastSaveGame"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\games\\aris.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00009b7a
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000062
    "UniqueID"="E5-E280-EF1F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
    "Currency"=dword:0000001c
    "GameDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\games"
    "ShortlistDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\shortlists"
    "ScreenshotsDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009"
    "SaveDir"="g:\\Documents and Settings\\astra\\Τα έγγραφά μου\\Sports Interactive\\Football Manager 2009\\"
    "HistoryDir"="g:\\Documents and Settings\\astra\\Επιφάνεια εργασίας\\FM Genie Scout 2009 XE\\History Points"
    "LangDB"="g:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000000
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000067
    "UniqueID"="E5-E280-EF1F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "GraphStep"=dword:00000000

    [HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD8B8F52-5380-7448-7981-0C07F50FC781}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abgjnaihlhjdcomdoghlbpjkdolojbdaph"=hex:70,61,65,6a,68,67,70,69,6f,6f,6f,66,
    6d,65,6d,6a,61,70,67,6a,61,62,6b,63,70,6f,65,67,6d,6a,68,64,00,00
    "mafjihbhhgocikpanlllgjpnen"=hex:6f,61,67,68,6c,69,68,70,69,64,69,6a,6d,65,6e,
    69,66,6e,6a,6c,69,68,66,6e,70,61,68,6c,62,6a,00,64

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ΐ•€|ω•9~*]
    "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
    @DACL=(02 0012)
    @Denied: (Read) (Administrators)
    @Denied: (B E 1 4 5) (Administrators)
    "midimapper"="midimap.dll"
    "msacm.imaadpcm"="imaadp32.acm"
    "msacm.msadpcm"="msadp32.acm"
    "msacm.msg711"="msg711.acm"
    "msacm.msgsm610"="msgsm32.acm"
    "msacm.trspch"="tssoft32.acm"
    "vidc.cvid"="iccvid.dll"
    "vidc.iv31"="ir32_32.dll"
    "vidc.iv32"="ir32_32.dll"
    "vidc.iv41"="ir41_32.ax"
    "VIDC.IYUV"="iyuv_32.dll"
    "vidc.mrle"="msrle32.dll"
    "vidc.msvc"="msvidc32.dll"
    "VIDC.UYVY"="msyuv.dll"
    "VIDC.YUY2"="msyuv.dll"
    "VIDC.YVU9"="tsbyuv.dll"
    "VIDC.YVYU"="msyuv.dll"
    "wavemapper"="msacm32.drv"
    "msacm.msg723"="msg723.acm"
    "vidc.M263"="msh263.drv"
    "vidc.M261"="msh261.drv"
    "msacm.msaudio1"="msaud32.acm"
    "msacm.sl_anet"="sl_anet.acm"
    "msacm.iac2"="g:\\WINDOWS\\system32\\iac25_32.ax"
    "vidc.iv50"="ir50_32.dll"
    "msacm.l3acm"="g:\\WINDOWS\\system32\\l3codeca.acm"
    "VIDC.I420"="i420vfw.dll"
    "MSVideo8"="VfWWDM32.dll"
    "MSVideo"="vfwwdm32.dll"
    "wave"="wdmaud.drv"
    "midi"="wdmaud.drv"
    "mixer"="wdmaud.drv"
    "aux"="wdmaud.drv"
    "wave3"="wdmaud.drv"
    "midi3"="wdmaud.drv"
    "mixer3"="wdmaud.drv"
    "aux3"="wdmaud.drv"
    "vidc.yv12"="yv12vfw.dll"
    "wave6"="serwvdrv.dll"
    "wave2"="wdmaud.drv"
    "midi2"="wdmaud.drv"
    "mixer2"="wdmaud.drv"
    "aux2"="wdmaud.drv"
    "VIDC.FFDS"="ff_vfw.dll"
    "wave1"="wdmaud.drv"
    "midi1"="wdmaud.drv"
    "mixer1"="wdmaud.drv"
    "aux1"="wdmaud.drv"
    "VIDC.VMnc"="vmnc.dll"
    "wave4"="wdmaud.drv"
    "mixer4"="wdmaud.drv"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1452)
    g:\windows\system32\guard32.dll
    g:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(1636)
    g:\windows\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(588)
    g:\windows\system32\guard32.dll
    g:\windows\system32\webcheck.dll
    g:\windows\system32\WPDShServiceObj.dll
    g:\windows\system32\PortableDeviceTypes.dll
    g:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-06-20 20:02:26
    ComboFix-quarantined-files.txt 2010-06-20 17:02
    ComboFix2.txt 2010-06-17 05:16

    Pre-Run: 14 Κατάλογοι 434.533.781.504 διαθέσιμα byte
    Post-Run: 15 Κατάλογοι 434.517.213.184 διαθέσιμα byte

    - - End Of File - - 1CAF90822C36F98371B66F5421614A31
  4. 2010-06-20, 19:24 #4
    PUHLuR
    PUHLuR is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    21

    Default ComboFix.txt New dds log

    and here is the new dds log


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by astra at 20:15:30,39 on Κυρ 20/06/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.gr/
    uInternet Settings,ProxyOverride = local
    mWinlogon: UIHost=G:\Yellow flower.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - g:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    uRun: [Google Update] "g:\documents and settings\astra\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [vmware-tray] "g:\program files\vmware\vmware workstation\vmware-tray.exe"
    mRun: [TWCU] "g:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
    mRun: [MSSE] "g:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [COMODO Internet Security] "g:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: g:\docume~1\alluse~1\startm~1\f2da~1\599a~1\rainme~1.lnk - g:\program files\rainmeter\Rainmeter.exe
    IE: Ε&ξαγωγή στο Microsoft Excel - g:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: g:\program files\vmware\vmware workstation\vsocklib.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229157474656
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239954420281
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: g:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
    SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - g:\program files\winfax\WfxSeh32.Dll

    ================= FIREFOX ===================

    FF - ProfilePath - g:\docume~1\astra\applic~1\mozilla\firefox\profiles\pvs1v4h5.default\
    FF - plugin: g:\documents and settings\astra\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: g:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============


    ============== File Associations ===============

    .scr=AutoCADLTScriptFile

    =============== Created Last 30 ================

    2010-06-20 16:54:18 98816 ----a-w- g:\windows\sed.exe
    2010-06-20 16:54:18 77312 ----a-w- g:\windows\MBR.exe
    2010-06-20 16:54:18 256512 ----a-w- g:\windows\PEV.exe
    2010-06-20 16:54:18 161792 ----a-w- g:\windows\SWREG.exe
    2010-06-17 07:36:37 0 d-----w- g:\program files\Safer Networking
    2010-06-17 05:05:28 0 d-sha-r- G:\cmdcons
    2010-06-16 19:33:44 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
    2010-06-16 08:41:51 11831757 ----a-w- g:\windows\system32\GKHBVMXGMCMWN
    2010-06-15 06:15:13 76 ----a-w- G:\fraglist.luar
    2010-06-14 14:01:19 522636 ----a-w- g:\windows\system32\drivers\cmcantirootkit.sys
    2010-06-13 21:05:52 12872 ----a-w- g:\windows\system32\bootdelete.exe
    2010-06-13 20:27:44 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
    2010-06-13 20:27:32 0 d-----w- g:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-06-13 18:08:31 0 d-----w- g:\docume~1\astra\applic~1\Malwarebytes
    2010-06-13 18:08:21 0 d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-12 19:18:47 256 ----a-w- g:\documents and settings\astra\.pulse-cookie
    2010-06-12 17:04:00 0 d-----w- g:\program files\JRE
    2010-06-12 14:45:01 0 d-----w- g:\program files\iPod
    2010-06-12 14:44:57 0 d-----w- g:\program files\iTunes
    2010-06-12 14:44:57 0 d-----w- g:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-12 14:05:38 0 d-----w- g:\program files\Phyxion.net
    2010-06-12 07:34:54 0 d-----w- g:\program files\PeerBlock
    2010-06-12 07:23:54 0 d-----w- g:\docume~1\alluse~1\applic~1\COMODO
    2010-06-12 07:11:34 0 d-----w- g:\docume~1\astra\applic~1\ComodoGroup
    2010-06-12 06:39:10 0 d-----w- g:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-06-12 06:14:05 0 d-----w- g:\documents and settings\astra\Application DataComodoGroup
    2010-06-11 11:33:14 0 d-----w- g:\program files\zabkat
    2010-06-11 08:28:57 0 d-----w- g:\documents and settings\astra\.freeplane
    2010-06-10 22:11:05 0 d-----w- g:\windows\SHELLNEW
    2010-06-08 20:48:18 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
    2010-06-08 20:48:18 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
    2010-06-08 20:48:18 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
    2010-06-08 20:48:17 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
    2010-06-08 20:48:17 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
    2010-06-08 20:48:16 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
    2010-06-08 20:48:16 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
    2010-06-08 20:48:16 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
    2010-06-08 20:48:15 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
    2010-06-08 20:48:15 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
    2010-06-08 20:48:15 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
    2010-06-08 20:48:14 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
    2010-06-08 18:47:50 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
    2010-06-06 15:53:24 0 d-----w- g:\docume~1\astra\applic~1\Search Settings
    2010-06-06 15:53:15 0 d-----w- g:\docume~1\astra\applic~1\pdfforge
    2010-06-06 15:43:02 0 d-----w- g:\program files\pdfforge Toolbar
    2010-06-06 15:42:37 137000 ----a-w- g:\windows\system32\MSMAPI32.OCX
    2010-06-06 15:42:37 116224 ----a-w- g:\windows\system32\pdfcmnnt.dll
    2010-06-06 15:42:36 23552 ----a-w- g:\windows\system32\MSMPIDE.DLL
    2010-06-06 15:42:35 0 d-----w- g:\program files\PDFCreator
    2010-06-06 15:26:51 0 d-----w- g:\docume~1\astra\applic~1\Zeon
    2010-06-06 15:26:49 0 d-----w- g:\docume~1\alluse~1\applic~1\Nuance
    2010-06-06 15:26:16 0 d-----w- g:\docume~1\alluse~1\applic~1\Downloaded Installations
    2010-06-04 08:55:58 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
    2010-06-04 07:42:55 0 d-----w- g:\program files\common files\ABBYY
    2010-06-04 07:40:19 0 d-----w- g:\program files\ABBYY FineReader 9.0
    2010-06-01 16:00:52 278288 ----a-w- g:\windows\system32\guard32.dll
    2010-06-01 16:00:22 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
    2010-06-01 16:00:20 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys

    ==================== Find3M ====================

    2010-06-20 16:33:57 684902 ----a-w- g:\windows\system32\perfh008.dat
    2010-06-20 16:33:57 145016 ----a-w- g:\windows\system32\perfc008.dat
    2010-05-21 11:14:28 221568 ------w- g:\windows\system32\MpSigStub.exe
    2010-05-16 07:18:53 411368 ----a-w- g:\windows\system32\deployJava1.dll
    2010-05-14 05:03:56 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
    2010-05-06 10:33:33 916480 ----a-w- g:\windows\system32\wininet.dll
    2010-05-02 08:07:34 1851520 ----a-w- g:\windows\system32\win32k.sys
    2010-04-20 05:30:47 285696 ----a-w- g:\windows\system32\atmfd.dll
    2008-10-28 20:30:56 23 --sha-w- g:\windows\system32\bdcca4_d.dll

    ============= FINISH: 20:15:40,84 ===============
  5. 2010-06-20, 20:11 #5
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  6. 2010-06-20, 20:48 #6
    PUHLuR
    PUHLuR is offline
    Junior Member
    Join Date
    Jun 2010
    Posts
    21

    Default Malwarebytes' Anti-Malware Log

    hi this is Malwarebytes' Anti-Malware Log


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4219

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    20/6/2010 9:44:58 μμ
    mbam-log-2010-06-20 (21-44-58).txt

    Scan type: Quick scan
    Objects scanned: 136606
    Time elapsed: 2 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules