View Single Post

M0LD0V4N · 08-15-2008, 01:46 AM

Part 2, of ComboFix log. Wouldn't fit.
--------------------------------------------------

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-14 22:57 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\uTorrent
2008-08-13 16:20 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Gamelab
2008-08-12 21:41 --------- d---a-w C:\ProgramData\TEMP
2008-08-11 01:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-11 01:36 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-08-11 00:53 --------- d-----w C:\Program Files\WarRock
2008-08-10 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 16:57 --------- d-----w C:\Program Files\Google
2008-08-05 16:50 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\PlayFirst
2008-08-05 16:50 --------- d-----w C:\ProgramData\PlayFirst
2008-07-28 23:43 --------- d-----w C:\ProgramData\Fugazo
2008-07-23 22:19 --------- d-----w C:\Program Files\Common Files\Real
2008-07-23 18:46 --------- d-----w C:\Program Files\FrostWire
2008-07-23 18:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MxBoost
2008-07-21 01:01 --------- d-----w C:\Program Files\Microsoft Games
2008-07-20 22:53 --------- d-----w C:\Program Files\DivX
2008-07-20 22:49 --------- d-----w C:\Program Files\Zylom Games
2008-07-20 22:47 --------- d-----w C:\Program Files\DeliciousDeluxe2_at
2008-07-19 02:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 23:08 --------- d-----w C:\Program Files\Cheat Engine
2008-07-16 05:15 615,424 ----a-w C:\Windows\System32\themeui.dll
2008-07-16 05:15 240,128 ----a-w C:\Windows\System32\uxtheme.dll
2008-07-13 06:38 174 --sha-w C:\Program Files\desktop.ini
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Mail
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Journal
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-13 06:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-13 06:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-13 05:41 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-07-13 05:41 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-07-11 02:37 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Yahoo!
2008-07-11 02:37 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-10 02:45 --------- d-----w C:\Program Files\Yahoo!
2008-07-07 16:19 --------- d-----w C:\ProgramData\Zylom
2008-07-03 16:16 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Ludia
2008-07-03 16:16 --------- d-----w C:\ProgramData\Ludia
2008-07-03 05:10 --------- d-----w C:\Program Files\bfgclient
2008-06-28 23:38 --------- d-----w C:\Program Files\Real
2008-06-28 23:35 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-06-27 19:17 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Vso
2008-06-27 00:27 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Thinking Minds Budiling Bytes
2008-06-26 22:11 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\ESET
2008-06-26 22:10 --------- d-----w C:\ProgramData\ESET
2008-06-26 22:10 --------- d-----w C:\Program Files\ESET
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-23 07:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-21 19:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-21 00:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\DivX
2008-06-21 00:37 --------- d-----w C:\ProgramData\Apple Computer
2008-06-21 00:37 --------- d-----w C:\Program Files\QT Lite
2008-06-21 00:20 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-20 21:29 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Move Networks
2008-06-20 01:33 --------- d-----w C:\Program Files\Alcohol Soft
2008-06-20 01:13 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Maxthon2
2008-06-20 01:07 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Avant Profiles
2008-06-18 22:11 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-06-16 22:06 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-16 18:25 57,344 ----a-w C:\Users\Arkadiy\iSNIML.dll
2008-06-16 07:00 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MiniDm
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-30 00:38 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-30 00:37 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-30 00:37 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-30 00:37 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-30 00:37 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-30 00:37 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-30 00:37 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-30 00:37 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-30 00:37 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-30 00:37 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-30 00:36 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-30 00:35 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-30 00:34 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 00:34 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 00:34 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 00:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 00:34 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 00:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 00:34 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-05-29 23:47 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-16 06:32 219,696 ----a-w C:\Windows\System32\vmnc.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-14_15.53.56.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-14 20:54:10 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-08-14 23:09:05 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-08-14 20:54:15 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2008-08-14 23:09:00 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-29 15:18 219952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-18 19:25 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 20:11 4317184 C:\Windows\RtHDVCpl.exe]
"CHotkey"="zHotkey.exe" [2006-11-07 14:08 547840 C:\Windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 09:13 36864 C:\Windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 14:34 53248 C:\Windows\ModPS2Key.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-12-04 16:22:45 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\startupfolder\C:^Users^Arkadiy^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Arkadiy\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
--a------ 2006-11-16 16:04 2348584 c:\Program Files\BigFix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1197928652\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2008-05-16 00:51 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2008-05-16 00:51 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 22:51 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{FC655EF9-4CCC-458A-BDD1-535C284CDDAE}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{C1BCA28F-EBBC-4CE9-97DE-056D0F727C00}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"{94E30B97-BC0F-4D51-89F8-CACF23C5E6D1}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{6D71804A-AE92-41EE-A6F5-00C58E291526}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{399408DA-AC4C-4565-AD7E-52FD0B9C31AA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{2386DB38-2145-467F-966C-7F7111B46C23}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{CEF4EFDC-83AD-4763-90B6-C151CCCD3203}"= UDP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{748F8195-2700-49E5-AE85-437FE57E5FC7}"= TCP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{E37E745A-CCEF-4E57-8C7F-0B7DBBBB8244}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07B771ED-B073-405E-B5E1-79C69B584C9E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E2976706-C364-4E8B-BA19-80F92F3CBF34}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0E9C9B0F-5067-4E0D-A0A9-BAC8B6E6F27B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E1D28528-05C5-4827-B39F-17B97FE3D3D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E8B523A1-85E9-4FAD-A06D-94EB45E6F134}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{40815D6D-31CF-4DD2-9834-01AE02C80E13}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1DD69F80-62C7-43A3-AE32-B677483D48ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A5ACE63E-C487-4B6D-A810-5DB91322A4CD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{C6417CB4-09ED-4831-AB63-C1ACA3D5EAE9}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe
"UDP Query User{8D0CF02C-1B53-4306-A276-5B17C2B78988}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe
"{9DF1DA57-C842-44B9-99B9-1B2C6EA8296E}"= UDP:C:\Program Files\LiberTV\LiberTV.exe:LiberTV Player
"{89D62C3C-A8A3-4BC0-A7A5-A8EAD17AB405}"= TCP:C:\Program Files\LiberTV\LiberTV.exe:LiberTV Player

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 02:45]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 13:22]
S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Dorin\Documents\DORIN\All In One DVD\Everest Ultimate Edition v4.20.1291b\Install\kerneld.wnt [2007-12-14 10:09]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-05-29 16:47]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]
S4 WUSB54Gv4SVC;WUSB54Gv4SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv4.exe []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2090c44c-9194-11dc-9466-c2c44998a6d0}]
\shell\AutoRun\command - J:\Startup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e40ceabd-0371-11dd-aeeb-8aef0fdee4ce}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - ECACHE
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]

2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{2E7D8B6D-B6CC-4B52-9712-AD7CB5A48BC9}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Arkadiy\AppData\Roaming\Mozilla\Firefox\P rofiles\v7mdpryh.default\

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 16:09:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-08-14 16:10:35
ComboFix-quarantined-files.txt 2008-08-14 23:10:15
ComboFix2.txt 2008-08-14 22:55:15
ComboFix3.txt 2008-06-27 01:44:54

Pre-Run: 95,945,867,264 bytes free
Post-Run: 95,878,557,696 bytes free

370 --- E O F --- 2008-07-15 21:01:49

08-15-2008, 01:46 AM	#3 (permalink)
M0LD0V4N Gold Member Join Date: Oct 2007 Location: I'm sure a Pedo, would read this. Hey there? Posts: 310	Part 2, of ComboFix log. Wouldn't fit. -------------------------------------------------- (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-08-14 22:57 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\uTorrent 2008-08-13 16:20 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Gamelab 2008-08-12 21:41 --------- d---a-w C:\ProgramData\TEMP 2008-08-11 01:36 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-08-11 01:36 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-08-11 00:53 --------- d-----w C:\Program Files\WarRock 2008-08-10 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-07 16:57 --------- d-----w C:\Program Files\Google 2008-08-05 16:50 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\PlayFirst 2008-08-05 16:50 --------- d-----w C:\ProgramData\PlayFirst 2008-07-28 23:43 --------- d-----w C:\ProgramData\Fugazo 2008-07-23 22:19 --------- d-----w C:\Program Files\Common Files\Real 2008-07-23 18:46 --------- d-----w C:\Program Files\FrostWire 2008-07-23 18:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MxBoost 2008-07-21 01:01 --------- d-----w C:\Program Files\Microsoft Games 2008-07-20 22:53 --------- d-----w C:\Program Files\DivX 2008-07-20 22:49 --------- d-----w C:\Program Files\Zylom Games 2008-07-20 22:47 --------- d-----w C:\Program Files\DeliciousDeluxe2_at 2008-07-19 02:06 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-18 23:08 --------- d-----w C:\Program Files\Cheat Engine 2008-07-16 05:15 615,424 ----a-w C:\Windows\System32\themeui.dll 2008-07-16 05:15 240,128 ----a-w C:\Windows\System32\uxtheme.dll 2008-07-13 06:38 174 --sha-w C:\Program Files\desktop.ini 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Mail 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Journal 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Defender 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Collaboration 2008-07-13 06:30 --------- d-----w C:\Program Files\Windows Calendar 2008-07-13 06:14 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-07-13 06:14 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-07-13 05:41 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-07-13 05:41 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-07-11 02:37 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Yahoo! 2008-07-11 02:37 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-07-10 02:45 --------- d-----w C:\Program Files\Yahoo! 2008-07-07 16:19 --------- d-----w C:\ProgramData\Zylom 2008-07-03 16:16 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Ludia 2008-07-03 16:16 --------- d-----w C:\ProgramData\Ludia 2008-07-03 05:10 --------- d-----w C:\Program Files\bfgclient 2008-06-28 23:38 --------- d-----w C:\Program Files\Real 2008-06-28 23:35 --------- d-----w C:\Program Files\Microsoft Money 2006 2008-06-27 19:17 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Vso 2008-06-27 00:27 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Thinking Minds Budiling Bytes 2008-06-26 22:11 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\ESET 2008-06-26 22:10 --------- d-----w C:\ProgramData\ESET 2008-06-26 22:10 --------- d-----w C:\Program Files\ESET 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-23 07:48 --------- d-----w C:\Program Files\AviSynth 2.5 2008-06-21 19:23 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-21 00:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\DivX 2008-06-21 00:37 --------- d-----w C:\ProgramData\Apple Computer 2008-06-21 00:37 --------- d-----w C:\Program Files\QT Lite 2008-06-21 00:20 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-06-20 21:29 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Move Networks 2008-06-20 01:33 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-20 01:13 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Maxthon2 2008-06-20 01:07 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Avant Profiles 2008-06-18 22:11 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-06-16 22:06 --------- d-----w C:\Program Files\PeerGuardian2 2008-06-16 18:25 57,344 ----a-w C:\Users\Arkadiy\iSNIML.dll 2008-06-16 07:00 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MiniDm 2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-05-30 00:38 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-05-30 00:37 988,216 ----a-w C:\Windows\System32\winload.exe 2008-05-30 00:37 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-05-30 00:37 615,992 ----a-w C:\Windows\System32\ci.dll 2008-05-30 00:37 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-05-30 00:37 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-05-30 00:37 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-05-30 00:37 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-05-30 00:37 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-05-30 00:37 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-05-30 00:36 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-05-30 00:35 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-05-30 00:34 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-30 00:34 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-05-30 00:34 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-30 00:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-05-30 00:34 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-05-30 00:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-05-30 00:34 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-05-29 23:47 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-05-16 06:32 219,696 ----a-w C:\Windows\System32\vmnc.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-14_15.53.56.22 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-14 20:54:10 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-08-14 23:09:05 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-08-14 20:54:15 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at + 2008-08-14 23:09:00 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-29 15:18 219952] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-18 19:25 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 20:11 4317184 C:\Windows\RtHDVCpl.exe] "CHotkey"="zHotkey.exe" [2006-11-07 14:08 547840 C:\Windows\zHotkey.exe] "ShowWnd"="ShowWnd.exe" [2005-01-27 09:13 36864 C:\Windows\ShowWnd.exe] "ModPS2"="ModPS2Key.exe" [2006-11-07 14:34 53248 C:\Windows\ModPS2Key.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "GrpConv"="grpconv -o" [X] C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2007-12-04 16:22:45 3656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.dvsd"= pdvcodec.dll [HKLM\~\startupfolder\C:^Users^Arkadiy^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Users\Arkadiy\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix] --a------ 2006-11-16 16:04 2348584 c:\Program Files\BigFix\bigfix.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1197928652\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] --a------ 2008-05-16 00:51 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] --a------ 2008-05-16 00:51 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] --a------ 2007-11-15 22:51 166304 c:\Program Files\Zune\ZuneLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{FC655EF9-4CCC-458A-BDD1-535C284CDDAE}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{C1BCA28F-EBBC-4CE9-97DE-056D0F727C00}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{94E30B97-BC0F-4D51-89F8-CACF23C5E6D1}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{6D71804A-AE92-41EE-A6F5-00C58E291526}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{399408DA-AC4C-4565-AD7E-52FD0B9C31AA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{2386DB38-2145-467F-966C-7F7111B46C23}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{CEF4EFDC-83AD-4763-90B6-C151CCCD3203}"= UDP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL "{748F8195-2700-49E5-AE85-437FE57E5FC7}"= TCP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL "{E37E745A-CCEF-4E57-8C7F-0B7DBBBB8244}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{07B771ED-B073-405E-B5E1-79C69B584C9E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E2976706-C364-4E8B-BA19-80F92F3CBF34}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0E9C9B0F-5067-4E0D-A0A9-BAC8B6E6F27B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E1D28528-05C5-4827-B39F-17B97FE3D3D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{E8B523A1-85E9-4FAD-A06D-94EB45E6F134}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{40815D6D-31CF-4DD2-9834-01AE02C80E13}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{1DD69F80-62C7-43A3-AE32-B677483D48ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{A5ACE63E-C487-4B6D-A810-5DB91322A4CD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{C6417CB4-09ED-4831-AB63-C1ACA3D5EAE9}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe "UDP Query User{8D0CF02C-1B53-4306-A276-5B17C2B78988}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe "{9DF1DA57-C842-44B9-99B9-1B2C6EA8296E}"= UDP:C:\Program Files\LiberTV\LiberTV.exe:LiberTV Player "{89D62C3C-A8A3-4BC0-A7A5-A8EAD17AB405}"= TCP:C:\Program Files\LiberTV\LiberTV.exe:LiberTV Player [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe::Enabled:XChat IRC Client "C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe::Enabled:MiniDM S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 02:45] S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 13:22] S2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 23:33] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Users\Dorin\Documents\DORIN\All In One DVD\Everest Ultimate Edition v4.20.1291b\Install\kerneld.wnt [2007-12-14 10:09] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-05-29 16:47] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51] S4 WUSB54Gv4SVC;WUSB54Gv4SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv4.exe [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2090c44c-9194-11dc-9466-c2c44998a6d0}] \shell\AutoRun\command - J:\Startup.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e40ceabd-0371-11dd-aeeb-8aef0fdee4ce}] \shell\AutoRun\command - L:\LaunchU3.exe -a Newly Created Service - ECACHE . Contents of the 'Scheduled Tasks' folder 2008-08-14 C:\Windows\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24] 2008-08-14 C:\Windows\Tasks\User_Feed_Synchronization-{2E7D8B6D-B6CC-4B52-9712-AD7CB5A48BC9}.job - C:\Windows\system32\msfeedssync.exe [2008-01-18 23:33] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Arkadiy\AppData\Roaming\Mozilla\Firefox\P rofiles\v7mdpryh.default\ ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 16:09:42 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . Completion time: 2008-08-14 16:10:35 ComboFix-quarantined-files.txt 2008-08-14 23:10:15 ComboFix2.txt 2008-08-14 22:55:15 ComboFix3.txt 2008-06-27 01:44:54 Pre-Run: 95,945,867,264 bytes free Post-Run: 95,878,557,696 bytes free 370 --- E O F --- 2008-07-15 21:01:49 __________________ Don't take life so Seriously, It isn't permanent.**