Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Troj/Rustok-N May I have some help removing it?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 8th, 2009, 8:17 pm

Note: It did take me a while to get hijackthis to run, I'm almost sure that this trojan was/ and still is, blocking all antivirus programs from running, as well as any anti spyware programs from running. The only way I can run something like them is by renaming the EXE. Also in order to visit any link, I have to copy and paste it in my browser. If I click any link, anywhere, I am redirected to a "fake" product.
EDIT: One more important note, it will not allow me to update comodo (which is my antivirus/spyware and firewall) and some addresses I can't even access. (Like download pages for antivirus/spyware software.)

hijackthis logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:27 PM, on 6/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\hiphatthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D28E4DE-757A-4762-B05D-516EDB684C84}: NameServer = 85.255.112.87,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.87,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D28E4DE-757A-4762-B05D-516EDB684C84}: NameServer = 85.255.112.87,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.87,85.255.112.195
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 6445 bytes
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm
Advertisement
Register to Remove

Re: Troj/Rustok-N May I have some help removing it?

Unread postby Shaba » June 11th, 2009, 2:54 am

Hi rattrap1337

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download site available here.
  1. Make sure you are connected to the Internet.
  2. Double-click on Download_mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Quick Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
  4. The first one, "log.txt", will be maximized
  5. The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Post:

- mbam log
- rsit logs (taken after mbam run)

Note: If you can't run mbam, rename executable and it should run
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 11th, 2009, 9:52 am

All four download links were blocked for me.



Image
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby Shaba » June 11th, 2009, 10:19 am

If they are, you can try to access them via webproxy.

Myproxy.ca is one of them. Enter those addresses manually there and you should be able to download them.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 11th, 2009, 5:57 pm

Malwarebyes' log:

Malwarebytes' Anti-Malware 1.37
Database version: 2202
Windows 6.0.6001 Service Pack 1

6/11/2009 4:53:08 PM
mbam-log-2009-06-11 (16-53-08).txt

Scan type: Quick Scan
Objects scanned: 70861
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0d28e4de-757a-4762-b05d-516edb684c84}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0d28e4de-757a-4762-b05d-516edb684c84}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0d28e4de-757a-4762-b05d-516edb684c84}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.87,85.255.112.195 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 11th, 2009, 6:18 pm

RSIT Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by kd at 2009-06-11 17:10:48
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 115 GB (49%) free of 234 GB
Total RAM: 1021 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:47 PM, on 6/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Users\kd\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kd.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\System32\cssdll32.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 6243 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-08-13 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-08-13 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-08-13 262144]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-08-13 278264]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-05-27 1794320]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-05-27 1794320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fraps"=C:\FRAPS\FRAPS.EXE [2006-12-21 2842624]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"PlayNC Launcher"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-27 17:22:15 ----A---- C:\Windows\z423s5arse596.dll
2009-12-26 22:08:40 ----A---- C:\Windows\system32\2z19st5al1203.exe
2009-12-25 10:32:48 ----A---- C:\Windows\system32\93eestza55.dll
2009-12-23 04:42:10 ----A---- C:\Windows\system32\745zt5oj459.dll
2009-12-23 01:03:03 ----A---- C:\Windows\system32\5z2thre5t29289.dll
2009-12-19 09:08:19 ----A---- C:\Windows\system32\1e04dow9loader510z.dll
2009-12-16 10:18:19 ----A---- C:\Windows\526599rzj35d.dll
2009-12-11 14:09:10 ----A---- C:\Windows\2c9bthrza590964.dll
2009-12-05 12:14:28 ----A---- C:\Windows\245z3spy496.exe
2009-12-04 15:16:28 ----A---- C:\Windows\18149vir5s59z.exe
2009-11-30 21:05:55 ----A---- C:\Windows\501zthief15149.exe
2009-11-28 11:03:13 ----A---- C:\Windows\system32\959zdownloader3026.dll
2009-11-27 15:22:34 ----A---- C:\Windows\system32\5139ste5z419.dll
2009-11-25 17:43:39 ----A---- C:\Windows\system32\45575ac9tool29z.dll
2009-11-20 12:17:31 ----A---- C:\Windows\6299z9rm153.exe
2009-11-16 23:11:05 ----A---- C:\Windows\system32\9z886not-a-virus57a5.exe
2009-11-09 06:12:31 ----A---- C:\Windows\2zcf9tea51429.dll
2009-11-08 15:54:29 ----A---- C:\Windows\46a5spyzare3149.exe
2009-11-04 20:21:14 ----A---- C:\Windows\system32\86559r5j35z.exe
2009-11-04 08:25:29 ----A---- C:\Windows\52401troj3zf9.dll
2009-11-02 11:25:10 ----A---- C:\Windows\system32\3229hacktz5l28b.exe
2009-11-02 01:45:07 ----A---- C:\Windows\2370nzt-a9vir5s396.exe
2009-11-01 03:15:16 ----A---- C:\Windows\system32\6425thrz5t6898.exe
2009-10-24 19:46:03 ----A---- C:\Windows\system32\6ze5hreat93983.exe
2009-10-23 17:45:17 ----A---- C:\Windows\system32\17z5sp5rse2974.dll
2009-10-22 19:44:38 ----A---- C:\Windows\system32\5d8spzware15869.dll
2009-10-19 02:21:11 ----A---- C:\Windows\system32\z3267virus559.exe
2009-10-17 23:20:37 ----A---- C:\Windows\21450notza-vir9s33a.dll
2009-10-16 18:07:19 ----A---- C:\Windows\system32\6902stezl3915.exe
2009-10-16 01:53:45 ----A---- C:\Windows\7f5dzh9eat26368.dll
2009-10-14 07:03:27 ----A---- C:\Windows\system32\91ezspywar52755.exe
2009-10-08 18:17:53 ----A---- C:\Windows\19049spambzt795.dll
2009-10-04 00:08:41 ----A---- C:\Windows\system32\5b45spzw59e2237.exe
2009-10-03 20:20:50 ----A---- C:\Windows\system32\3z99add5are720.exe
2009-09-28 17:54:54 ----A---- C:\Windows\system32\31515hie9z952.dll
2009-09-26 05:57:32 ----A---- C:\Windows\1787not59-virzs7f9.dll
2009-09-25 12:27:12 ----A---- C:\Windows\3z488not-a-5irus34b9.dll
2009-09-20 16:17:59 ----A---- C:\Windows\system32\25723s9azbot1275.exe
2009-09-19 11:30:29 ----A---- C:\Windows\28b3zparse569.dll
2009-09-17 03:00:22 ----A---- C:\Windows\system32\27930wo5mz6a.dll
2009-09-15 03:43:27 ----A---- C:\Windows\system32\9276troj59z.dll
2009-09-14 20:48:50 ----A---- C:\Windows\2a09th5zf1950.exe
2009-09-12 04:44:12 ----A---- C:\Windows\15z9hief1473.exe
2009-09-04 04:55:58 ----A---- C:\Windows\58e9stezl1363.exe
2009-09-02 10:59:59 ----A---- C:\Windows\system32\c1c5hzef1299.exe
2009-08-23 18:30:29 ----A---- C:\Windows\system32\20990troj9z5.exe
2009-08-23 13:08:20 ----A---- C:\Windows\system32\57159iz1808.exe
2009-08-23 05:04:42 ----A---- C:\Windows\5662downloaze92032.dll
2009-08-22 11:03:03 ----A---- C:\Windows\4d89addwar95298z.dll
2009-08-17 10:06:06 ----A---- C:\Windows\19935wzrm2f5.exe
2009-08-13 15:09:09 ----A---- C:\Windows\system32\22985zywa9e862.dll
2009-08-11 22:21:39 ----A---- C:\Windows\198605rzj7a1.dll
2009-08-11 12:01:27 ----A---- C:\Windows\system32\5798nz5-a-virus157.exe
2009-08-07 07:32:40 ----A---- C:\Windows\26179hacktz9l15a.exe
2009-08-07 06:36:57 ----A---- C:\Windows\21f5download9r8z8.dll
2009-08-07 02:02:57 ----A---- C:\Windows\system32\9z51vir2055.dll
2009-08-06 23:23:03 ----A---- C:\Windows\system32\z79s5e9l2657.exe
2009-08-05 07:11:49 ----A---- C:\Windows\5a07zir20579.dll
2009-08-04 19:52:40 ----A---- C:\Windows\system32\175zsparse9125.dll
2009-08-04 04:19:32 ----A---- C:\Windows\system32\8255sp559dz.exe
2009-08-03 10:54:01 ----A---- C:\Windows\system32\4a8dbz9kdoor14955.dll
2009-08-03 08:23:56 ----A---- C:\Windows\system32\25600hackzool3b79.dll
2009-07-28 11:38:51 ----A---- C:\Windows\system32\52z53vi9us700.exe
2009-07-25 10:11:16 ----A---- C:\Windows\system32\5158ziru941a.dll
2009-07-24 08:47:47 ----A---- C:\Windows\365daddwz9e857.dll
2009-07-19 07:52:59 ----A---- C:\Windows\system32\145195py70z.exe
2009-07-17 03:42:08 ----A---- C:\Windows\4df5z5eal9066.exe
2009-07-15 15:07:40 ----A---- C:\Windows\a8bvir99z5.dll
2009-07-15 13:53:39 ----A---- C:\Windows\system32\20054w5zm359.dll
2009-07-15 04:09:59 ----A---- C:\Windows\system32\eedzteal9185.dll
2009-07-12 08:51:20 ----A---- C:\Windows\system32\5145th5ez926.exe
2009-07-07 11:46:21 ----A---- C:\Windows\system32\10f3stzal18195.dll
2009-07-06 06:51:44 ----A---- C:\Windows\2z71959rm568.dll
2009-07-01 18:17:38 ----A---- C:\Windows\system32\542zn9t-a-virus7555.dll
2009-07-01 02:19:50 ----A---- C:\Windows\z56spyw9re591.dll
2009-06-23 07:59:24 ----A---- C:\Windows\16155hacktzol6b69.dll
2009-06-23 01:27:10 ----A---- C:\Windows\8771hacktzo962d5.exe
2009-06-22 18:12:12 ----A---- C:\Windows\system32\2eccspar952z43.exe
2009-06-22 04:44:42 ----A---- C:\Windows\432zaddwa5e952.dll
2009-06-19 13:37:40 ----A---- C:\Windows\579steal9z9.exe
2009-06-17 16:35:30 ----A---- C:\Windows\939z7tro590.dll
2009-06-17 08:39:51 ----A---- C:\Windows\system32\52509rojzd1.dll
2009-06-15 11:02:25 ----A---- C:\Windows\system32\a69threa925666z.exe
2009-06-12 13:42:51 ----A---- C:\Windows\system32\98810zr5j737.dll
2009-06-12 03:22:01 ----A---- C:\Windows\3235zviru59fb.exe
2009-06-11 17:03:41 ----D---- C:\rsit
2009-06-11 16:30:32 ----D---- C:\Users\kd\AppData\Roaming\Malwarebytes
2009-06-11 16:27:29 ----D---- C:\ProgramData\Malwarebytes
2009-06-11 16:27:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-10 19:02:41 ----A---- C:\Windows\system32\CF20656.exe
2009-06-10 19:02:39 ----A---- C:\Windows\system32\swsc.exe
2009-06-10 19:00:56 ----A---- C:\Bug.txt
2009-06-10 19:00:54 ----A---- C:\Windows\system32\cmd.execf
2009-06-10 19:00:42 ----D---- C:\32788R22FWJFW
2009-06-10 17:10:39 ----D---- C:\Windows\ERDNT
2009-06-10 17:10:37 ----SD---- C:\bombifax
2009-06-10 17:09:30 ----D---- C:\Qoobox
2009-06-08 23:04:34 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-08 19:04:27 ----D---- C:\Program Files\Trend Micro
2009-06-08 18:56:52 ----D---- C:\32788R22FWJFW.2.tmp
2009-06-08 18:50:16 ----D---- C:\32788R22FWJFW.1.tmp
2009-06-08 18:49:35 ----D---- C:\32788R22FWJFW.0.tmp
2009-06-08 17:42:32 ----D---- C:\vcs5BGEffects
2009-06-08 14:41:34 ----A---- C:\Windows\ntbtlog.txt
2009-06-08 10:16:58 ----A---- C:\Windows\106125pz9fb.exe
2009-06-08 03:12:27 ----A---- C:\Windows\system32\2a5fdownloade91918z.exe
2009-06-08 03:12:27 ----A---- C:\Windows\system32\2553addware5z79.exe
2009-06-08 03:12:27 ----A---- C:\Windows\9565tro960z.exe
2009-06-08 03:12:27 ----A---- C:\Windows\9445troj999z.dll
2009-06-08 03:12:27 ----A---- C:\Windows\51983hackzool1c49.dll
2009-06-08 03:12:27 ----A---- C:\Windows\268085ot-z-virus15a9.dll
2009-06-08 03:12:26 ----A---- C:\Windows\system32\51z35not-a9virus57f.exe
2009-06-08 03:12:26 ----A---- C:\Windows\system32\3z447not-a-5i9us5.exe
2009-06-08 03:12:26 ----A---- C:\Windows\794z5ot-a-virus2e3.dll
2009-06-08 03:12:26 ----A---- C:\Windows\6799spyz57.exe
2009-06-08 03:12:25 ----A---- C:\Windows\3dd5addza9e2684.exe
2009-06-08 03:12:25 ----A---- C:\Windows\24449virz55cc.dll
2009-06-08 03:12:24 ----A---- C:\Windows\zb62back59or787.dll
2009-06-08 03:12:24 ----A---- C:\Windows\system32\16091ha9ktoz5441.exe
2009-06-08 03:12:24 ----A---- C:\Windows\95z6steal570.exe
2009-06-08 03:12:23 ----A---- C:\Windows\z326ha5ktoo97ff.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\z8555troj23b9.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\7710sp5mbotz90.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\74dazir25989.exe
2009-06-08 03:12:23 ----A---- C:\Windows\system32\5949not-a-virus4z6.exe
2009-06-08 03:12:23 ----A---- C:\Windows\bdcthrea9z5556.dll
2009-06-08 03:12:23 ----A---- C:\Windows\9c53tzreat7737.exe
2009-06-08 03:12:23 ----A---- C:\Windows\91304notza5virus747.exe
2009-06-08 03:12:23 ----A---- C:\Windows\8555w9rmz.exe
2009-06-08 03:12:23 ----A---- C:\Windows\8201zackto9l6715.exe
2009-06-08 03:12:23 ----A---- C:\Windows\77b6threat9550z.dll
2009-06-08 03:12:23 ----A---- C:\Windows\6ae4dow9loadez25625.dll
2009-06-08 03:12:23 ----A---- C:\Windows\5939szarse1704.exe
2009-06-08 03:12:23 ----A---- C:\Windows\2efdspzwa9e655.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\z214t5i9f665.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\92a5baczdoor481.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\7b5zspyw5re9157.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\6589tzief112.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\57z4spar5e1129.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\2563zwo9m3ba5.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\17950hac9toolz9.exe
2009-06-08 03:12:22 ----A---- C:\Windows\9zaathi5f280.dll
2009-06-08 03:12:22 ----A---- C:\Windows\7525th9ef1205z.dll
2009-06-08 03:12:22 ----A---- C:\Windows\5d7dthrea5829z.dll
2009-06-08 03:12:22 ----A---- C:\Windows\3115395amzotba.dll
2009-06-08 03:12:22 ----A---- C:\Windows\28145hacktz9l52.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\e59spywarz491.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\5z89wo9m6c.exe
2009-06-08 03:12:20 ----A---- C:\Windows\system32\5f30zir495.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\2989virz2485.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\175z2w9rm513.dll
2009-06-08 03:12:20 ----A---- C:\Windows\6b5thzef1993.dll
2009-06-07 15:38:04 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-06-04 23:31:46 ----D---- C:\AV_LOGS
2009-06-04 09:47:05 ----D---- C:\Program Files\NCSoft
2009-06-04 09:45:30 ----D---- C:\Users\kd\AppData\Roaming\GetRightToGo
2009-06-03 16:06:16 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-03 09:51:37 ----A---- C:\Windows\system32\5z9avir1696.dll
2009-05-28 16:46:41 ----A---- C:\Windows\66z89hreat7975.dll
2009-05-25 23:26:48 ----A---- C:\Windows\3915stea99z95.exe
2009-05-24 16:20:38 ----A---- C:\Windows\7980addw5rz1465.dll
2009-05-24 09:55:55 ----A---- C:\Windows\2255znot-a9vir5s766.exe
2009-05-21 16:37:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-05-21 15:37:54 ----D---- C:\Program Files\CCP
2009-05-20 08:12:05 ----D---- C:\ProgramData\CCP
2009-05-19 16:26:30 ----A---- C:\Windows\system32\158zad9ware1655.dll
2009-05-17 11:43:23 ----A---- C:\Windows\z054spyware3296.dll
2009-05-15 17:44:04 ----SHD---- C:\found.000
2009-05-14 22:55:24 ----D---- C:\GamersFirst

======List of files/folders modified in the last 1 months======

2009-06-11 17:11:29 ----D---- C:\Windows\Prefetch
2009-06-11 17:10:54 ----D---- C:\Windows\Temp
2009-06-11 17:09:46 ----D---- C:\Windows\system32\inetsrv
2009-06-11 17:07:26 ----AD---- C:\ProgramData\TEMP
2009-06-11 17:07:03 ----D---- C:\Windows\Minidump
2009-06-11 17:06:54 ----D---- C:\Windows
2009-06-11 17:02:24 ----D---- C:\Program Files\Mozilla Firefox
2009-06-11 16:58:15 ----D---- C:\Windows\system32\drivers
2009-06-11 16:58:15 ----D---- C:\Windows\System32
2009-06-11 16:53:08 ----D---- C:\Windows\Tasks
2009-06-11 16:27:29 ----HD---- C:\ProgramData
2009-06-11 16:27:28 ----RD---- C:\Program Files
2009-06-10 19:02:41 ----D---- C:\Windows\system32\en-US
2009-06-10 18:15:17 ----D---- C:\Windows\system32\catroot
2009-06-10 18:15:16 ----D---- C:\Windows\inf
2009-06-10 17:15:34 ----SHD---- C:\System Volume Information
2009-06-10 17:06:11 ----SHD---- C:\Windows\Installer
2009-06-10 17:05:51 ----SD---- C:\Users\kd\AppData\Roaming\Microsoft
2009-06-09 23:42:37 ----D---- C:\Windows\system32\WDI
2009-06-09 00:00:38 ----SD---- C:\Windows\system32\Microsoft
2009-06-08 23:04:36 ----SD---- C:\Windows\Downloaded Program Files
2009-06-07 15:22:51 ----D---- C:\Windows\system32\Tasks
2009-06-07 01:59:23 ----D---- C:\Fraps
2009-06-04 09:47:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-04 03:02:22 ----D---- C:\Windows\winsxs
2009-06-03 16:07:26 ----D---- C:\Program Files\DivX
2009-06-03 16:06:16 ----D---- C:\Program Files\Common Files
2009-06-03 04:55:19 ----D---- C:\Windows\system32\catroot2
2009-05-28 19:41:40 ----D---- C:\Windows\system32\Adobe
2009-05-27 08:04:19 ----A---- C:\Windows\system32\guard32.dll
2009-05-14 21:28:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-13 03:01:31 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-05-27 130080]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-05-27 28704]
R1 Inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-05-27 68640]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-09 3544064]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 catchme;catchme; \??\C:\Users\kd\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2005-11-17 245376]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-09 667648]
R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2008-01-18 11264]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-05-27 692496]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-18 13824]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-22 185640]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 11th, 2009, 6:19 pm

RSIT info.txt : (It seems to end abruptly at the end, is that normal?)
info.txt logfile of random's system information tool 1.06 2009-06-11 17:04:08

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\2.bin\AskSBar.dll,O
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
BioShock Demo-->C:\Program Files\InstallShield Installation Information\{36BBA884-C697-48B6-B496-5F329215E249}\setup.exe -runfromtemp -l0x0009 -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVE Online (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google SketchUp Pro 7-->MsiExec.exe /I{E1C256F5-58C6-44E9-939A-E1189C8126E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Uninstall KnightOnline-->"C:\GamersFirst\KnightOnline\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.6.7-->"c:\xampp\uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: COMODO Antivirus (outdated)
FW: COMODO Firewall
AS: COMODO Defense+
AS: Windows Defender

======System event log======

Computer Name: KD
Event Code: 412
Message: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.
Record Number: 89774
Source Name: Microsoft-Windows-TaskScheduler
Time Written: 20090611215839.107191-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 1004
Message: The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.
Record Number: 89776
Source Name: Microsoft-Windows-IIS-W3SVC
Time Written: 20090611215857.000000-000
Event Type: Error
User:

Computer Name: KD
Event Code: 15005
Message: Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
Record Number: 89777
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090611215857.566791-000
Event Type: Error
User:

Computer Name: KD
Event Code: 7023
Message: The Secure Socket Tunneling Protocol Service service terminated with the following error:
The RPC server is unavailable.
Record Number: 89784
Source Name: Service Control Manager
Time Written: 20090611220009.000000-000
Event Type: Error
User:

Computer Name: KD
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:
The RPC server is unavailable.
Record Number: 89785
Source Name: Service Control Manager
Time Written: 20090611220009.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: KD
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-687904369-1910372425-1874226365-1000:
Process 1124 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-687904369-1910372425-1874226365-1000

Record Number: 23684
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090610231537.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. Th
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 11th, 2009, 6:29 pm

It seems to be gone, my brand new comodo updated itself, the video site that I was on says it is no longer there, and I can install other antivirus programs. Thank you very much.

EDIT: nvm, link redirecting is still there :/
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby Shaba » June 11th, 2009, 11:54 pm

Yes we are not done.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Pando Media Booster


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder

Please run a new rsit scan when finished and post logs back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 12th, 2009, 2:04 am

I think comodo removed what was redirecting me.. I seem to have no problems as of now. I didn't realize that there was still anything from pando on the computer and didn't realize it was peer to peer. :? Anyway, here are the logs you asked for:

log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by kd at 2009-06-12 00:56:37
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 114 GB (49%) free of 234 GB
Total RAM: 1021 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:41 AM, on 6/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kd\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\System32\cssdll32.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 6163 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-08-13 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-08-13 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL [2008-08-13 262144]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-08-13 278264]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-05-27 1794320]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
"COMODO Internet Security"=C:\Program Files\COMODO\Firewall\cfp.exe [2009-05-27 1794320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fraps"=C:\FRAPS\FRAPS.EXE [2006-12-21 2842624]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"PlayNC Launcher"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-27 17:22:15 ----A---- C:\Windows\z423s5arse596.dll
2009-12-26 22:08:40 ----A---- C:\Windows\system32\2z19st5al1203.exe
2009-12-25 10:32:48 ----A---- C:\Windows\system32\93eestza55.dll
2009-12-23 04:42:10 ----A---- C:\Windows\system32\745zt5oj459.dll
2009-12-23 01:03:03 ----A---- C:\Windows\system32\5z2thre5t29289.dll
2009-12-19 09:08:19 ----A---- C:\Windows\system32\1e04dow9loader510z.dll
2009-12-16 10:18:19 ----A---- C:\Windows\526599rzj35d.dll
2009-12-11 14:09:10 ----A---- C:\Windows\2c9bthrza590964.dll
2009-12-05 12:14:28 ----A---- C:\Windows\245z3spy496.exe
2009-12-04 15:16:28 ----A---- C:\Windows\18149vir5s59z.exe
2009-11-30 21:05:55 ----A---- C:\Windows\501zthief15149.exe
2009-11-28 11:03:13 ----A---- C:\Windows\system32\959zdownloader3026.dll
2009-11-27 15:22:34 ----A---- C:\Windows\system32\5139ste5z419.dll
2009-11-25 17:43:39 ----A---- C:\Windows\system32\45575ac9tool29z.dll
2009-11-20 12:17:31 ----A---- C:\Windows\6299z9rm153.exe
2009-11-16 23:11:05 ----A---- C:\Windows\system32\9z886not-a-virus57a5.exe
2009-11-09 06:12:31 ----A---- C:\Windows\2zcf9tea51429.dll
2009-11-08 15:54:29 ----A---- C:\Windows\46a5spyzare3149.exe
2009-11-04 20:21:14 ----A---- C:\Windows\system32\86559r5j35z.exe
2009-11-04 08:25:29 ----A---- C:\Windows\52401troj3zf9.dll
2009-11-02 11:25:10 ----A---- C:\Windows\system32\3229hacktz5l28b.exe
2009-11-02 01:45:07 ----A---- C:\Windows\2370nzt-a9vir5s396.exe
2009-11-01 03:15:16 ----A---- C:\Windows\system32\6425thrz5t6898.exe
2009-10-24 19:46:03 ----A---- C:\Windows\system32\6ze5hreat93983.exe
2009-10-23 17:45:17 ----A---- C:\Windows\system32\17z5sp5rse2974.dll
2009-10-22 19:44:38 ----A---- C:\Windows\system32\5d8spzware15869.dll
2009-10-19 02:21:11 ----A---- C:\Windows\system32\z3267virus559.exe
2009-10-17 23:20:37 ----A---- C:\Windows\21450notza-vir9s33a.dll
2009-10-16 18:07:19 ----A---- C:\Windows\system32\6902stezl3915.exe
2009-10-16 01:53:45 ----A---- C:\Windows\7f5dzh9eat26368.dll
2009-10-14 07:03:27 ----A---- C:\Windows\system32\91ezspywar52755.exe
2009-10-08 18:17:53 ----A---- C:\Windows\19049spambzt795.dll
2009-10-04 00:08:41 ----A---- C:\Windows\system32\5b45spzw59e2237.exe
2009-10-03 20:20:50 ----A---- C:\Windows\system32\3z99add5are720.exe
2009-09-28 17:54:54 ----A---- C:\Windows\system32\31515hie9z952.dll
2009-09-26 05:57:32 ----A---- C:\Windows\1787not59-virzs7f9.dll
2009-09-25 12:27:12 ----A---- C:\Windows\3z488not-a-5irus34b9.dll
2009-09-20 16:17:59 ----A---- C:\Windows\system32\25723s9azbot1275.exe
2009-09-19 11:30:29 ----A---- C:\Windows\28b3zparse569.dll
2009-09-17 03:00:22 ----A---- C:\Windows\system32\27930wo5mz6a.dll
2009-09-15 03:43:27 ----A---- C:\Windows\system32\9276troj59z.dll
2009-09-14 20:48:50 ----A---- C:\Windows\2a09th5zf1950.exe
2009-09-12 04:44:12 ----A---- C:\Windows\15z9hief1473.exe
2009-09-04 04:55:58 ----A---- C:\Windows\58e9stezl1363.exe
2009-09-02 10:59:59 ----A---- C:\Windows\system32\c1c5hzef1299.exe
2009-08-23 18:30:29 ----A---- C:\Windows\system32\20990troj9z5.exe
2009-08-23 13:08:20 ----A---- C:\Windows\system32\57159iz1808.exe
2009-08-23 05:04:42 ----A---- C:\Windows\5662downloaze92032.dll
2009-08-22 11:03:03 ----A---- C:\Windows\4d89addwar95298z.dll
2009-08-17 10:06:06 ----A---- C:\Windows\19935wzrm2f5.exe
2009-08-13 15:09:09 ----A---- C:\Windows\system32\22985zywa9e862.dll
2009-08-11 22:21:39 ----A---- C:\Windows\198605rzj7a1.dll
2009-08-11 12:01:27 ----A---- C:\Windows\system32\5798nz5-a-virus157.exe
2009-08-07 07:32:40 ----A---- C:\Windows\26179hacktz9l15a.exe
2009-08-07 06:36:57 ----A---- C:\Windows\21f5download9r8z8.dll
2009-08-07 02:02:57 ----A---- C:\Windows\system32\9z51vir2055.dll
2009-08-06 23:23:03 ----A---- C:\Windows\system32\z79s5e9l2657.exe
2009-08-05 07:11:49 ----A---- C:\Windows\5a07zir20579.dll
2009-08-04 19:52:40 ----A---- C:\Windows\system32\175zsparse9125.dll
2009-08-04 04:19:32 ----A---- C:\Windows\system32\8255sp559dz.exe
2009-08-03 10:54:01 ----A---- C:\Windows\system32\4a8dbz9kdoor14955.dll
2009-08-03 08:23:56 ----A---- C:\Windows\system32\25600hackzool3b79.dll
2009-07-28 11:38:51 ----A---- C:\Windows\system32\52z53vi9us700.exe
2009-07-25 10:11:16 ----A---- C:\Windows\system32\5158ziru941a.dll
2009-07-24 08:47:47 ----A---- C:\Windows\365daddwz9e857.dll
2009-07-19 07:52:59 ----A---- C:\Windows\system32\145195py70z.exe
2009-07-17 03:42:08 ----A---- C:\Windows\4df5z5eal9066.exe
2009-07-15 15:07:40 ----A---- C:\Windows\a8bvir99z5.dll
2009-07-15 13:53:39 ----A---- C:\Windows\system32\20054w5zm359.dll
2009-07-15 04:09:59 ----A---- C:\Windows\system32\eedzteal9185.dll
2009-07-12 08:51:20 ----A---- C:\Windows\system32\5145th5ez926.exe
2009-07-07 11:46:21 ----A---- C:\Windows\system32\10f3stzal18195.dll
2009-07-06 06:51:44 ----A---- C:\Windows\2z71959rm568.dll
2009-07-01 18:17:38 ----A---- C:\Windows\system32\542zn9t-a-virus7555.dll
2009-07-01 02:19:50 ----A---- C:\Windows\z56spyw9re591.dll
2009-06-23 07:59:24 ----A---- C:\Windows\16155hacktzol6b69.dll
2009-06-23 01:27:10 ----A---- C:\Windows\8771hacktzo962d5.exe
2009-06-22 18:12:12 ----A---- C:\Windows\system32\2eccspar952z43.exe
2009-06-22 04:44:42 ----A---- C:\Windows\432zaddwa5e952.dll
2009-06-19 13:37:40 ----A---- C:\Windows\579steal9z9.exe
2009-06-17 16:35:30 ----A---- C:\Windows\939z7tro590.dll
2009-06-17 08:39:51 ----A---- C:\Windows\system32\52509rojzd1.dll
2009-06-15 11:02:25 ----A---- C:\Windows\system32\a69threa925666z.exe
2009-06-12 13:42:51 ----A---- C:\Windows\system32\98810zr5j737.dll
2009-06-12 03:22:01 ----A---- C:\Windows\3235zviru59fb.exe
2009-06-11 18:58:38 ----A---- C:\Windows\cfplogvw.INI
2009-06-11 17:03:41 ----D---- C:\rsit
2009-06-11 16:30:32 ----D---- C:\Users\kd\AppData\Roaming\Malwarebytes
2009-06-11 16:27:29 ----D---- C:\ProgramData\Malwarebytes
2009-06-11 16:27:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-10 19:02:41 ----A---- C:\Windows\system32\CF20656.exe
2009-06-10 19:02:39 ----A---- C:\Windows\system32\swsc.exe
2009-06-10 19:00:56 ----A---- C:\Bug.txt
2009-06-10 19:00:54 ----A---- C:\Windows\system32\cmd.execf
2009-06-10 19:00:42 ----D---- C:\32788R22FWJFW
2009-06-10 17:10:39 ----D---- C:\Windows\ERDNT
2009-06-10 17:09:30 ----D---- C:\Qoobox
2009-06-08 23:04:34 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-08 19:04:27 ----D---- C:\Program Files\Trend Micro
2009-06-08 18:56:52 ----D---- C:\32788R22FWJFW.2.tmp
2009-06-08 18:50:16 ----D---- C:\32788R22FWJFW.1.tmp
2009-06-08 18:49:35 ----D---- C:\32788R22FWJFW.0.tmp
2009-06-08 17:42:32 ----D---- C:\vcs5BGEffects
2009-06-08 14:41:34 ----A---- C:\Windows\ntbtlog.txt
2009-06-08 10:16:58 ----A---- C:\Windows\106125pz9fb.exe
2009-06-08 03:12:27 ----A---- C:\Windows\system32\2a5fdownloade91918z.exe
2009-06-08 03:12:27 ----A---- C:\Windows\system32\2553addware5z79.exe
2009-06-08 03:12:27 ----A---- C:\Windows\9565tro960z.exe
2009-06-08 03:12:27 ----A---- C:\Windows\9445troj999z.dll
2009-06-08 03:12:27 ----A---- C:\Windows\51983hackzool1c49.dll
2009-06-08 03:12:27 ----A---- C:\Windows\268085ot-z-virus15a9.dll
2009-06-08 03:12:26 ----A---- C:\Windows\system32\51z35not-a9virus57f.exe
2009-06-08 03:12:26 ----A---- C:\Windows\system32\3z447not-a-5i9us5.exe
2009-06-08 03:12:26 ----A---- C:\Windows\794z5ot-a-virus2e3.dll
2009-06-08 03:12:26 ----A---- C:\Windows\6799spyz57.exe
2009-06-08 03:12:25 ----A---- C:\Windows\3dd5addza9e2684.exe
2009-06-08 03:12:25 ----A---- C:\Windows\24449virz55cc.dll
2009-06-08 03:12:24 ----A---- C:\Windows\zb62back59or787.dll
2009-06-08 03:12:24 ----A---- C:\Windows\system32\16091ha9ktoz5441.exe
2009-06-08 03:12:24 ----A---- C:\Windows\95z6steal570.exe
2009-06-08 03:12:23 ----A---- C:\Windows\z326ha5ktoo97ff.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\z8555troj23b9.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\7710sp5mbotz90.dll
2009-06-08 03:12:23 ----A---- C:\Windows\system32\74dazir25989.exe
2009-06-08 03:12:23 ----A---- C:\Windows\system32\5949not-a-virus4z6.exe
2009-06-08 03:12:23 ----A---- C:\Windows\bdcthrea9z5556.dll
2009-06-08 03:12:23 ----A---- C:\Windows\9c53tzreat7737.exe
2009-06-08 03:12:23 ----A---- C:\Windows\91304notza5virus747.exe
2009-06-08 03:12:23 ----A---- C:\Windows\8555w9rmz.exe
2009-06-08 03:12:23 ----A---- C:\Windows\8201zackto9l6715.exe
2009-06-08 03:12:23 ----A---- C:\Windows\77b6threat9550z.dll
2009-06-08 03:12:23 ----A---- C:\Windows\6ae4dow9loadez25625.dll
2009-06-08 03:12:23 ----A---- C:\Windows\5939szarse1704.exe
2009-06-08 03:12:23 ----A---- C:\Windows\2efdspzwa9e655.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\z214t5i9f665.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\92a5baczdoor481.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\7b5zspyw5re9157.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\6589tzief112.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\57z4spar5e1129.exe
2009-06-08 03:12:22 ----A---- C:\Windows\system32\2563zwo9m3ba5.dll
2009-06-08 03:12:22 ----A---- C:\Windows\system32\17950hac9toolz9.exe
2009-06-08 03:12:22 ----A---- C:\Windows\9zaathi5f280.dll
2009-06-08 03:12:22 ----A---- C:\Windows\7525th9ef1205z.dll
2009-06-08 03:12:22 ----A---- C:\Windows\5d7dthrea5829z.dll
2009-06-08 03:12:22 ----A---- C:\Windows\3115395amzotba.dll
2009-06-08 03:12:22 ----A---- C:\Windows\28145hacktz9l52.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\e59spywarz491.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\5z89wo9m6c.exe
2009-06-08 03:12:20 ----A---- C:\Windows\system32\5f30zir495.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\2989virz2485.dll
2009-06-08 03:12:20 ----A---- C:\Windows\system32\175z2w9rm513.dll
2009-06-08 03:12:20 ----A---- C:\Windows\6b5thzef1993.dll
2009-06-07 15:38:04 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-06-04 23:31:46 ----D---- C:\AV_LOGS
2009-06-04 09:47:05 ----D---- C:\Program Files\NCSoft
2009-06-04 09:45:30 ----D---- C:\Users\kd\AppData\Roaming\GetRightToGo
2009-06-03 16:06:16 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-03 09:51:37 ----A---- C:\Windows\system32\5z9avir1696.dll
2009-05-28 16:46:41 ----A---- C:\Windows\66z89hreat7975.dll
2009-05-25 23:26:48 ----A---- C:\Windows\3915stea99z95.exe
2009-05-24 16:20:38 ----A---- C:\Windows\7980addw5rz1465.dll
2009-05-24 09:55:55 ----A---- C:\Windows\2255znot-a9vir5s766.exe
2009-05-21 16:37:57 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-05-21 15:37:54 ----D---- C:\Program Files\CCP
2009-05-20 08:12:05 ----D---- C:\ProgramData\CCP
2009-05-19 16:26:30 ----A---- C:\Windows\system32\158zad9ware1655.dll
2009-05-17 11:43:23 ----A---- C:\Windows\z054spyware3296.dll
2009-05-15 17:44:04 ----SHD---- C:\found.000
2009-05-14 22:55:24 ----D---- C:\GamersFirst

======List of files/folders modified in the last 1 months======

2009-06-12 00:56:39 ----D---- C:\Windows\Temp
2009-06-12 00:55:10 ----D---- C:\Program Files\Mozilla Firefox
2009-06-12 00:53:17 ----RD---- C:\Program Files
2009-06-12 00:50:42 ----D---- C:\Windows\Prefetch
2009-06-12 00:50:37 ----HD---- C:\ProgramData
2009-06-11 18:58:38 ----D---- C:\Windows
2009-06-11 18:57:04 ----D---- C:\Windows\system32\catroot
2009-06-11 18:57:03 ----D---- C:\Windows\winsxs
2009-06-11 18:56:48 ----D---- C:\Windows\system32\catroot2
2009-06-11 18:31:13 ----D---- C:\Windows\system32\drivers
2009-06-11 18:30:22 ----SHD---- C:\Windows\Installer
2009-06-11 18:30:00 ----SD---- C:\Users\kd\AppData\Roaming\Microsoft
2009-06-11 18:29:59 ----D---- C:\Windows\System32
2009-06-11 17:40:07 ----D---- C:\Windows\system32\inetsrv
2009-06-11 17:37:56 ----AD---- C:\ProgramData\TEMP
2009-06-11 17:07:03 ----D---- C:\Windows\Minidump
2009-06-11 16:53:08 ----D---- C:\Windows\Tasks
2009-06-10 19:02:41 ----D---- C:\Windows\system32\en-US
2009-06-10 18:15:16 ----D---- C:\Windows\inf
2009-06-10 17:15:34 ----SHD---- C:\System Volume Information
2009-06-09 23:42:37 ----D---- C:\Windows\system32\WDI
2009-06-09 00:00:38 ----SD---- C:\Windows\system32\Microsoft
2009-06-08 23:04:36 ----SD---- C:\Windows\Downloaded Program Files
2009-06-07 15:22:51 ----D---- C:\Windows\system32\Tasks
2009-06-07 01:59:23 ----D---- C:\Fraps
2009-06-04 09:47:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-03 16:07:26 ----D---- C:\Program Files\DivX
2009-06-03 16:06:16 ----D---- C:\Program Files\Common Files
2009-05-28 19:41:40 ----D---- C:\Windows\system32\Adobe
2009-05-27 08:04:19 ----A---- C:\Windows\system32\guard32.dll
2009-05-14 21:28:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-13 03:01:31 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-05-27 130080]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-05-27 28704]
R1 Inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-05-27 68640]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-09 3544064]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 catchme;catchme; \??\C:\Users\kd\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\Windows\system32\DRIVERS\rt2500usb.sys [2005-11-17 245376]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-09 667648]
R2 CISVC;@%systemroot%\system32\CISVC.EXE,-1; C:\Windows\system32\CISVC.EXE [2008-01-18 11264]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2009-05-27 692496]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-18 13824]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-22 185640]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-19 132096]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 12th, 2009, 2:05 am

info.txt:
info.txt logfile of random's system information tool 1.06 2009-06-12 00:56:45

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\2.bin\AskSBar.dll,O
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
BioShock Demo-->C:\Program Files\InstallShield Installation Information\{36BBA884-C697-48B6-B496-5F329215E249}\setup.exe -runfromtemp -l0x0009 -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVE Online (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google SketchUp Pro 7-->MsiExec.exe /I{E1C256F5-58C6-44E9-939A-E1189C8126E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Uninstall KnightOnline-->"C:\GamersFirst\KnightOnline\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.6.7-->"c:\xampp\uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: COMODO Antivirus
FW: COMODO Firewall
AS: COMODO Defense+
AS: Windows Defender

======System event log======

Computer Name: KD
Event Code: 4374
Message: Windows Servicing identified that package KB961501(Security Update) is not applicable for this system
Record Number: 90415
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611235652.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 4374
Message: Windows Servicing identified that package KB968537(Security Update) is not applicable for this system
Record Number: 90435
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611235700.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 4374
Message: Windows Servicing identified that package KB968537(Security Update) is not applicable for this system
Record Number: 90443
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611235701.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 4374
Message: Windows Servicing identified that package KB968537(Security Update) is not applicable for this system
Record Number: 90444
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611235701.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: KD
Event Code: 4374
Message: Windows Servicing identified that package KB968537(Security Update) is not applicable for this system
Record Number: 90445
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611235701.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: KD
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 23934
Source Name: SPP
Time Written: 20090611224329.000000-000
Event Type: Error
User:

Computer Name: KD
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Users\kd\AppData\Local\Temp\7zS8F72.tmp\avgsetup.exe; Descripton = Installed AVG Free 8.5; Hr = 0x800423f4).
Record Number: 23935
Source Name: System Restore
Time Written: 20090611224329.000000-000
Event Type: Error
User:

Computer Name: KD
Event Code: 12290
Message: Volume Shadow Copy Service warning: ASR writer Error 0x80070565. hr = 0x00000000.

Operation:
PrepareForBackup event
PrepareForBackup event

Context:
Execution Context: ASR Writer
Execution Context: Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {c4e8a581-f172-42f5-ae74-b6b624ad6418}
Record Number: 23942
Source Name: VSS
Time Written: 20090611233051.000000-000
Event Type: Warning
User:

Computer Name: KD
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 23943
Source Name: SPP
Time Written: 20090611233051.000000-000
Event Type: Error
User:

Computer Name: KD
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Users\kd\AppData\Local\Temp\7zSA110.tmp\avgsetup.exe; Descripton = Installed AVG Free 8.5; Hr = 0x800423f4).
Record Number: 23944
Source Name: System Restore
Time Written: 20090611233051.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: KD
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 34283
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090612055641.079764-000
Event Type: Audit Failure
User:

Computer Name: KD
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 34284
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090612055641.110964-000
Event Type: Audit Failure
User:

Computer Name: KD
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 34285
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090612055641.142164-000
Event Type: Audit Failure
User:

Computer Name: KD
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 34286
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090612055641.173364-000
Event Type: Audit Failure
User:

Computer Name: KD
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 34287
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090612055641.204564-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby Shaba » June 12th, 2009, 2:14 am

You have some unknown files there.

Please upload this - C:\Windows\z423s5arse596.dll to http://virusscan.jotti.org and post back results.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 12th, 2009, 1:44 pm

Filename: z423s5arse596.dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 12 Jun 2009 19:43:13 (CET) Permalink

[ArcaVir]
2009-06-12 Found nothing
[F-Secure Anti-Virus]
2009-06-12 Found nothing
[Emsisoft A-squared]
2009-06-12 Found nothing
[Ikarus]
2009-06-12 Found nothing
[Avast! antivirus]
2009-06-11 Found nothing
[Kaspersky Anti-Virus]
2009-06-12 Found nothing
[Grisoft AVG Anti-Virus]
2009-06-12 Found nothing
[ESET NOD32]
2009-06-12 Found nothing
[Avira AntiVir]
2009-06-12 Found nothing
[Norman Virus Control]
2009-06-12 Found nothing
[Softwin BitDefender]
2009-06-12 Found nothing
[Panda Antivirus]
2009-06-12 Found nothing
[ClamAV]
2009-06-12 Found nothing
[Quick Heal]
2009-06-12 Found nothing
[CPsecure]
2009-06-12 Found nothing
[Sophos]
2009-06-12 Found nothing
[Dr.Web]
2009-06-12 Found nothing
[VirusBlokAda VBA32]
2009-06-12 Found nothing
[Frisk F-Prot Antivirus]
2009-06-12 Found nothing
[VirusBuster]
2009-06-12 Found nothing
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm

Re: Troj/Rustok-N May I have some help removing it?

Unread postby Shaba » June 12th, 2009, 1:48 pm

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Troj/Rustok-N May I have some help removing it?

Unread postby rattrap1337 » June 12th, 2009, 6:33 pm

ComboFix 09-06-12.02 - kd 06/12/2009 17:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1021.445 [GMT -5:00]
Running from: c:\users\kd\Desktop\combifias.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10114z9cktool2bd5.bin
c:\windows\106125pz9fb.exe
c:\windows\11195z5r9s5eb.ocx
c:\windows\1180059z-a-virus612.ocx
c:\windows\118915otza-virus3cc.cpl
c:\windows\11935zpy503.dll
c:\windows\12147not-9-vzrus435.exe
c:\windows\14z45ha9ktool54e.bin
c:\windows\15173noz5a-vir9s354.dll
c:\windows\15199ha5zto9lbd.exe
c:\windows\15292vi9uz56b.exe
c:\windows\1529adzware1374.cpl
c:\windows\1554thzeat315039.cpl
c:\windows\15839tr9z270.cpl
c:\windows\1594doznloa59r1456.exe
c:\windows\159bs9ealz932.ocx
c:\windows\15z9hief1473.exe
c:\windows\16155hacktzol6b69.dll
c:\windows\16270h9cktooz235.cpl
c:\windows\16650spy7z9.bin
c:\windows\16941nzt-59virus646.bin
c:\windows\16z915irus6a7.cpl
c:\windows\1723zd9war53221.dll
c:\windows\1787not59-virzs7f9.dll
c:\windows\18149vir5s59z.exe
c:\windows\18590wo9z2b9.cpl
c:\windows\18932v9zus3f5.bin
c:\windows\189z75py3ea9.ocx
c:\windows\19049spambzt795.dll
c:\windows\1932zno5-a-vi9us63e.exe
c:\windows\1938woz548e.cpl
c:\windows\19501spyz98.exe
c:\windows\19712s9azbot73f5.bin
c:\windows\198605rzj7a1.dll
c:\windows\19895zpambot53.ocx
c:\windows\19935wzrm2f5.exe
c:\windows\19958troz5c.ocx
c:\windows\19b4szeal558.ocx
c:\windows\1a2a9parsz580.dll
c:\windows\1b59zir1771.bin
c:\windows\1f25t9reat138z1.dll
c:\windows\1f529hreaz22564.ocx
c:\windows\1f75azd9are691.cpl
c:\windows\1z349viru5679.ocx
c:\windows\1z498wor9569.bin
c:\windows\1z521no5-a-vir9s45d.dll
c:\windows\210z7not-a-v9rus3c35.cpl
c:\windows\21450notza-vir9s33a.dll
c:\windows\2179s9z5l2571.cpl
c:\windows\21897n5t-a-zirus95.bin
c:\windows\21957tr9j43bz.dll
c:\windows\21f5download9r8z8.dll
c:\windows\22542troj25z9.cpl
c:\windows\2255viz194.exe
c:\windows\2255znot-a9vir5s766.exe
c:\windows\23277s9ambzt5f5.bin
c:\windows\2338nzt-a-vir9s3c95.cpl
c:\windows\23515sz9mbot285.ocx
c:\windows\2354s9azse2846.cpl
c:\windows\2370nzt-a9vir5s396.exe
c:\windows\2384z5cktool1e19.cpl
c:\windows\23d95pyware756z.exe
c:\windows\23z94not-a-v9r5s123.ocx
c:\windows\24216hackt9zl3d5.dll
c:\windows\24449virz55cc.dll
c:\windows\24459s9yz2d5.cpl
c:\windows\2459troj45z.ocx
c:\windows\245z3spy496.exe
c:\windows\24z79s5ambot63b.ocx
c:\windows\2503downlza5er1319.ocx
c:\windows\25058worm49z.bin
c:\windows\25172troj69z5.exe
c:\windows\2528zn5t-a-vi9us136.ocx
c:\windows\2570zspa59ot318.exe
c:\windows\25795spy60z.cpl
c:\windows\25867not-a-viru93az.ocx
c:\windows\25estzal14489.bin
c:\windows\25z06spy9da5.bin
c:\windows\26179hacktz9l15a.exe
c:\windows\2642195rm76z.bin
c:\windows\265espar9ez157.ocx
c:\windows\268085ot-z-virus15a9.dll
c:\windows\27540spzm5o9cd.cpl
c:\windows\2759spywarz3045.ocx
c:\windows\27974zackto5l765.exe
c:\windows\28060vir5s159z.ocx
c:\windows\28145hacktz9l52.dll
c:\windows\28b3zparse569.dll
c:\windows\28f49hiez3015.cpl
c:\windows\29494spz5095.cpl
c:\windows\29497spzmbot5385.ocx
c:\windows\29509pyware557z.ocx
c:\windows\2951sp5z9re104.bin
c:\windows\2959tr951z0.bin
c:\windows\29659ownloadez695.cpl
c:\windows\29fbaddwa5e95z.exe
c:\windows\29z2159ambot6d4.cpl
c:\windows\29z67not-a95irus728.ocx
c:\windows\2a09th5zf1950.exe
c:\windows\2c9bthrza590964.dll
c:\windows\2de1zpyware15179.cpl
c:\windows\2e5fsp5rsz18229.ocx
c:\windows\2efdspzwa9e655.dll
c:\windows\2f7a9hief1576z.ocx
c:\windows\2fd59parse25z2.cpl
c:\windows\2fe7d5wnlozd9r2562.cpl
c:\windows\2z09sparse2957.bin
c:\windows\2z110tro53c49.cpl
c:\windows\2z11bac5door24409.cpl
c:\windows\2z20spars59152.bin
c:\windows\2z71959rm568.dll
c:\windows\2zcf9tea51429.dll
c:\windows\301z2n5t-a-v9rus7c5.ocx
c:\windows\30259spz49c9.bin
c:\windows\30539wzrm472.ocx
c:\windows\31006trzj259.cpl
c:\windows\3115395amzotba.dll
c:\windows\316fd5w9loader2340z.dll
c:\windows\3227z9orm5205.bin
c:\windows\3235zviru59fb.exe
c:\windows\32597hacktzo5599.dll
c:\windows\3277s9ambo5z52.bin
c:\windows\32995spamboz1ee.bin
c:\windows\33e0vir3z59.cpl
c:\windows\341ea5dware32z9.bin
c:\windows\3529sp9wzre2128.cpl
c:\windows\35642notz9-virus6ef.cpl
c:\windows\35665nzt-a9virus42c.bin
c:\windows\3575zackdo9r2686.dll
c:\windows\3580bazkd9or5594.dll
c:\windows\3584zddware2389.ocx
c:\windows\3586zp9mb5t327.bin
c:\windows\35951hacktooz486.ocx
c:\windows\35c4s9arse528z.ocx
c:\windows\35z709roj56b.bin
c:\windows\365daddwz9e857.dll
c:\windows\372dbac5d9orz819.bin
c:\windows\3793downzoade52389.ocx
c:\windows\37e6spars95832z.ocx
c:\windows\389cspars557z.cpl
c:\windows\3907not-5zvirus185.dll
c:\windows\3915stea99z95.exe
c:\windows\392aspywa5e44z.bin
c:\windows\3955thrzat11758.bin
c:\windows\39cfviz11985.bin
c:\windows\39czd5wnloader2359.ocx
c:\windows\3b79backdozr14519.ocx
c:\windows\3dd5addza9e2684.exe
c:\windows\3e51addzare9324.cpl
c:\windows\3fb7steaz5569.dll
c:\windows\3z165ackdoor1029.dll
c:\windows\3z488not-a-5irus34b9.dll
c:\windows\3z59downloader22339.cpl
c:\windows\3zf05hie921.cpl
c:\windows\403dad5z9re25.dll
c:\windows\4248no5-z-vi9usaf.bin
c:\windows\4264tzrea593632.bin
c:\windows\432zaddwa5e952.dll
c:\windows\43zbaddw5re7489.exe
c:\windows\4454wor92d3z.ocx
c:\windows\4519zot-a-viru5159.cpl
c:\windows\4525sze9l3243.bin
c:\windows\4555hacktozl1d9.ocx
c:\windows\459th9eat2065z.exe
c:\windows\45bzown9oader564.cpl
c:\windows\4615t59zf1503.cpl
c:\windows\46a5spyzare3149.exe
c:\windows\47adownlozder8759.dll
c:\windows\48b9s5a9se529z.ocx
c:\windows\4921threatz5922.cpl
c:\windows\4991do5nloadez9168.dll
c:\windows\49dddownloaderz625.bin
c:\windows\4be5s5eal150z9.bin
c:\windows\4c545dd9are56z.dll
c:\windows\4c99ad5wzre1366.dll
c:\windows\4d89addwar95298z.dll
c:\windows\4df5z5eal9066.exe
c:\windows\4e91th5e9z28267.ocx
c:\windows\4zc5thief9654.dll
c:\windows\501zthief15149.exe
c:\windows\505thiez9250.bin
c:\windows\50644hzckto9l537.ocx
c:\windows\5096downzoader3026.cpl
c:\windows\50z4do9nlo5der152.ocx
c:\windows\51511spy6az9.ocx
c:\windows\5181thi9fz104.ocx
c:\windows\51827hacktzol739.ocx
c:\windows\51983hackzool1c49.dll
c:\windows\51cszarse197.bin
c:\windows\52401troj3zf9.dll
c:\windows\526599rzj35d.dll
c:\windows\5299wz5m679.bin
c:\windows\529spamboz50.ocx
c:\windows\538z5ir30199.bin
c:\windows\5391dowzloa9er1007.dll
c:\windows\54a6addzare2993.exe
c:\windows\54d9addza5e1163.dll
c:\windows\54z3w9rm53b.dll
c:\windows\5571spy60z9.ocx
c:\windows\559ed5wnloader2494z.cpl
c:\windows\55z4steal3079.bin
c:\windows\5662downloaze92032.dll
c:\windows\56e4spzr5e1961.cpl
c:\windows\5706not-a-9ir5z338.dll
c:\windows\5799spars51978z.exe
c:\windows\579cs5ywarez022.cpl
c:\windows\579steal9z9.exe
c:\windows\5812thiez1796.ocx
c:\windows\582zsteal2971.bin
c:\windows\5839virus65dz.exe
c:\windows\58e9stezl1363.exe
c:\windows\590e9parze2460.ocx
c:\windows\590thzeat31201.dll
c:\windows\591dszy9are3114.ocx
c:\windows\591fzteal1277.bin
c:\windows\5939szarse1704.exe
c:\windows\5955s9yware2524z.cpl
c:\windows\59634spambzt543.bin
c:\windows\59a9thzeat14985.ocx
c:\windows\59bzback5oor9185.ocx
c:\windows\5a07zir20579.dll
c:\windows\5a09spz59e110.dll
c:\windows\5a34sparze7909.exe
c:\windows\5ad2tzief35219.bin
c:\windows\5b28zddwa5912.cpl
c:\windows\5b95threat1327z5.dll
c:\windows\5c15d9warez36.cpl
c:\windows\5c17th9eat118z75.ocx
c:\windows\5c4aadd5aze1193.cpl
c:\windows\5cd4thi5f2z459.cpl
c:\windows\5d23addwaze952.exe
c:\windows\5d34t9i5f3047z.cpl
c:\windows\5d7dthrea5829z.dll
c:\windows\5dez9par5e253.cpl
c:\windows\5dz1ste9l866.cpl
c:\windows\5e8dzir929.ocx
c:\windows\5e94vz52601.bin
c:\windows\5ed159ckdoor1320z.cpl
c:\windows\5fzavir2956.ocx
c:\windows\5z17virus4c9.bin
c:\windows\5z197hacktool48a.cpl
c:\windows\5z49thief2785.cpl
c:\windows\5z96sp9rse2822.bin
c:\windows\6259spywzre23575.bin
c:\windows\6299z9rm153.exe
c:\windows\62e1t9reat59066z.bin
c:\windows\6342a5dw9re1z07.dll
c:\windows\649zst9a52670.ocx
c:\windows\64a99teal31z5.bin
c:\windows\64b99azkdoor2574.cpl
c:\windows\6520threaz519.cpl
c:\windows\6566v9rus35z.exe
c:\windows\669zspamb5940c.bin
c:\windows\66d5addware190z.cpl
c:\windows\66z89hreat7975.dll
c:\windows\673bzparse9153.exe
c:\windows\6799spyz57.exe
c:\windows\679zroj159.ocx
c:\windows\68059parse5z42.bin
c:\windows\68a45ddware973z.exe
c:\windows\693ab59kdozr2955.ocx
c:\windows\695esparse899z.ocx
c:\windows\69bv9r1558z.cpl
c:\windows\69c29o5nloadzr2171.bin
c:\windows\6ae4dow9loadez25625.dll
c:\windows\6b2dspzwa9e18015.exe
c:\windows\6b5thzef1993.dll
c:\windows\6c5d9ir2565z.cpl
c:\windows\6c959parsez84.dll
c:\windows\6dz4t9reat4957.cpl
c:\windows\6f4s5ywarz963.bin
c:\windows\6f5zback9oor30.ocx
c:\windows\6z75spywar930.ocx
c:\windows\7019downlozder1985.dll
c:\windows\705dthrea5z19659.ocx
c:\windows\721bspyw59e18z5.ocx
c:\windows\7276noz-a-vi5us498.cpl
c:\windows\7295bac9door245z.exe
c:\windows\7521addwa5z9806.bin
c:\windows\7525th9ef1205z.dll
c:\windows\7551spa9s521z6.ocx
c:\windows\757dv5r14z59.cpl
c:\windows\75b9baczdoor116.cpl
c:\windows\75cfz9dware2155.ocx
c:\windows\75eabackdozr2596.exe
c:\windows\76dzteal695.cpl
c:\windows\77135tezl2709.bin
c:\windows\77b6threat9550z.dll
c:\windows\7819zhr5at1692.cpl
c:\windows\794z5ot-a-virus2e3.dll
c:\windows\7955add5arz2256.bin
c:\windows\7980addw5rz1465.dll
c:\windows\7abb95zeat25565.dll
c:\windows\7b5evir9z39.bin
c:\windows\7f5dzh9eat26368.dll
c:\windows\8201zackto9l6715.exe
c:\windows\84995ozm159.cpl
c:\windows\853vir9s4ze.bin
c:\windows\8555w9rmz.exe
c:\windows\85z9n5t-a-virus23e.exe
c:\windows\8771hacktzo962d5.exe
c:\windows\8819vizu5491.ocx
c:\windows\8d6thr9at27515z.ocx
c:\windows\8z21s5ambot59b.ocx
c:\windows\91304notza5virus747.exe
c:\windows\9179spa5bot5d9z.exe
c:\windows\91961vizuse15.ocx
c:\windows\919adownloadzr18695.exe
c:\windows\939z7tro590.dll
c:\windows\93cbacz5oor1952.dll
c:\windows\9445troj999z.dll
c:\windows\94685worm4z2.exe
c:\windows\94d4s5zware653.ocx
c:\windows\9509w9rz3e4.cpl
c:\windows\9565tro960z.exe
c:\windows\95z6steal570.exe
c:\windows\969z5not-a-virus736.bin
c:\windows\9782ha5k9ooz213.dll
c:\windows\98675n5t-a-vizus421.bin
c:\windows\9872s5z9e5.cpl
c:\windows\9a4ft5ief3135z.cpl
c:\windows\9afbackdoo529z9.exe
c:\windows\9b60downl5aderz146.bin
c:\windows\9ba95zeal666.ocx
c:\windows\9c53tzreat7737.exe
c:\windows\9z35spy3a9.cpl
c:\windows\9z545roj54f.bin
c:\windows\9zaathi5f280.dll
c:\windows\a8bvir99z5.dll
c:\windows\b4bzpar9e5452.ocx
c:\windows\bdcthrea9z5556.dll
c:\windows\cecste9l1500z.cpl
c:\windows\czadownloade917615.bin
c:\windows\d00viz14095.bin
c:\windows\d49szeal5365.dll
c:\windows\dd9do9nl5ader303z.exe
c:\windows\e95v9r7z0.bin
c:\windows\system32\1042zvir5s3d9.bin
c:\windows\system32\10439spambot4z95.exe
c:\windows\system32\10f3stzal18195.dll
c:\windows\system32\11550t9oj625z.cpl
c:\windows\system32\1213d9znloader725.cpl
c:\windows\system32\122zparse6579.dll
c:\windows\system32\13575noz-a-virus729.exe
c:\windows\system32\137z5s9a5bot464.ocx
c:\windows\system32\138825pa9botz20.dll
c:\windows\system32\14198ha5ktoolz01.exe
c:\windows\system32\14294za5ktool6f9.cpl
c:\windows\system32\144z9s9y15d.bin
c:\windows\system32\145195py70z.exe
c:\windows\system32\1459ztroj750.exe
c:\windows\system32\15224s9ambo517dz.bin
c:\windows\system32\152859zy532.dll
c:\windows\system32\1531zpa9bot511.ocx
c:\windows\system32\1539stezl1529.cpl
c:\windows\system32\1556s9yzare907.exe
c:\windows\system32\15579teal2z15.cpl
c:\windows\system32\158zad9ware1655.dll
c:\windows\system32\1594worm54z.cpl
c:\windows\system32\16091ha9ktoz5441.exe
c:\windows\system32\16637vizu54a9.ocx
c:\windows\system32\16655trojz9a.cpl
c:\windows\system32\16751hacz9oo5524.cpl
c:\windows\system32\169795z-a-virus463.dll
c:\windows\system32\1734th95atz5858.exe
c:\windows\system32\175z2w9rm513.dll
c:\windows\system32\175zsparse9125.dll
c:\windows\system32\17799n9t-a-viru52zb.bin
c:\windows\system32\17950hac9toolz9.exe
c:\windows\system32\17z5sp5rse2974.dll
c:\windows\system32\17zdadd5are22739.ocx
c:\windows\system32\1808zot59-virus5b0.ocx
c:\windows\system32\182s9a5bzt761.bin
c:\windows\system32\187dspyz5re97.dll
c:\windows\system32\18z2v5r198.dll
c:\windows\system32\19355v9rus3z9.dll
c:\windows\system32\1937zdd5are729.exe
c:\windows\system32\19d9az5ware2194.cpl
c:\windows\system32\1a41stea95905z.ocx
c:\windows\system32\1c55spa9se143z.cpl
c:\windows\system32\1e04dow9loader510z.dll
c:\windows\system32\1e9aviz15985.cpl
c:\windows\system32\1f5adowzl9ader5212.ocx
c:\windows\system32\1f95zteal9169.bin
c:\windows\system32\1z39downloader92625.cpl
c:\windows\system32\1z4625p9mbot303.cpl
c:\windows\system32\1z53spar5e29559.dll
c:\windows\system32\1z995hief2991.ocx
c:\windows\system32\20021nzt-5-viru9304.ocx
c:\windows\system32\20054w5zm359.dll
c:\windows\system32\20360sz95bd5.cpl
c:\windows\system32\20456not-a-viru55z9.exe
c:\windows\system32\20990troj9z5.exe
c:\windows\system32\21227s5yzd9.ocx
c:\windows\system32\217295ot-azvirus270.ocx
c:\windows\system32\21dat9reat4z55.cpl
c:\windows\system32\22985zywa9e862.dll
c:\windows\system32\236z5wo9m2c0.cpl
c:\windows\system32\24493v5ruz293.ocx
c:\windows\system32\244z1sp937b5.bin
c:\windows\system32\24667vizus159.ocx
c:\windows\system32\247z09irus5cf5.bin
c:\windows\system32\24z71tro93d5.cpl
c:\windows\system32\25169irusbz.cpl
c:\windows\system32\25432notza-vir5s296.bin
c:\windows\system32\2545downzoa59r1903.dll
c:\windows\system32\2553addware5z79.exe
c:\windows\system32\2559zpar9e959.ocx
c:\windows\system32\25600hackzool3b79.dll
c:\windows\system32\2563zwo9m3ba5.dll
c:\windows\system32\25723s9azbot1275.exe
c:\windows\system32\257755py9z5.cpl
c:\windows\system32\25924vizus626.exe
c:\windows\system32\25978troj1z2.ocx
c:\windows\system32\25cdzw95oader911.ocx
c:\windows\system32\25ceaddwzre95215.dll
c:\windows\system32\25e8ad9w5re1810z.dll
c:\windows\system32\25z65hac59ool441.dll
c:\windows\system32\25z77virus4459.cpl
c:\windows\system32\2646795rz591.bin
c:\windows\system32\26599trojz3e.exe
c:\windows\system32\2663795oj4z2.cpl
c:\windows\system32\271edownl95dzr1955.ocx
c:\windows\system32\27355ownlo9der91z.cpl
c:\windows\system32\27615hzc9t5ol338.dll
c:\windows\system32\276z5h9ck5ool6d3.cpl
c:\windows\system32\27930wo5mz6a.dll
c:\windows\system32\27z16spy950.exe
c:\windows\system32\28059z9cktool227.bin
c:\windows\system32\2837spamzo57b9.dll
c:\windows\system32\28538sp5z19.bin
c:\windows\system32\2898ztroj475.cpl
c:\windows\system32\28997spa5bzt97.bin
c:\windows\system32\29181not-a5zirus1ca9.bin
c:\windows\system32\2940az9ware5875.ocx
c:\windows\system32\29467t9zj7ee5.exe
c:\windows\system32\29858spamboz59c.exe
c:\windows\system32\29859spyz59.bin
c:\windows\system32\2989virz2485.dll
c:\windows\system32\29cbdownl5az9r681.bin
c:\windows\system32\29efzpy9are2056.ocx
c:\windows\system32\29z38s9ambot78a5.bin
c:\windows\system32\29z53virus3a69.bin
c:\windows\system32\2a5fdownloade91918z.exe
c:\windows\system32\2a7azdd95re2781.ocx
c:\windows\system32\2ac9tzief16465.cpl
c:\windows\system32\2c51download9z134.exe
c:\windows\system32\2c55th9ef2133z.dll
c:\windows\system32\2cz9threat19511.bin
c:\windows\system32\2e5zthie9466.bin
c:\windows\system32\2eccspar952z43.exe
c:\windows\system32\2z19st5al1203.exe
c:\windows\system32\2z993spy425.exe
c:\windows\system32\2zb1addwa592435.cpl
c:\windows\system32\30359wzrm52.dll
c:\windows\system32\3039zownloader22475.exe
c:\windows\system32\30859tro53z7.cpl
c:\windows\system32\30f259dwaze1756.dll
c:\windows\system32\31515hie9z952.dll
c:\windows\system32\31579hzeat2466.dll
c:\windows\system32\31597troj97z.dll
c:\windows\system32\31912w5rmz45.dll
c:\windows\system32\3209thr5atz627.ocx
c:\windows\system32\3229hacktz5l28b.exe
c:\windows\system32\32cc9tza53255.ocx
c:\windows\system32\32z59i5us67c.cpl
c:\windows\system32\3321sp9mz5t153.cpl
c:\windows\system32\33e9zteal185.bin
c:\windows\system32\3507thiez8959.ocx
c:\windows\system32\3527spywarz9576.bin
c:\windows\system32\359csparsz1968.ocx
c:\windows\system32\359dthreaz50620.cpl
c:\windows\system32\36zc5ir9202.ocx
c:\windows\system32\370spy9are51z.bin
c:\windows\system32\371ev5r16z39.exe
c:\windows\system32\37d95hief1z259.cpl
c:\windows\system32\3857tzreat17697.dll
c:\windows\system32\389zd9w5loader2094.dll
c:\windows\system32\392zha9ktool7f05.cpl
c:\windows\system32\3954n9t-a-vzru5401.dll
c:\windows\system32\395dback5oorz64.cpl
c:\windows\system32\395szarse1518.bin
c:\windows\system32\39759iruz255.dll
c:\windows\system32\39b1addware5z97.bin
c:\windows\system32\3babth9e5t5361z.exe
c:\windows\system32\3bfback59or11z1.exe
c:\windows\system32\3c73thi5f25z29.bin
c:\windows\system32\3ce9spywarz9533.exe
c:\windows\system32\3d48back9zor3153.cpl
c:\windows\system32\3d63downl9ade52387z.cpl
c:\windows\system32\3f49azdwar9954.cpl
c:\windows\system32\3z03add5a9e2923.bin
c:\windows\system32\3z595py7a9.cpl
c:\windows\system32\3z99add5are720.exe
c:\windows\system32\4209ad5wzre2508.cpl
c:\windows\system32\4245tro9zbb.bin
c:\windows\system32\4355bac9d5or3019z.ocx
c:\windows\system32\44a2zpa9se531.cpl
c:\windows\system32\4553spzm9ot104.dll
c:\windows\system32\45575ac9tool29z.dll
c:\windows\system32\457bste9z2959.exe
c:\windows\system32\45959hreaz32723.dll
c:\windows\system32\4597spar5z2750.ocx
c:\windows\system32\45aathief9z60.ocx
c:\windows\system32\45c3backdoorz90.ocx
c:\windows\system32\4662wz9m52d.dll
c:\windows\system32\490zaddw5re9937.ocx
c:\windows\system32\4937s95alz39.exe
c:\windows\system32\4952thzeat29097.ocx
c:\windows\system32\4967h5ckt9zl4b5.bin
c:\windows\system32\498adownloadz5639.cpl
c:\windows\system32\4a8dbz9kdoor14955.dll
c:\windows\system32\4b5btz9ef2350.ocx
c:\windows\system32\4bc295ckdoorz593.bin
c:\windows\system32\4c29ste5lz57.bin
c:\windows\system32\4ce9t9iez586.ocx
c:\windows\system32\4da1a9dw5ze2635.exe
c:\windows\system32\4f90spywa5e9175z.ocx
c:\windows\system32\503zspambot25e9.ocx
c:\windows\system32\50a89ddware2z505.bin
c:\windows\system32\50z2spar9e2411.bin
c:\windows\system32\510zbackdoo9976.ocx
c:\windows\system32\5139ste5z419.dll
c:\windows\system32\5145th5ez926.exe
c:\windows\system32\5156ha5kzoo9b1.bin
c:\windows\system32\5158ziru941a.dll
c:\windows\system32\51z35not-a9virus57f.exe
c:\windows\system32\52509rojzd1.dll
c:\windows\system32\52539virus2z5.dll
c:\windows\system32\52f5zp9r5e3239.ocx
c:\windows\system32\52z53vi9us700.exe
c:\windows\system32\5335downloazer2159.bin
c:\windows\system32\5365zackdoor18809.ocx
c:\windows\system32\53799pz1e4.exe
c:\windows\system32\542zn9t-a-virus7555.dll
c:\windows\system32\5451threat932z6.bin
c:\windows\system32\54zcspywar915915.dll
c:\windows\system32\5542downloaze93025.bin
c:\windows\system32\556cszyware5990.bin
c:\windows\system32\5580downloade961z.exe
c:\windows\system32\5597hzck9ool2065.cpl
c:\windows\system32\55b2virz691.dll
c:\windows\system32\55cbszeal2491.exe
c:\windows\system32\55d5d5wnlzader497.exe
c:\windows\system32\55z40hac9tool5d1.cpl
c:\windows\system32\55zfv9r2139.bin
c:\windows\system32\5629tzief2299.dll
c:\windows\system32\567cthz5f1093.ocx
c:\windows\system32\568avirz915.bin
c:\windows\system32\5699thiez785.cpl
c:\windows\system32\5709hzcktool1b5.cpl
c:\windows\system32\57159iz1808.exe
c:\windows\system32\57211h9cztool5af.dll
c:\windows\system32\5798nz5-a-virus157.exe
c:\windows\system32\57z4spar5e1129.exe
c:\windows\system32\583bba5kdozr4179.ocx
c:\windows\system32\587adow9loadz52367.ocx
c:\windows\system32\589dadd5are5z3.exe
c:\windows\system32\5916stezl1808.ocx
c:\windows\system32\59335z9oj7af.cpl
c:\windows\system32\59435spy16z.cpl
c:\windows\system32\5949not-a-virus4z6.exe
c:\windows\system32\5953viz2527.cpl
c:\windows\system32\595fspywarz9550.exe
c:\windows\system32\5965threat93z64.cpl
c:\windows\system32\5970vir9sze.bin
c:\windows\system32\59es9ealz32.ocx
c:\windows\system32\59f59ddware1365z.cpl
c:\windows\system32\5azfvi5195.dll
c:\windows\system32\5b45spzw59e2237.exe
c:\windows\system32\5cb45iz2499.cpl
c:\windows\system32\5d23t5rea99z43.ocx
c:\windows\system32\5d5cspywarez6509.bin
c:\windows\system32\5d8spzware15869.dll
c:\windows\system32\5df3thre9z29131.cpl
c:\windows\system32\5e39th5eatz43249.bin
c:\windows\system32\5f30zir495.dll
c:\windows\system32\5f45spyw9re29z9.ocx
c:\windows\system32\5f59spyw5rez934.ocx
c:\windows\system32\5fe6s5ywarz2997.ocx
c:\windows\system32\5z0tro5191.bin
c:\windows\system32\5z2thre5t29289.dll
c:\windows\system32\5z449pyware4985.cpl
c:\windows\system32\5z89wo9m6c.exe
c:\windows\system32\5z9avir1696.dll
c:\windows\system32\6033hac5tool983z.cpl
c:\windows\system32\60dcvi93258z.bin
c:\windows\system32\6151downloadzr949.ocx
c:\windows\system32\6196thr9az4544.bin
c:\windows\system32\625bthre9t864z.ocx
c:\windows\system32\626hack5ool9fez.cpl
c:\windows\system32\62fzthi5f569.bin
c:\windows\system32\641downlz95er999.ocx
c:\windows\system32\6425thrz5t6898.exe
c:\windows\system32\6449ha9ktoo5709z.bin
c:\windows\system32\6555bzckdoor9259.cpl
c:\windows\system32\6589tzief112.exe
c:\windows\system32\65c5steal297z9.bin
c:\windows\system32\6645add9z5e42.cpl
c:\windows\system32\669e9pywa5ez224.bin
c:\windows\system32\6718spa59ez458.ocx
c:\windows\system32\6853tz9eat18803.cpl
c:\windows\system32\687795zdf.dll
c:\windows\system32\6902stezl3915.exe
c:\windows\system32\6953vir355z.ocx
c:\windows\system32\695downloaderz9805.cpl
c:\windows\system32\69ac5ackdzor3173.ocx
c:\windows\system32\6bbz9tea5975.bin
c:\windows\system32\6bf19pywaze2590.cpl
c:\windows\system32\6cb4z9wnloader30615.ocx
c:\windows\system32\6cb9downloadz52324.bin
c:\windows\system32\6cdd5wnloz9er966.exe
c:\windows\system32\6d0bbackdozr9153.ocx
c:\windows\system32\6z69do5nlo9der2180.bin
c:\windows\system32\6ze5hreat93983.exe
c:\windows\system32\719fbaczdoor5115.dll
c:\windows\system32\71e25zr17309.cpl
c:\windows\system32\71zethie9155.ocx
c:\windows\system32\745zt5oj459.dll
c:\windows\system32\74d9viz2395.ocx
c:\windows\system32\74dazir25989.exe
c:\windows\system32\756bzir29645.bin
c:\windows\system32\758not-a-vi5usz5e9.cpl
c:\windows\system32\766bs5az9e1887.dll
c:\windows\system32\76705zrus739.bin
c:\windows\system32\7710sp5mbotz90.dll
c:\windows\system32\771895ambot154z.exe
c:\windows\system32\7720z9rm588.dll
c:\windows\system32\7906vi538z.cpl
c:\windows\system32\7984a5dwaze1409.cpl
c:\windows\system32\799dspywar519z2.dll
c:\windows\system32\79c9zhre9t5920.bin
c:\windows\system32\7b5zspyw5re9157.exe
c:\windows\system32\7c0bbackdz951775.exe
c:\windows\system32\7d59sparse158z.cpl
c:\windows\system32\7ee1ba5zdo9r3064.dll
c:\windows\system32\7ef1spywarz15935.ocx
c:\windows\system32\7f24th9ez24285.dll
c:\windows\system32\7f945zi9f1603.cpl
c:\windows\system32\7z95sp5ware641.cpl
c:\windows\system32\7z95spyware895.ocx
c:\windows\system32\8194spa59ot6z.cpl
c:\windows\system32\8255sp559dz.exe
c:\windows\system32\86559r5j35z.exe
c:\windows\system32\8689trz51a8.cpl
c:\windows\system32\86z3troj5319.bin
c:\windows\system32\8953hack5ozl2f7.ocx
c:\windows\system32\90551worm75z.exe
c:\windows\system32\90606s5y537z.cpl
c:\windows\system32\90fz5teal3080.ocx
c:\windows\system32\912ez5arse2398.bin
c:\windows\system32\91ezspywar52755.exe
c:\windows\system32\9276troj59z.dll
c:\windows\system32\928z0worm6585.ocx
c:\windows\system32\92a5baczdoor481.exe
c:\windows\system32\93213szambo51dd.bin
c:\windows\system32\93eestza55.dll
c:\windows\system32\9400spamboz1c5.bin
c:\windows\system32\94763spambot25z5.bin
c:\windows\system32\94810s5z67d.dll
c:\windows\system32\94b9s5arse2z9.dll
c:\windows\system32\9509spambot585z.ocx
c:\windows\system32\959zdownloader3026.dll
c:\windows\system32\95z5backdoor539.bin
c:\windows\system32\9729spy8z5.bin
c:\windows\system32\9781zpambot3579.bin
c:\windows\system32\978bzckdo9r2745.dll
c:\windows\system32\97z93spam5ot3a9.dll
c:\windows\system32\9859spazbot95.ocx
c:\windows\system32\98810zr5j737.dll
c:\windows\system32\9b55vzr585.bin
c:\windows\system32\9e5czir300.bin
c:\windows\system32\9ed5wnloazer1659.dll
c:\windows\system32\9f51s5ealz524.dll
c:\windows\system32\9z05th5eat24620.bin
c:\windows\system32\9z51vir2055.dll
c:\windows\system32\9z886not-a-virus57a5.exe
c:\windows\system32\9z90w5rm386.bin
c:\windows\system32\a69threa925666z.exe
c:\windows\system32\c1c5hzef1299.exe
c:\windows\system32\c4threa930503z.bin
c:\windows\system32\cdfdoznloader97185.bin
c:\windows\system32\drivers\gxvxcecbjdmfvpbiehuxmwqpeqvtxnoycddfi.sys
c:\windows\system32\e59spywarz491.dll
c:\windows\system32\e5zthr9at2291.ocx
c:\windows\system32\eedzteal9185.dll
c:\windows\system32\f655hi9f2083z.dll
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcjocihqtnonolbyrgrqxlyyeirqmwnjkt.dll
c:\windows\system32\gxvxcnttfsxdfuiecibnhvrppaviostlttrmx.dll
c:\windows\system32\z11129orm650.bin
c:\windows\system32\z1205pambot96.bin
c:\windows\system32\z163ha9kto5ld9.ocx
c:\windows\system32\z214t5i9f665.dll
c:\windows\system32\z2583spy609.dll
c:\windows\system32\z2655hac9tool119.bin
c:\windows\system32\z3267virus559.exe
c:\windows\system32\z3974virus5e85.dll
c:\windows\system32\z502backdoor9048.bin
c:\windows\system32\z549threat19006.exe
c:\windows\system32\z5cthief1955.dll
c:\windows\system32\z679spam9ot451.cpl
c:\windows\system32\z759worm93.bin
c:\windows\system32\z79s5e9l2657.exe
c:\windows\system32\z7a5sparse2759.cpl
c:\windows\system32\z7thief90485.exe
c:\windows\system32\z8555troj23b9.dll
c:\windows\system32\z8965acktool37f.ocx
c:\windows\system32\z9a59tea51396.dll
c:\windows\system32\zbd8s5arse459.dll
c:\windows\z00559acktool601.bin
c:\windows\z054spyware3296.dll
c:\windows\z0589h5ef59.exe
c:\windows\z0727s9y5a1.bin
c:\windows\z0c9threat15142.dll
c:\windows\z1291sp5291.cpl
c:\windows\z1808v9rus3395.ocx
c:\windows\z1815hacktool95.exe
c:\windows\z326ha5ktoo97ff.dll
c:\windows\z350not-a-vi95s5c6.bin
c:\windows\z423s5arse596.dll
c:\windows\z4463hackt5o9a.exe
c:\windows\z480895cktool2a6.cpl
c:\windows\z4bbth5ea916018.dll
c:\windows\z4d35ir13459.cpl
c:\windows\z55275roj193.exe
c:\windows\z56spyw9re591.dll
c:\windows\z5850viru970b.ocx
c:\windows\z593backdo5r2415.ocx
c:\windows\z593sp56209.ocx
c:\windows\z6047t5oj919.ocx
c:\windows\z6429vi5us71f.ocx
c:\windows\z71hackt9ol4575.cpl
c:\windows\z74ab5ckdo9r1587.bin
c:\windows\z852thr9a518113.bin
c:\windows\z927ba5kdoor27.ocx
c:\windows\z9467sp56a1.dll
c:\windows\z95bsparse870.dll
c:\windows\zb2bspy5ar91535.exe
c:\windows\zb62back59or787.dll
c:\windows\zc99parse575.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-12 22:16 . 2009-06-12 22:16 -------- d-----w- c:\users\kd\AppData\Local\temp
2009-06-11 22:03 . 2009-06-12 05:56 -------- d-----w- C:\rsit
2009-06-11 21:30 . 2009-06-11 21:30 -------- d-----w- c:\users\kd\AppData\Roaming\Malwarebytes
2009-06-11 21:27 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 21:27 . 2009-06-11 21:27 -------- d-----w- c:\programdata\Malwarebytes
2009-06-11 21:27 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 21:27 . 2009-06-11 21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 04:04 . 2009-06-09 05:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-09 00:04 . 2009-06-09 00:04 -------- d-----w- c:\program files\Trend Micro
2009-06-08 23:56 . 2009-06-09 05:15 -------- d-----w- C:\32788R22FWJFW.2.tmp
2009-06-08 23:50 . 2009-06-09 05:15 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-08 23:49 . 2009-06-09 05:15 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-08 22:42 . 2009-06-08 23:34 -------- d-----w- C:\vcs5BGEffects
2009-06-08 21:06 . 2009-06-08 21:06 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-06-08 08:12 . 2009-06-08 08:12 15326 ----a-w- c:\windows\system32\3z447not-a-5i9us5.exe
2009-06-07 20:38 . 2009-06-08 22:42 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-06-05 04:31 . 2009-06-05 04:32 -------- d-----w- C:\AV_LOGS
2009-06-05 04:29 . 2009-06-05 04:29 -------- d-----w- c:\users\kd\{ac2e2b8c-c423-4baa-a0a1-d154ebcab39c}
2009-06-05 04:29 . 2008-12-10 21:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys
2009-06-04 15:07 . 2009-06-04 15:07 -------- d-----w- c:\users\kd\AppData\Local\NCSoft
2009-06-04 14:47 . 2009-06-04 14:47 -------- d-----w- c:\users\kd\AppData\Local\assembly
2009-06-04 14:47 . 2009-06-04 14:48 -------- d-----w- c:\program files\NCSoft
2009-06-04 14:45 . 2009-06-04 14:45 -------- d-----w- c:\users\kd\AppData\Roaming\GetRightToGo
2009-06-03 21:06 . 2009-06-03 21:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-21 21:39 . 2009-05-21 21:39 -------- d-----w- c:\users\kd\AppData\Local\CCP
2009-05-21 21:37 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-05-21 20:37 . 2009-05-21 20:37 -------- d-----w- c:\program files\CCP
2009-05-20 13:12 . 2009-05-20 13:12 -------- d-----w- c:\programdata\CCP
2009-05-15 22:44 . 2009-05-15 22:44 -------- d-sh--w- C:\found.000
2009-05-15 03:55 . 2009-05-15 03:55 -------- d-----w- C:\GamersFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 14:47 . 2008-08-06 23:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 21:07 . 2008-08-13 15:24 -------- d-----w- c:\program files\DivX
2009-05-27 13:05 . 2008-08-13 13:07 68640 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-27 13:04 . 2008-08-13 13:07 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-27 13:04 . 2008-08-13 13:07 28704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-27 13:04 . 2008-08-13 13:07 130080 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-13 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 04:53 . 2009-01-16 23:52 -------- d-----w- c:\users\kd\AppData\Roaming\DivX
2009-04-24 16:05 . 2009-06-11 23:57 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 23:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 23:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 23:57 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 23:57 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 23:57 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-03-17 03:38 . 2009-04-16 22:27 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 22:27 24064 ----a-w- c:\windows\system32\amxread.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-13 13:10 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="c:\fraps\FRAPS.EXE" [2006-12-21 2842624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-08-13 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-05-27 1794320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-05-27 1794320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1778FE0B-BF96-4953-B935-179B7437D69D}c:\\users\\kd\\desktop\\server files1\\server files\\login server\\mystver.exe"= UDP:c:\users\kd\desktop\server files1\server files\login server\mystver.exe:mystver.exe
"UDP Query User{88F53694-E69A-454D-8FC6-4FB53CE28DD4}c:\\users\\kd\\desktop\\server files1\\server files\\login server\\mystver.exe"= TCP:c:\users\kd\desktop\server files1\server files\login server\mystver.exe:mystver.exe
"{8A302BCB-7AFB-4200-97E6-8C9660DE6A03}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A0ECFA77-2627-4D41-B6B0-9F180AA475DF}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{E6564EE3-F839-412B-AF07-3FD748E260DC}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{67D66EFD-1F57-45AF-AAFE-5DA449FB4FF3}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{CBB11CC8-C1DD-481E-B77B-CF858B12FD68}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{285EE04E-04BF-4A16-AF72-80B442943410}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{E51A6262-A416-477C-B778-BE7BEA1385D8}"= UDP:c:\program files\Microsoft Games\SpiderSolitaire\Combat Arms\NMService.exe:Nexon Messenger Core
"{04173EB3-F8AB-4A3C-BD23-645DFCA487CE}"= TCP:c:\program files\Microsoft Games\SpiderSolitaire\Combat Arms\NMService.exe:Nexon Messenger Core
"{7F3C589C-C0A7-4BCE-B8D8-2ABD50B61FDD}"= UDP:e:\combat arms\NMService.exe:Nexon Messenger Core
"{66C4B3AD-9EEE-48E1-B0D5-DFF0D14D98FC}"= TCP:e:\combat arms\NMService.exe:Nexon Messenger Core
"{9AED4EB8-F38C-4D7C-AA66-896FC8DF1BA2}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6D70F1C7-135B-49F7-ACD9-AAC12CC8AF27}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{25FCADDB-0AE5-44B9-87B7-4DE3501245FD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B5E58C79-C9EF-41F8-923F-335221E2E5B6}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [8/13/2008 8:07 AM 130080]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [8/13/2008 8:07 AM 28704]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [6/14/2008 12:02 PM 17408]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [1/22/2009 4:31 AM 185640]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [6/4/2009 11:29 PM 17792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
FF - ProfilePath - c:\users\kd\AppData\Roaming\Mozilla\Firefox\Profiles\5yd86hid.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 17:16
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\System32\cssdll32.dll

- - - - - - - > 'lsass.exe'(644)
c:\windows\System32\cssdll32.dll
c:\windows\system32\guard32.dll
.
Completion time: 2009-06-12 17:18
ComboFix-quarantined-files.txt 2009-06-12 22:18

Pre-Run: 119,579,045,888 bytes free
Post-Run: 123,305,930,752 bytes free

910 --- E O F --- 2009-06-12 06:10
rattrap1337
Active Member
 
Posts: 14
Joined: June 8th, 2009, 8:11 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware