Spybot says Win32.TDSS.rtk

[asianpride]

Spybot says its win32.TDSS.rtk not sure if thats it. Would appricate any help i can get in removing it and if anything else i got. My tech skills are LOW.

Thanks alot in advance and i know i spell bad.

here is the Hijack Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:44 AM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {29218B6D-907B-3446-ABB1-F531DF4D3A45} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [GridinSoft Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: jsr468ijdfghfjsw3rw3i6tjag80 - Unknown owner - C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 9209 bytes

 

[Shaba]

Hi asianpride

Download gmer.zip and save to your desktop.
alternate download site

• Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
• When you have done this, disconnect from the Internet and close all running programs.
  There is a small chance this application may crash your computer so save any work you have open.
• Double-click on Gmer.exe to start the program.
• Allow the gmer.sys driver to load if asked.
• If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
• Click on the Rootkit tab.
• Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
• Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
• Click on the "Scan" and wait for the scan to finish.
  Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
• When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
• Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

 

[asianpride]

gmer scan

gmer scan


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-23 00:08:55
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x62 ? 86766BF8
INT 0x63 ? 865C8F00
INT 0x73 ? 86766BF8
INT 0x94 ? 865C8F00
INT 0xA4 ? 865C8F00
INT 0xB4 ? 865C8F00

Code 860320B8 ZwEnumerateKey
Code 8603E0B8 ZwFlushInstructionCache
Code 862E4756 IofCallDriver
Code 8620328E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 862E475B
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86203293
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8603E0BC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 3 Bytes JMP 860320BC
PAGE ntkrnlpa.exe!ZwEnumerateKey + 4 80623FF4 1 Byte [05]
? spvb.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F64958AC 5 Bytes JMP 865C84E0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\spoolsv.exe[260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\wuauclt.exe[316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A
.text C:\Program Files\Messenger\msmsgs.exe[488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AE000A
.text C:\Program Files\Messenger\msmsgs.exe[488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AF000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[540] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007D000A
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\winlogon.exe[920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\winlogon.exe[920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0067000A
.text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0084000A
.text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\nvsvc32.exe[1168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007E000A
.text C:\WINDOWS\system32\nvsvc32.exe[1168] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007F000A
.text C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe[1556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007E000A
.text C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe[1556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\ctfmon.exe[1600] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\ctfmon.exe[1600] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009B000A
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B1000A
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B3000A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CD000A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CE000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CC000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CE000A
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AB000A
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1760] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AC000A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007F000A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0080000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1836] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1960] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\WINDOWS\system32\wuauclt.exe[3200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\wuauclt.exe[3200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\PnkBstrA.exe[3744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\PnkBstrA.exe[3744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\PnkBstrB.exe[3980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\PnkBstrB.exe[3980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\Documents and Settings\Asianpride\Desktop\gmer.exe[4064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Documents and Settings\Asianpride\Desktop\gmer.exe[4064] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7412042] spvb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F741213E] spvb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74120C0] spvb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7412800] spvb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74126D6] spvb.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867651F8
Device \Driver\Tcpip \Device\Ip avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{9590E44D-1887-4FCA-924B-7CFE2E61DFAE} 862FD500
Device \Driver\usbuhci \Device\USBPDO-0 865C6500
Device \Driver\usbuhci \Device\USBPDO-1 865C6500
Device \Driver\usbuhci \Device\USBPDO-2 865C6500
Device \Driver\usbuhci \Device\USBPDO-3 865C6500
Device \Driver\usbehci \Device\USBPDO-4 865CF500
Device \Driver\Tcpip \Device\Tcp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 867D71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 862FD500
Device \Driver\NetBT \Device\NetbiosSmb 862FD500
Device \Driver\PCI_PNP6222 \Device\0000004c spvb.sys
Device \Driver\Tcpip \Device\Udp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 865C6500
Device \Driver\usbuhci \Device\USBFDO-1 865C6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D3D1F8
Device \Driver\Tcpip \Device\IPMULTICAST avgtdi.sys (AVG Network connection watcher/GRISOFT, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-2 865C6500
Device \Driver\sptd \Device\3690983722 spvb.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D3D1F8
Device \Driver\usbuhci \Device\USBFDO-3 865C6500
Device \Driver\usbehci \Device\USBFDO-4 865CF500
Device \Driver\Ftdisk \Device\FtControl 867D71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9136EAD2-9A1F-4830-A94E-3EADE40FEC4A} 862FD500
Device \Driver\a60aef8i \Device\Scsi\a60aef8i1 8634D1F8
Device \Driver\a60aef8i \Device\Scsi\a60aef8i1Port3Path0Target0Lun0 8634D1F8
Device \FileSystem\Fastfat \Fat 85D7A1F8
Device \FileSystem\Fastfat \Fat B6A35297

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Cdfs \Cdfs 862C6500
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [188] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [336] 0x00E20000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1196] 0x03080000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1308] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1308] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1476] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1476] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1532] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1532] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1744] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1744] 0x00BD0000
Library \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [4056] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [4056] 0x00BD0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACejiewunwyasumvj.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0x33 0xF3 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x7B 0xBA 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0xCD 0x2E 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xE9 0x31 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA2 0x11 0x5A 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0E 0x77 0xD1 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACejiewunwyasumvj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACejiewunwyasumvj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwyujacjgoilrxoe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcpsbvmxmdcogrdx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACfrfolwevpibmnetid.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACwfwxxqhqbrnbijwmx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACaitbfylllnsnbhhem.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACoyupuxrmbfxmogjqm.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdpfwkrubgxnjhilfx.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACtuekjyfhskymxcdjx.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAChjknwstlfrvoyxhqb.log
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0x33 0xF3 0x14 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC8 0x7B 0xBA 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0xCD 0x2E 0x7E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0xE9 0x31 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA2 0x11 0x5A 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0E 0x77 0xD1 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACejiewunwyasumvj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACejiewunwyasumvj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwyujacjgoilrxoe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcpsbvmxmdcogrdx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACfrfolwevpibmnetid.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACwfwxxqhqbrnbijwmx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACaitbfylllnsnbhhem.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACoyupuxrmbfxmogjqm.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACttavhesmegmubfypu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACfxmytyqxfkvisuxdq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdpfwkrubgxnjhilfx.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACtuekjyfhskymxcdjx.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UAChjknwstlfrvoyxhqb.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Asianpride\Local Settings\Temp\nsb1C8.tmp\UAC.dll 13824 bytes executable
File C:\Documents and Settings\Asianpride\Local Settings\Temp\nso54.tmp\UAC.dll 15360 bytes executable
File C:\Documents and Settings\Asianpride\Local Settings\Temp\nsr50.tmp\UAC.dll 15360 bytes executable
File C:\Documents and Settings\Asianpride\Local Settings\Temp\UAC26.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACejiewunwyasumvj.sys 51712 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACfrfolwevpibmnetid.dll 19968 bytes executable
File C:\WINDOWS\system32\UACaitbfylllnsnbhhem.dll 19456 bytes executable
File C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat 224 bytes
File C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log 21975 bytes
File C:\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll 66560 bytes
File C:\WINDOWS\system32\uacinit.dll 6300 bytes
File C:\WINDOWS\system32\UAClqlnpsjloldwtpa.dll 19968 bytes executable
File C:\WINDOWS\system32\UACoyupuxrmbfxmogjqm.db 1110399 bytes
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\UACttavhesmegmubfypu.dll 30208 bytes executable
File C:\WINDOWS\system32\UACwfwxxqhqbrnbijwmx.dll 17408 bytes executable
File C:\WINDOWS\system32\UACwyujacjgoilrxoe.dll 23552 bytes executable
File C:\WINDOWS\Temp\UAC6750.tmp 66560 bytes

---- EOF - GMER 1.0.15 ----

 

[Shaba]

Yes you have tdss rootkit.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

 

[asianpride]

ComboFix Log/ Fresh HijackThis Log

ComboFix Log

ComboFix 09-06-22.05 - Asianpride 06/23/2009 0:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.689 [GMT -5:00]
Running from: c:\documents and settings\Asianpride\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: AVG Firewall 7.5.500 *enabled* {8DECF618-9569-4340-B34A-D78D28969B66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\UACejiewunwyasumvj.sys
c:\windows\system32\UACaitbfylllnsnbhhem.dll
c:\windows\system32\UACcpsbvmxmdcogrdx.dat
c:\windows\system32\UACdpfwkrubgxnjhilfx.log
c:\windows\system32\UACfrfolwevpibmnetid.dll
c:\windows\system32\UACfxmytyqxfkvisuxdq.dll
c:\windows\system32\UAChjknwstlfrvoyxhqb.log
c:\windows\system32\UACoyupuxrmbfxmogjqm.db
c:\windows\system32\uactmp.db
c:\windows\system32\UACttavhesmegmubfypu.dll
c:\windows\system32\UACtuekjyfhskymxcdjx.log
c:\windows\system32\UACwfwxxqhqbrnbijwmx.dll
c:\windows\system32\UACwyujacjgoilrxoe.dll
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 05:26 . 2009-06-23 05:29 -------- d-----w- C:\32788R22FWJFW
2009-06-22 15:56 . 2009-06-22 15:56 -------- d-----w- c:\program files\Trend Micro
2009-06-22 15:55 . 2009-06-22 15:55 -------- d-----w- c:\program files\ERUNT
2009-06-22 13:20 . 2009-06-22 13:22 -------- d-----w- C:\totalcmd
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\UC.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\RAR.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\LHA.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\ARJ.PIF
2009-06-22 02:57 . 2009-06-22 13:12 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2009-06-22 02:43 . 2009-06-22 02:43 2855 ----a-w- c:\windows\system32\mem.PIF
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\documents and settings\Asianpride\Application Data\TeamViewer
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\program files\TeamViewer
2009-06-21 23:51 . 2009-06-21 23:51 -------- d-----w- c:\documents and settings\Asianpride\temp
2009-06-21 23:46 . 2009-06-21 23:46 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:14 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Help
2009-06-21 14:43 . 2009-06-22 15:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 14:43 . 2009-06-22 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 12:17 . 2009-06-15 12:17 -------- d-----w- c:\documents and settings\Asianpride\Application Data\2K Sports
2009-06-15 11:44 . 2009-06-15 12:01 -------- d-----w- c:\program files\Major League Baseball 2K9
2009-06-15 11:44 . 2009-06-15 11:44 -------- d-----w- c:\windows\Major League Baseball 2K9
2009-06-15 03:04 . 2009-06-15 03:04 -------- d-----w- C:\GamesCampus
2009-06-14 01:23 . 2009-06-14 01:23 390664 ----a-w- c:\documents and settings\Asianpride\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-13 18:03 . 2009-06-13 18:03 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno Receiver
2009-06-13 18:03 . 2009-03-19 15:42 217088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno
2009-06-13 00:02 . 2009-06-13 00:02 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\World in Conflict
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-09 17:45 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2009-06-09 17:44 . 2009-06-09 17:45 -------- d-----w- c:\program files\G-Collections
2009-06-09 17:25 . 2009-06-09 17:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-07 01:53 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-07 01:53 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-07 01:52 . 2009-06-07 01:52 -------- d-----w- c:\program files\iPod
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\program files\iTunes
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-07 01:52 . 2009-06-22 16:49 -------- d-----w- c:\program files\Bonjour
2009-06-07 01:51 . 2009-06-07 01:51 -------- d-----w- c:\program files\QuickTime
2009-06-07 01:51 . 2009-06-07 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-07 01:50 . 2009-05-29 18:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-07 01:50 . 2009-05-29 18:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-07 01:49 . 2009-06-07 01:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-07 01:44 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-07 01:44 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-07 01:44 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-07 01:44 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Real
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\Real
2009-05-30 17:50 . 2009-05-30 17:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 23:10 . 2009-05-29 23:10 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-29 23:10 . 2009-05-29 23:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-29 06:51 . 2009-06-07 02:09 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Apple Computer
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\program files\Apple Software Update
2009-05-29 06:22 . 2009-06-07 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-29 06:22 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple Computer
2009-05-29 01:42 . 2009-05-29 19:33 -------- d-----w- c:\program files\Total Video Converter
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Riva
2009-05-29 00:40 . 2009-05-29 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-29 00:17 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-05-29 00:17 . 2009-05-29 00:17 -------- d-----w- c:\program files\MagicDisc
2009-05-29 00:16 . 2009-06-07 03:52 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 05:29 . 2009-01-27 02:23 -------- d-----w- c:\documents and settings\Asianpride\Application Data\AVG7
2009-06-23 05:25 . 2009-01-27 02:34 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Xfire
2009-06-22 16:50 . 2009-06-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-22 13:12 . 2009-02-15 14:36 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Hamachi
2009-06-21 17:14 . 2009-06-21 16:34 -------- d-----w- c:\program files\Security Task Manager
2009-06-19 00:17 . 2009-01-27 02:34 -------- d-----w- c:\program files\Xfire
2009-06-15 11:44 . 2009-01-27 01:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 18:02 . 2009-02-08 02:20 -------- d-----w- c:\program files\Dyyno
2009-06-12 23:31 . 2009-05-05 01:20 -------- d-----w- c:\program files\Playlogic
2009-06-09 17:27 . 2009-01-30 16:42 -------- d-----w- c:\documents and settings\Asianpride\Application Data\DAEMON Tools Lite
2009-06-09 17:25 . 2009-01-30 16:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-09 17:18 . 2009-01-30 16:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 12:17 . 2009-04-01 01:28 -------- d-----w- c:\program files\PokerStars
2009-06-04 02:11 . 2009-02-01 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 02:10 . 2009-02-01 13:38 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-04 01:40 . 2009-01-27 01:28 74960 ----a-w- c:\documents and settings\Asianpride\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 16:45 . 2009-05-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-29 20:15 . 2009-02-04 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-29 20:12 . 2009-02-01 14:17 -------- d-----w- c:\program files\MSBuild
2009-05-29 20:02 . 2009-01-31 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 08:00 . 2009-05-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 04:05 . 2009-05-22 04:05 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Nero
2009-05-17 05:55 . 2009-04-19 20:45 -------- d-----w- c:\program files\Activision
2009-05-13 23:27 . 2009-05-13 23:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-11 22:58 . 2009-05-11 22:58 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-11 22:56 . 2009-01-27 01:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 21:19 . 2009-05-10 21:19 -------- d-----w- c:\program files\Original War
2009-05-07 15:32 . 2004-08-12 13:59 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 01:04 . 2009-01-28 01:52 -------- d-----w- c:\program files\SD EnterNET
2009-05-03 12:37 . 2009-05-03 12:37 -------- d-----w- c:\program files\Virgin Interactive
2009-05-02 04:08 . 2009-04-19 20:55 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-02 04:06 . 2009-04-19 20:56 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-02 04:06 . 2009-04-19 20:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-02 03:29 . 2009-05-02 02:43 -------- d-----w- c:\program files\Qtracker
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2009-01-27 01:25 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2007-05-21 07:32 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2007-05-21 07:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2007-05-21 07:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2007-05-21 07:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-29 04:56 . 2004-08-12 14:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 05:42 . 2009-01-27 01:22 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 20:41 . 2009-04-03 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-25 16:03 . 2009-04-25 03:58 -------- d-----w- c:\program files\EA Games
2009-04-22 05:20 . 2009-04-22 05:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 05:20 . 2009-04-22 05:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-17 12:26 . 2004-08-12 14:09 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:31 . 2009-04-25 03:57 1099128 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 20:31 . 2009-04-25 03:57 729088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 23:34 . 2009-04-09 02:31 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-04-09 23:34 . 2009-04-09 02:31 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-04-09 23:34 . 2009-04-09 02:31 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-09 23:34 . 2009-04-09 02:31 335872 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-04-09 23:34 . 2009-04-09 02:31 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-04-09 23:34 . 2009-04-09 02:30 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-04-03 17:39 . 2009-04-03 17:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"GridinSoft Trojan Killer"="c:\program files\GridinSoft Trojan Killer\trojankiller.exe" [2009-06-21 3757568]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD5109"="del" [X]
"SpybotDeletingD3771"="del" [X]
"SpybotDeletingD4728"="del" [X]
"SpybotDeletingD1592"="del" [X]
"SpybotDeletingD4767"="del" [X]
"SpybotDeletingD2751"="del" [X]
"SpybotDeletingD1610"="del" [X]
"SpybotDeletingD2013"="del" [X]
"SpybotDeletingD5208"="del" [X]
"SpybotDeletingD6293"="del" [X]
"SpybotDeletingD9498"="del" [X]
"SpybotDeletingD6754"="del" [X]
"SpybotDeletingD1373"="del" [X]
"SpybotDeletingD4313"="del" [X]
"SpybotDeletingD1165"="del" [X]
"SpybotDeletingD2141"="del" [X]
"SpybotDeletingD9409"="del" [X]
"SpybotDeletingD1672"="del" [X]
"SpybotDeletingB3335"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB3515"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB8348"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB8251"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB6642"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB9584"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB8574"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB70"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB5993"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB6985"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB6303"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB7674"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB5949"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB4302"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB6901"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB8609"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB1540"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingB5234"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-01-27 590848]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC5404"="del" [X]
"SpybotDeletingC5691"="del" [X]
"SpybotDeletingC4755"="del" [X]
"SpybotDeletingC6995"="del" [X]
"SpybotDeletingC546"="del" [X]
"GrpConv"="grpconv -o" [X]
"SpybotDeletingA2636"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingA3201"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingA1869"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]
"SpybotDeletingA8777"="command.com" - c:\windows\system32\command.com [2004-08-12 50620]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-01-27 219136]

c:\documents and settings\Asianpride\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-2-15 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-28 576000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Asianpride\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57858:TCP"= 57858:TCPando Media Booster
"57858:UDP"= 57858:UDPando Media Booster

S2 jsr468ijdfghfjsw3rw3i6tjag80;jsr468ijdfghfjsw3rw3i6tjag80;c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe --> c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-AVG Anti-Spyware Driver


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\avgfwafu.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 00:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ê0ê0¹0\þ[T›Í_¢0µ0®0ÿ^ÿëm*‹n0qg¬N*0ó0°0À0à0^ÿ]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:42,0c,0d,3a,23,b9,14,d8,2c,13,c1,97,0d,2f,96,ee,2e,05,2d,37,59,
ce,a5,a4,13,ec,a1,e7,9c,4a,d0,6d,6b,df,bf,19,21,c6,82,b8,a6,b4,62,38,70,f8,\
"rkeysecu"=hex:f8,68,ea,dc,d0,0c,c5,41,05,7d,7b,44,cd,f0,00,5b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\avgfwafu.dll
.
Completion time: 2009-06-23 0:42
ComboFix-quarantined-files.txt 2009-06-23 05:42

Pre-Run: 12,411,760,640 bytes free
Post-Run: 12,456,042,496 bytes free

324 --- E O F --- 2009-06-12 08:08





HiJack This LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:17 AM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5404] cmd.exe /c del "C:\WINDOWS\system32\UACwyujacjgoilrxoe.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2636] command.com /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5691] cmd.exe /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3201] command.com /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4755] cmd.exe /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1869] command.com /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6995] cmd.exe /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8777] command.com /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC546] cmd.exe /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [GridinSoft Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
O4 - HKCU\..\RunOnce: [SpybotDeletingB3335] command.com /c del "C:\WINDOWS\Temp\UAC6750.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5109] cmd.exe /c del "C:\WINDOWS\Temp\UAC6750.tmp_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3515] command.com /c del "C:\WINDOWS\Temp\UAC6750.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3771] cmd.exe /c del "C:\WINDOWS\Temp\UAC6750.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8348] command.com /c del "C:\WINDOWS\system32\drivers\UACejiewunwyasumvj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4728] cmd.exe /c del "C:\WINDOWS\system32\drivers\UACejiewunwyasumvj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8251] command.com /c del "C:\WINDOWS\system32\UACaitbfylllnsnbhhem.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1592] cmd.exe /c del "C:\WINDOWS\system32\UACaitbfylllnsnbhhem.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6642] command.com /c del "C:\WINDOWS\system32\UACfrfolwevpibmnetid.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd.exe /c del "C:\WINDOWS\system32\UACfrfolwevpibmnetid.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9584] command.com /c del "C:\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2751] cmd.exe /c del "C:\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8574] command.com /c del "C:\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1610] cmd.exe /c del "C:\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB70] command.com /c del "C:\WINDOWS\system32\uacinit.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2013] cmd.exe /c del "C:\WINDOWS\system32\uacinit.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5993] command.com /c del "C:\WINDOWS\system32\uacinit.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5208] cmd.exe /c del "C:\WINDOWS\system32\uacinit.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6985] command.com /c del "C:\WINDOWS\system32\UAClqlnpsjloldwtpa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6293] cmd.exe /c del "C:\WINDOWS\system32\UAClqlnpsjloldwtpa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6303] command.com /c del "C:\WINDOWS\system32\UAClqlnpsjloldwtpa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9498] cmd.exe /c del "C:\WINDOWS\system32\UAClqlnpsjloldwtpa.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7674] command.com /c del "C:\WINDOWS\system32\UACttavhesmegmubfypu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6754] cmd.exe /c del "C:\WINDOWS\system32\UACttavhesmegmubfypu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5949] command.com /c del "C:\WINDOWS\system32\UACwfwxxqhqbrnbijwmx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1373] cmd.exe /c del "C:\WINDOWS\system32\UACwfwxxqhqbrnbijwmx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4302] command.com /c del "C:\WINDOWS\system32\UACwyujacjgoilrxoe.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4313] cmd.exe /c del "C:\WINDOWS\system32\UACwyujacjgoilrxoe.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6901] command.com /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1165] cmd.exe /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8609] command.com /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2141] cmd.exe /c del "C:\WINDOWS\system32\UACdpfwkrubgxnjhilfx.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1540] command.com /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9409] cmd.exe /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5234] command.com /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1672] cmd.exe /c del "C:\WINDOWS\system32\UACcpsbvmxmdcogrdx.dat"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: jsr468ijdfghfjsw3rw3i6tjag80 - Unknown owner - C:\WINDOWS\jsr468ijdfghfjsw3rw3i6tjag81.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 12517 bytes

 

[Shaba]

Please see the link I gave you and install recovery console manually.

After that, please rerun combofix and post back a fresh combofix log.

 

[asianpride]

Fresh Combo Fix Log

ComboFix 09-06-22.05 - Asianpride 06/23/2009 0:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.651 [GMT -5:00]
Running from: c:\documents and settings\Asianpride\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asianpride\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: AVG Firewall 7.5.500 *enabled* {8DECF618-9569-4340-B34A-D78D28969B66}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-22 15:56 . 2009-06-22 15:56 -------- d-----w- c:\program files\Trend Micro
2009-06-22 15:55 . 2009-06-22 15:55 -------- d-----w- c:\program files\ERUNT
2009-06-22 13:20 . 2009-06-22 13:22 -------- d-----w- C:\totalcmd
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\UC.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\RAR.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\LHA.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\ARJ.PIF
2009-06-22 02:57 . 2009-06-22 13:12 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2009-06-22 02:43 . 2009-06-22 02:43 2855 ----a-w- c:\windows\system32\mem.PIF
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\documents and settings\Asianpride\Application Data\TeamViewer
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\program files\TeamViewer
2009-06-21 23:51 . 2009-06-21 23:51 -------- d-----w- c:\documents and settings\Asianpride\temp
2009-06-21 23:46 . 2009-06-21 23:46 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:14 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Help
2009-06-21 14:43 . 2009-06-22 15:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 14:43 . 2009-06-22 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 12:17 . 2009-06-15 12:17 -------- d-----w- c:\documents and settings\Asianpride\Application Data\2K Sports
2009-06-15 11:44 . 2009-06-15 12:01 -------- d-----w- c:\program files\Major League Baseball 2K9
2009-06-15 11:44 . 2009-06-15 11:44 -------- d-----w- c:\windows\Major League Baseball 2K9
2009-06-15 03:04 . 2009-06-15 03:04 -------- d-----w- C:\GamesCampus
2009-06-14 01:23 . 2009-06-14 01:23 390664 ----a-w- c:\documents and settings\Asianpride\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-13 18:03 . 2009-06-13 18:03 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno Receiver
2009-06-13 18:03 . 2009-03-19 15:42 217088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno
2009-06-13 00:02 . 2009-06-13 00:02 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\World in Conflict
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-09 17:45 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2009-06-09 17:44 . 2009-06-09 17:45 -------- d-----w- c:\program files\G-Collections
2009-06-09 17:25 . 2009-06-09 17:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-07 01:53 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-07 01:53 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-07 01:52 . 2009-06-07 01:52 -------- d-----w- c:\program files\iPod
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\program files\iTunes
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-07 01:52 . 2009-06-22 16:49 -------- d-----w- c:\program files\Bonjour
2009-06-07 01:51 . 2009-06-07 01:51 -------- d-----w- c:\program files\QuickTime
2009-06-07 01:51 . 2009-06-07 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-07 01:50 . 2009-05-29 18:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-07 01:50 . 2009-05-29 18:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-07 01:49 . 2009-06-07 01:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-07 01:44 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-07 01:44 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-07 01:44 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-07 01:44 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Real
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\Real
2009-05-30 17:50 . 2009-05-30 17:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 23:10 . 2009-05-29 23:10 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-29 23:10 . 2009-05-29 23:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-29 06:51 . 2009-06-07 02:09 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Apple Computer
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\program files\Apple Software Update
2009-05-29 06:22 . 2009-06-07 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-29 06:22 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple Computer
2009-05-29 01:42 . 2009-05-29 19:33 -------- d-----w- c:\program files\Total Video Converter
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Riva
2009-05-29 00:40 . 2009-05-29 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-29 00:17 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-05-29 00:17 . 2009-05-29 00:17 -------- d-----w- c:\program files\MagicDisc
2009-05-29 00:16 . 2009-06-07 03:52 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 05:29 . 2009-01-27 02:23 -------- d-----w- c:\documents and settings\Asianpride\Application Data\AVG7
2009-06-23 05:25 . 2009-01-27 02:34 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Xfire
2009-06-22 16:50 . 2009-06-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-22 13:12 . 2009-02-15 14:36 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Hamachi
2009-06-21 17:14 . 2009-06-21 16:34 -------- d-----w- c:\program files\Security Task Manager
2009-06-19 00:17 . 2009-01-27 02:34 -------- d-----w- c:\program files\Xfire
2009-06-15 11:44 . 2009-01-27 01:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 18:02 . 2009-02-08 02:20 -------- d-----w- c:\program files\Dyyno
2009-06-12 23:31 . 2009-05-05 01:20 -------- d-----w- c:\program files\Playlogic
2009-06-09 17:27 . 2009-01-30 16:42 -------- d-----w- c:\documents and settings\Asianpride\Application Data\DAEMON Tools Lite
2009-06-09 17:25 . 2009-01-30 16:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-09 17:18 . 2009-01-30 16:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 12:17 . 2009-04-01 01:28 -------- d-----w- c:\program files\PokerStars
2009-06-04 02:11 . 2009-02-01 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 02:10 . 2009-02-01 13:38 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-04 01:40 . 2009-01-27 01:28 74960 ----a-w- c:\documents and settings\Asianpride\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 16:45 . 2009-05-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-29 20:15 . 2009-02-04 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-29 20:12 . 2009-02-01 14:17 -------- d-----w- c:\program files\MSBuild
2009-05-29 20:02 . 2009-01-31 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 08:00 . 2009-05-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 04:05 . 2009-05-22 04:05 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Nero
2009-05-17 05:55 . 2009-04-19 20:45 -------- d-----w- c:\program files\Activision
2009-05-13 23:27 . 2009-05-13 23:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-11 22:58 . 2009-05-11 22:58 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-11 22:56 . 2009-01-27 01:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 21:19 . 2009-05-10 21:19 -------- d-----w- c:\program files\Original War
2009-05-07 15:32 . 2004-08-12 13:59 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 01:04 . 2009-01-28 01:52 -------- d-----w- c:\program files\SD EnterNET
2009-05-03 12:37 . 2009-05-03 12:37 -------- d-----w- c:\program files\Virgin Interactive
2009-05-02 04:08 . 2009-04-19 20:55 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-02 04:06 . 2009-04-19 20:56 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-02 04:06 . 2009-04-19 20:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-02 03:29 . 2009-05-02 02:43 -------- d-----w- c:\program files\Qtracker
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2009-01-27 01:25 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2007-05-21 07:32 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2007-05-21 07:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2007-05-21 07:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2007-05-21 07:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-29 04:56 . 2004-08-12 14:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 05:42 . 2009-01-27 01:22 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 20:41 . 2009-04-03 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-25 16:03 . 2009-04-25 03:58 -------- d-----w- c:\program files\EA Games
2009-04-22 05:20 . 2009-04-22 05:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 05:20 . 2009-04-22 05:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-17 12:26 . 2004-08-12 14:09 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:31 . 2009-04-25 03:57 1099128 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 20:31 . 2009-04-25 03:57 729088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 23:34 . 2009-04-09 02:31 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-04-09 23:34 . 2009-04-09 02:31 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-04-09 23:34 . 2009-04-09 02:31 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-09 23:34 . 2009-04-09 02:31 335872 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-04-09 23:34 . 2009-04-09 02:31 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-04-09 23:34 . 2009-04-09 02:30 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-04-03 17:39 . 2009-04-03 17:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-23_05.39.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 14:03 . 2009-06-23 05:49 67220 c:\windows\system32\perfc009.dat
- 2004-08-12 14:03 . 2009-06-23 05:36 67220 c:\windows\system32\perfc009.dat
+ 2009-06-23 05:41 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 05:41 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 05:41 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 05:41 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
- 2004-08-12 14:03 . 2009-06-23 05:36 430496 c:\windows\system32\perfh009.dat
+ 2004-08-12 14:03 . 2009-06-23 05:49 430496 c:\windows\system32\perfh009.dat
+ 2009-06-23 05:41 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 05:41 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 05:41 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 05:41 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 05:41 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 05:41 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-23 05:41 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 05:41 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"GridinSoft Trojan Killer"="c:\program files\GridinSoft Trojan Killer\trojankiller.exe" [2009-06-21 3757568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-01-27 590848]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-01-27 219136]

c:\documents and settings\Asianpride\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-2-15 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-28 576000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Asianpride\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57858:TCP"= 57858:TCPando Media Booster
"57858:UDP"= 57858:UDPando Media Booster

S2 jsr468ijdfghfjsw3rw3i6tjag80;jsr468ijdfghfjsw3rw3i6tjag80;c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe --> c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\avgfwafu.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 01:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ê0ê0¹0\þ[T›Í_¢0µ0®0ÿ^ÿëm*‹n0qg¬N*0ó0°0À0à0^ÿ]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:42,0c,0d,3a,23,b9,14,d8,2c,13,c1,97,0d,2f,96,ee,2e,05,2d,37,59,
ce,a5,a4,13,ec,a1,e7,9c,4a,d0,6d,6b,df,bf,19,21,c6,82,b8,a6,b4,62,38,70,f8,\
"rkeysecu"=hex:f8,68,ea,dc,d0,0c,c5,41,05,7d,7b,44,cd,f0,00,5b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\avgfwafu.dll

- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-23 1:04
ComboFix-quarantined-files.txt 2009-06-23 06:04
ComboFix2.txt 2009-06-23 05:42

Pre-Run: 12,387,913,728 bytes free
Post-Run: 12,413,706,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

291 --- E O F --- 2009-06-12 08:08

 

[Shaba]

Do you recognize this?

C:\WINDOWS\system32\GameMon.des.exe

 

[asianpride]

I think that it is part of the NProtect GameGuard program for online Games not totally sure

 

[Shaba]

OK, then we can left it alone.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
jsr468ijdfghfjsw3rw3i6tjag80

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Driver::
jsr468ijdfghfjsw3rw3i6tjag80

 

[asianpride]

Log

ComboFix 09-06-22.05 - Asianpride 06/23/2009 1:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.641 [GMT -5:00]
Running from: c:\documents and settings\Asianpride\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asianpride\Desktop\CFScript.txt
AV: AVG 7.5.552 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: AVG Firewall 7.5.500 *enabled* {8DECF618-9569-4340-B34A-D78D28969B66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JSR468IJDFGHFJSW3RW3I6TJAG80
-------\Service_jsr468ijdfghfjsw3rw3i6tjag80


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 05:41 . 2009-06-23 05:41 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 15:56 . 2009-06-22 15:56 -------- d-----w- c:\program files\Trend Micro
2009-06-22 15:55 . 2009-06-22 15:55 -------- d-----w- c:\program files\ERUNT
2009-06-22 13:20 . 2009-06-22 13:22 -------- d-----w- C:\totalcmd
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\UC.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\RAR.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\LHA.PIF
2009-06-22 13:20 . 2008-08-08 12:04 545 ----a-w- c:\windows\ARJ.PIF
2009-06-22 02:57 . 2009-06-22 13:12 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2009-06-22 02:43 . 2009-06-22 02:43 2855 ----a-w- c:\windows\system32\mem.PIF
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\documents and settings\Asianpride\Application Data\TeamViewer
2009-06-21 23:52 . 2009-06-21 23:52 -------- d-----w- c:\program files\TeamViewer
2009-06-21 23:51 . 2009-06-21 23:51 -------- d-----w- c:\documents and settings\Asianpride\temp
2009-06-21 23:46 . 2009-06-21 23:46 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:14 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Help
2009-06-21 14:43 . 2009-06-22 15:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 14:43 . 2009-06-22 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 12:17 . 2009-06-15 12:17 -------- d-----w- c:\documents and settings\Asianpride\Application Data\2K Sports
2009-06-15 11:44 . 2009-06-15 12:01 -------- d-----w- c:\program files\Major League Baseball 2K9
2009-06-15 11:44 . 2009-06-15 11:44 -------- d-----w- c:\windows\Major League Baseball 2K9
2009-06-15 03:04 . 2009-06-15 03:04 -------- d-----w- C:\GamesCampus
2009-06-14 01:23 . 2009-06-14 01:23 390664 ----a-w- c:\documents and settings\Asianpride\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-13 18:03 . 2009-06-13 18:03 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno Receiver
2009-06-13 18:03 . 2009-03-19 15:42 217088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\NPDyyno@dyyno.com\Plugins\npDyyno.dll
2009-06-13 17:21 . 2009-06-13 17:21 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Dyyno
2009-06-13 00:02 . 2009-06-13 00:02 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\World in Conflict
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-09 17:45 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe
2009-06-09 17:44 . 2009-06-09 17:45 -------- d-----w- c:\program files\G-Collections
2009-06-09 17:25 . 2009-06-09 17:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-07 01:53 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-07 01:53 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-07 01:52 . 2009-06-07 01:52 -------- d-----w- c:\program files\iPod
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\program files\iTunes
2009-06-07 01:52 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-07 01:52 . 2009-06-22 16:49 -------- d-----w- c:\program files\Bonjour
2009-06-07 01:51 . 2009-06-07 01:51 -------- d-----w- c:\program files\QuickTime
2009-06-07 01:51 . 2009-06-07 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-07 01:50 . 2009-05-29 18:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-07 01:50 . 2009-05-29 18:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-07 01:49 . 2009-06-07 01:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-07 01:44 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-07 01:44 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-07 01:44 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-07 01:44 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Real
2009-06-02 01:16 . 2009-06-02 01:16 -------- d-----w- c:\program files\Common Files\Real
2009-05-30 17:50 . 2009-05-30 17:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 23:10 . 2009-05-29 23:10 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-29 23:10 . 2009-05-29 23:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-29 06:51 . 2009-06-07 02:09 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Apple Computer
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple
2009-05-29 06:22 . 2009-05-29 06:22 -------- d-----w- c:\program files\Apple Software Update
2009-05-29 06:22 . 2009-06-07 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-29 06:22 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\Asianpride\Local Settings\Application Data\Apple Computer
2009-05-29 01:42 . 2009-05-29 19:33 -------- d-----w- c:\program files\Total Video Converter
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-05-29 01:21 . 2009-05-29 01:21 -------- d-----w- c:\program files\Riva
2009-05-29 00:40 . 2009-05-29 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-29 00:17 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-05-29 00:17 . 2009-05-29 00:17 -------- d-----w- c:\program files\MagicDisc
2009-05-29 00:16 . 2009-06-07 03:52 -------- d-----w- c:\program files\MagicISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 05:29 . 2009-01-27 02:23 -------- d-----w- c:\documents and settings\Asianpride\Application Data\AVG7
2009-06-23 05:25 . 2009-01-27 02:34 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Xfire
2009-06-22 16:50 . 2009-06-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-22 13:12 . 2009-02-15 14:36 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Hamachi
2009-06-21 17:14 . 2009-06-21 16:34 -------- d-----w- c:\program files\Security Task Manager
2009-06-19 00:17 . 2009-01-27 02:34 -------- d-----w- c:\program files\Xfire
2009-06-15 11:44 . 2009-01-27 01:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-13 18:02 . 2009-02-08 02:20 -------- d-----w- c:\program files\Dyyno
2009-06-12 23:31 . 2009-05-05 01:20 -------- d-----w- c:\program files\Playlogic
2009-06-09 17:27 . 2009-01-30 16:42 -------- d-----w- c:\documents and settings\Asianpride\Application Data\DAEMON Tools Lite
2009-06-09 17:25 . 2009-01-30 16:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-09 17:18 . 2009-01-30 16:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-06 12:17 . 2009-04-01 01:28 -------- d-----w- c:\program files\PokerStars
2009-06-04 02:11 . 2009-02-01 13:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 02:10 . 2009-02-01 13:38 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-04 01:40 . 2009-01-27 01:28 74960 ----a-w- c:\documents and settings\Asianpride\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 16:45 . 2009-05-22 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-29 20:15 . 2009-02-04 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-29 20:12 . 2009-02-01 14:17 -------- d-----w- c:\program files\MSBuild
2009-05-29 20:02 . 2009-01-31 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 08:00 . 2009-05-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2009-05-22 04:05 . 2009-05-22 04:05 -------- d-----w- c:\documents and settings\Asianpride\Application Data\Nero
2009-05-17 05:55 . 2009-04-19 20:45 -------- d-----w- c:\program files\Activision
2009-05-13 23:27 . 2009-05-13 23:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-11 22:58 . 2009-05-11 22:58 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-11 22:56 . 2009-01-27 01:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 21:19 . 2009-05-10 21:19 -------- d-----w- c:\program files\Original War
2009-05-07 15:32 . 2004-08-12 13:59 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 01:04 . 2009-01-28 01:52 -------- d-----w- c:\program files\SD EnterNET
2009-05-03 12:37 . 2009-05-03 12:37 -------- d-----w- c:\program files\Virgin Interactive
2009-05-02 04:08 . 2009-04-19 20:55 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-02 04:06 . 2009-04-19 20:56 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-02 04:06 . 2009-04-19 20:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-02 03:29 . 2009-05-02 02:43 -------- d-----w- c:\program files\Qtracker
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2009-01-27 01:25 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2009-01-15 14:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2007-05-21 07:32 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2007-05-21 07:32 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2007-05-21 07:32 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2007-05-21 07:32 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2007-05-21 07:32 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-29 04:56 . 2004-08-12 14:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-12 13:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 05:42 . 2009-01-27 01:22 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 20:41 . 2009-04-03 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-25 16:03 . 2009-04-25 03:58 -------- d-----w- c:\program files\EA Games
2009-04-22 05:20 . 2009-04-22 05:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 05:20 . 2009-04-22 05:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-19 20:56 . 2009-04-19 20:56 22328 ----a-w- c:\documents and settings\Asianpride\Application Data\PnkBstrK.sys
2009-04-17 12:26 . 2004-08-12 14:09 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:31 . 2009-04-25 03:57 1099128 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 20:31 . 2009-04-25 03:57 729088 ----a-w- c:\documents and settings\Asianpride\Application Data\Mozilla\Firefox\Profiles\ugpif661.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 14:51 . 2004-08-12 14:04 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 23:34 . 2009-04-09 02:31 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-04-09 23:34 . 2009-04-09 02:31 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-04-09 23:34 . 2009-04-09 02:31 520192 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-04-09 23:34 . 2009-04-09 02:31 335872 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-04-09 23:34 . 2009-04-09 02:31 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-04-09 23:34 . 2009-04-09 02:30 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-04-03 17:39 . 2009-04-03 17:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-23_05.39.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 06:39 . 2009-06-23 06:39 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
- 2004-08-12 14:03 . 2009-06-23 05:36 67220 c:\windows\system32\perfc009.dat
+ 2004-08-12 14:03 . 2009-06-23 05:49 67220 c:\windows\system32\perfc009.dat
+ 2009-06-23 05:41 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-23 05:41 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-23 05:41 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-23 05:41 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2004-08-12 14:03 . 2009-06-23 05:49 430496 c:\windows\system32\perfh009.dat
- 2004-08-12 14:03 . 2009-06-23 05:36 430496 c:\windows\system32\perfh009.dat
+ 2009-06-23 05:41 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-23 05:41 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-23 05:41 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-23 05:41 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-23 05:41 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-23 05:41 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-23 05:41 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-23 06:39 . 2009-06-23 06:39 237568 c:\windows\ERDNT\AutoBackup\6-23-2009\Users\00000002\UsrClass.dat
+ 2009-06-23 06:39 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\6-23-2009\ERDNT.EXE
+ 2009-06-23 05:41 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-23 05:41 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-23 05:41 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-23 05:41 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-23 06:39 . 2009-06-23 06:39 6848512 c:\windows\ERDNT\AutoBackup\6-23-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"GridinSoft Trojan Killer"="c:\program files\GridinSoft Trojan Killer\trojankiller.exe" [2009-06-21 3757568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-01-27 590848]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-02 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-01-27 219136]

c:\documents and settings\Asianpride\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-2-15 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-28 576000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Asianpride\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57858:TCP"= 57858:TCPando Media Booster
"57858:UDP"= 57858:UDPando Media Booster

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\avgfwafu.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 01:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ê0ê0¹0\þ[T›Í_¢0µ0®0ÿ^ÿëm*‹n0qg¬N*0ó0°0À0à0^ÿ]
"Order"=hex:08,00,00,00,02,00,00,00,16,01,00,00,01,00,00,00,02,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\

[HKEY_USERS\S-1-5-21-1935655697-1482476501-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:42,0c,0d,3a,23,b9,14,d8,2c,13,c1,97,0d,2f,96,ee,2e,05,2d,37,59,
ce,a5,a4,13,ec,a1,e7,9c,4a,d0,6d,6b,df,bf,19,21,c6,82,b8,a6,b4,62,38,70,f8,\
"rkeysecu"=hex:f8,68,ea,dc,d0,0c,c5,41,05,7d,7b,44,cd,f0,00,5b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\avgfwafu.dll

- - - - - - - > 'explorer.exe'(2100)
c:\program files\Xfire\xfire_toucan_37590.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\progra~1\Grisoft\AVG7\avgfwsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Xfire\Xfire.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-23 1:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 06:43
ComboFix2.txt 2009-06-23 06:04
ComboFix3.txt 2009-06-23 05:42

Pre-Run: 12,381,642,752 bytes free
Post-Run: 12,285,300,736 bytes free

315 --- E O F --- 2009-06-12 08:08

 

[Shaba]

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

 

[asianpride]

Sorry it Took soo long Fell Asleep During Scan


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 23, 2009 09:10:40
Records in database: 2382606
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 121687
Threat name: 9
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 04:30:46


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\SecTaskMan\liser.exe.q_Quarantine_A60F000_q Infected: Trojan-Dropper.Win32.Agent.auhz 1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\xwr25361.dll.q_Quarantine_804B002_q Infected: Trojan-Downloader.Win32.Agent.bpmb 1
C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\twktrn.exe Infected: Trojan.Win32.Genome.ijx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACaitbfylllnsnbhhem.dll.vir Infected: Trojan.Win32.TDSS.adzz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfrfolwevpibmnetid.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfxmytyqxfkvisuxdq.dll.vir Infected: Trojan.Win32.TDSS.aegg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACttavhesmegmubfypu.dll.vir Infected: Trojan.Win32.TDSS.aekg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwfwxxqhqbrnbijwmx.dll.vir Infected: Trojan.Win32.TDSS.adzx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwyujacjgoilrxoe.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101597.dll Infected: Packed.Win32.Tdss.m 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101598.dll Infected: Packed.Win32.Tdss.m 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101599.dll Infected: Trojan.Win32.TDSS.adzx 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101600.dll Infected: Trojan.Win32.TDSS.adzz 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101601.dll Infected: Trojan.Win32.TDSS.aekg 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101602.dll Infected: Trojan.Win32.TDSS.aegg 1
C:\System Volume Information\_restore{FA560322-E3FD-4DC8-90F5-760D5E98115E}\RP225\A0101604.dll Infected: Packed.Win32.Tdss.m 1
D:\Program Files\BitLord\Downloads\Three Thrixxx Games[3DSexVilla.HentaII 3D.VirtuallyJenny]\HentaII 3D.rar Infected: Trojan.Win32.Agent.btqm 1

The selected area was scanned.



HiJack This Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:05 AM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [GridinSoft Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Screenshot Utility.lnk = C:\Program Files\Screenshot Utility\ScreenshotUtility.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8225 bytes

 

[Shaba]

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\twktrn.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

 

[asianpride]

VirusTotal Results


File a1ae5429003793248c16061b116520008b9fa679.exe received on 2009.06.22 17:00:35 (UTC)
Current status: finished
Result: 22/41 (53.66%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.22 Trojan.Win32.Genome!IK
AhnLab-V3 5.0.0.2 2009.06.22 Win-Trojan/Xema.variant
AntiVir 7.9.0.193 2009.06.22 TR/Generic.60079
Antiy-AVL 2.0.3.1 2009.06.22 Trojan/Win32.Genome.gen
Authentium 5.1.2.4 2009.06.22 -
Avast 4.8.1335.0 2009.06.21 -
AVG 8.5.0.339 2009.06.22 -
BitDefender 7.2 2009.06.22 Trojan.Generic.60079
CAT-QuickHeal 10.00 2009.06.22 Trojan.Agent.ATV
ClamAV 0.94.1 2009.06.22 -
Comodo 1391 2009.06.22 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.22 -
eSafe 7.0.17.0 2009.06.22 Win32.TrojanHorse
eTrust-Vet 31.6.6573 2009.06.22 -
F-Prot 4.4.4.56 2009.06.22 -
F-Secure 8.0.14470.0 2009.06.22 Trojan.Win32.Genome.ijx
Fortinet 3.117.0.0 2009.06.22 -
GData 19 2009.06.22 Trojan.Generic.60079
Ikarus T3.1.1.59.0 2009.06.22 Trojan.Win32.Genome
Jiangmin 11.0.706 2009.06.22 -
K7AntiVirus 7.10.768 2009.06.19 Trojan.Win32.Agent
Kaspersky 7.0.0.125 2009.06.22 Trojan.Win32.Genome.ijx
McAfee 5654 2009.06.22 -
McAfee+Artemis 5654 2009.06.22 -
McAfee-GW-Edition 6.7.6 2009.06.22 Trojan.Generic.60079
Microsoft 1.4803 2009.06.22 -
NOD32 4178 2009.06.22 probably a variant of Win32/Agent
Norman 2009.06.22 W32/Malware.AESN
nProtect 2009.1.8.0 2009.06.22 Trojan/W32.Genome.429056
Panda 10.0.0.16 2009.06.22 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.22 Medium Risk Malware
Rising 21.35.04.00 2009.06.22 -
Sophos 4.42.0 2009.06.22 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.21 -
Symantec 1.4.4.12 2009.06.22 Trojan Horse
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.22 -
VBA32 3.12.10.7 2009.06.22 Trojan.Win32.Genome.ijx
ViRobot 2009.6.22.1798 2009.06.22 Spyware.Genome.429056
VirusBuster 4.6.5.0 2009.06.22 -
Additional information
File size: 429056 bytes
MD5 : 59495520c6236a722c6df6395a23b34e
SHA1 : b6d980cd91ef5ad84a3a63e793f4b32c00f5dc25
SHA256: aa2bc8f3b1dc5eec86d3b5e24977b83a8af468b4d676b64b9b8c2da69af16eca
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6A000
timedatestamp.....: 0x45B2308D (Sat Jan 20 16:09:01 2007)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x396 0x400 4.61 3cd50f6438e53fc2467b1bc0d1c150a5
.rdata 0x2000 0x28C 0x400 3.08 dff65ed2f8184359d37160f404c8de50
.data 0x3000 0x17C 0x200 3.32 995ff6a7be088f2564d1d3b8d4375889
.rsrc 0x4000 0x45FB0 0x46000 2.96 efd04de75d6ed409fdb25657918c1370
pebundle 0x4A000 0x20000 0x1FE00 6.11 cd2584a5733a81e998a8398164f19576
pebundle 0x6A000 0x2000 0x2000 3.65 c38089f45f97859fe4b2c44d8e3e32f9

( 1 imports )

> kernel32.dll: CloseHandle, CreateDirectoryA, CreateFileA, DeleteFileA, ExitProcess, FreeLibrary, GetCommandLineA, GetFileTime, GetModuleHandleA, GetProcAddress, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, LoadLibraryA, lstrcatA, lstrcmpiA, RemoveDirectoryA, SetFileTime, VirtualAlloc, VirtualFree, WriteFile

( 0 exports )
TrID : File type identification
42.3% (.EXE) Win32 Executable Generic (8527/13/3)
37.6% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
9.9% (.EXE) Generic Win/DOS Executable (2002/3)
9.9% (.EXE) DOS Executable Generic (2000/1)
0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)
ssdeep: 3072:czMYAKCTf6UqcP51llkNdgGPCK0LWahmXP5apiWsgB9PLB0LWuhm:czMYmvPTlloqiPR+dK
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=A1AE5429003793248C16061B116520008B9FA679
PEiD : PEBundle v2.44
packers (F-Prot): embedded, PEBundle
RDS : NSRL Reference Data Set

 

[Shaba]

Do you recognize that file?

 

[asianpride]

yea its a trainer for a game i had installed before i probably forgot to delete it

 

[Shaba]

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Folder::
  D:\Program Files\BitLord

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

[asianpride]

Uhh i can't fit the Log onto here because it exeeds the limits so how should i show u it

 

[Shaba]

Then you can split it into multiple replies