Need help with Antivirus System PRO.

View previous topic View next topic Go down

Need help with Antivirus System PRO.

Post by COOLSTATIC05 on 22nd October 2009, 10:02 pm

I had this Antivirus System PRO 1 day and got It removed with the help from you guys then after a few days It got back again 2 times. I believe that It should not come back again when its removed. Are there any ways to stop that thing from coming back again? And/or is there like a thing that I have in my computer that makes it go back?

Thanks for reading.

COOLSTATIC05
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : XP
Points Points : 26058
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by Dr Jay on 24th October 2009, 1:04 am

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by COOLSTATIC05 on 24th October 2009, 9:42 pm

ComboFix Log:

ComboFix 09-10-23.01 - Pajela` 10/24/2009 14:26.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2931 [GMT -7:00]
Running from: c:\documents and settings\Pajela`\desktop\commy.exe
Command switches used :: /stepdel
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Pajela`\LOCALS~1\Temp\1.wmv
c:\windows\system32\2084596025.dat

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECTEDSTORAGEODSERV
-------\Service_ProtectedStorageodserv


((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-22 02:12 . 2009-10-22 02:37 -------- d-----w- c:\program files\tvsxua
2009-10-18 20:46 . 2009-10-18 21:06 -------- d-----w- c:\program files\jimpft
2009-10-18 20:31 . 2009-10-18 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 19:55 . 2009-10-17 19:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-15 23:04 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 23:04 . 2009-10-15 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-15 23:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 23:04 . 2009-10-15 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:35 . 2009-10-15 23:18 -------- d-----w- c:\program files\fbeuko
2009-10-03 00:35 . 2009-10-03 00:35 159580 ----a-w- c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-10-03 00:20 . 2009-10-03 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-02 22:34 . 2009-10-02 23:14 -------- d-----w- c:\program files\ESET
2009-09-26 01:52 . 2009-09-26 01:52 -------- d-----w- c:\program files\Ventrilo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 23:13 . 2009-02-06 21:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 23:13 . 2009-02-06 21:31 -------- d-----w- c:\program files\SUPERAntiSpyware
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"53:TCP"= 53:TCP:websrvx

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [9/30/2006 11:37 PM 26624]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [5/17/2009 12:23 PM 386688]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\ZOUND_~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\ZOUND_~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Pajela`\LOCALS~1\Temp\KSU1E.tmp --> c:\docume~1\Pajela`\LOCALS~1\Temp\KSU1E.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-24 14:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Pajela`\LOCALS~1\Temp\KSU1E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-573735546-839522115-1007\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Documents and Settings\Pajela`\My Documents\ * * \ *J*A*C*O*B* * \ *S*T*U*F*F* * \GSC\plugins\imageformats]
"qgif4.dll"=multi:"2007-12-04T14:47\00gif\00\00"
"qjpeg4.dll"=multi:"2007-12-04T14:47\00jpeg\00jpg\00\00"
"qmng4.dll"=multi:"2007-12-04T14:48\00mng\00\00"
"qsvg4.dll"=multi:"2007-12-04T14:48\00svg\00\00"
"qtiff4.dll"=multi:"2007-12-04T14:48\00tiff\00tif\00\00"

[HKEY_USERS\S-1-5-21-343818398-573735546-839522115-1007\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\c:\documents and settings\Pajela`\My Documents\ * * \ *J*A*C*O*B* * \ *S*T*U*F*F* * \GSC\plugins\imageformats]
"qgif4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:47\00\00"
"qjpeg4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:47\00\00"
"qmng4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
"qsvg4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
"qtiff4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5748)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\commy\CF22467.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 14:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-24 21:38

Pre-Run: 373,195,481,088 bytes free
Post-Run: 379,015,020,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1CC5EFAB84F08ABA55B4B7E70BD957FE

COOLSTATIC05
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : XP
Points Points : 26058
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by COOLSTATIC05 on 24th October 2009, 9:42 pm

Add-Remove Programs:

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Command & Conquer
Counter-Strike Source 1.19
EasyWorship
ESET NOD32 Antivirus
ESET Online Scanner v3
Garena
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB926239)
IDT Audio
Magic ISO Maker v5.4 (build 0255)
Malwarebytes' Anti-Malware
Marsu-Fix 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
OpenVPN 2.0.9
PDF Settings
QuickBooks Premier: Nonprofit Edition 2007
QuickBooks Product Listing Service
Skins
Sony Vegas Pro 8.0
SupportSoft Assisted Service
SWiSH Max2
Ventrilo Client
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus
Yahoo! Messenger

COOLSTATIC05
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : XP
Points Points : 26058
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by Dr Jay on 24th October 2009, 9:53 pm

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    c:\program files\tvsxua
    c:\program files\jimpft
    c:\program files\fbeuko
    c:\Program Files\Garena

    Rootkit::
    c:\windows\system32\drivers\ehdrv.sys

    Driver::
    GarenaPEngine

    File::
    c:\docume~1\Pajela`\LOCALS~1\Temp\KSU1E.tmp
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by COOLSTATIC05 on 27th October 2009, 10:43 pm

ComboFix 09-10-26.06 - Pajela` 10/27/2009 15:29.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2934 [GMT -8:00]
Running from: c:\documents and settings\Pajela`\Desktop\commy.exe
Command switches used :: c:\documents and settings\Pajela`\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active


FILE ::
"c:\docume~1\Pajela`\LOCALS~1\Temp\KSU1E.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\fbeuko
c:\program files\Garena
c:\program files\Garena\AESocket.dll
c:\program files\Garena\atl71.dll
c:\program files\Garena\Avatar\boy.swf
c:\program files\Garena\Avatar\boy_s.swf
c:\program files\Garena\Avatar\girl.swf
c:\program files\Garena\Avatar\girl_s.swf
c:\program files\Garena\Avatar\unknown.swf
c:\program files\Garena\Avatar\unknown_s.swf
c:\program files\Garena\clients.dat
c:\program files\Garena\CommonLib.dll
c:\program files\Garena\config\bs.br.xml
c:\program files\Garena\config\bs.cn.xml
c:\program files\Garena\config\bs.en.xml
c:\program files\Garena\config\bs.id.xml
c:\program files\Garena\config\bs.pp.xml
c:\program files\Garena\config\bs.ru.xml
c:\program files\Garena\config\bs.sd.xml
c:\program files\Garena\config\bs.sp.xml
c:\program files\Garena\config\bs.th.xml
c:\program files\Garena\config\bs.tw.xml
c:\program files\Garena\config\bs.vn.xml
c:\program files\Garena\config\loccn.xml
c:\program files\Garena\config\locen.xml
c:\program files\Garena\config\lockr.xml
c:\program files\Garena\config\loctw.xml
c:\program files\Garena\CS15Hook.dll
c:\program files\Garena\deps\vww.gzp
c:\program files\Garena\dlls\CTSys.dll
c:\program files\Garena\dlls\flags.dll
c:\program files\Garena\dlls\FPSHelper.dll
c:\program files\Garena\dlls\GFireMan.dll
c:\program files\Garena\dlls\IPvR.dll
c:\program files\Garena\dlls\PEngine.dll
c:\program files\Garena\dlls\PluginLanguage.dll
c:\program files\Garena\dlls\WC3J.dll
c:\program files\Garena\face\1.bmp
c:\program files\Garena\face\1_m.bmp
c:\program files\Garena\face\10.bmp
c:\program files\Garena\face\10_m.bmp
c:\program files\Garena\face\11.bmp
c:\program files\Garena\face\11_m.bmp
c:\program files\Garena\face\12.bmp
c:\program files\Garena\face\12_m.bmp
c:\program files\Garena\face\13.bmp
c:\program files\Garena\face\13_m.bmp
c:\program files\Garena\face\14.bmp
c:\program files\Garena\face\14_m.bmp
c:\program files\Garena\face\15.bmp
c:\program files\Garena\face\15_m.bmp
c:\program files\Garena\face\16.bmp
c:\program files\Garena\face\16_m.bmp
c:\program files\Garena\face\17.bmp
c:\program files\Garena\face\17_m.bmp
c:\program files\Garena\face\18.bmp
c:\program files\Garena\face\18_m.bmp
c:\program files\Garena\face\19.bmp
c:\program files\Garena\face\19_m.bmp
c:\program files\Garena\face\2.bmp
c:\program files\Garena\face\2_m.bmp
c:\program files\Garena\face\20.bmp
c:\program files\Garena\face\20_m.bmp
c:\program files\Garena\face\21.bmp
c:\program files\Garena\face\21_m.bmp
c:\program files\Garena\face\22.bmp
c:\program files\Garena\face\22_m.bmp
c:\program files\Garena\face\23.bmp
c:\program files\Garena\face\23_m.bmp
c:\program files\Garena\face\24.bmp
c:\program files\Garena\face\24_m.bmp
c:\program files\Garena\face\3.bmp
c:\program files\Garena\face\3_m.bmp
c:\program files\Garena\face\4.bmp
c:\program files\Garena\face\4_m.bmp
c:\program files\Garena\face\5.bmp
c:\program files\Garena\face\5_m.bmp
c:\program files\Garena\face\6.bmp
c:\program files\Garena\face\6_m.bmp
c:\program files\Garena\face\7.bmp
c:\program files\Garena\face\7_m.bmp
c:\program files\Garena\face\8.bmp
c:\program files\Garena\face\8_m.bmp
c:\program files\Garena\face\9.bmp
c:\program files\Garena\face\9_m.bmp
c:\program files\Garena\files\files.ggz
c:\program files\Garena\FPSHook.dll
c:\program files\Garena\Gamecn.dat
c:\program files\Garena\GameConfig.xml
c:\program files\Garena\Gameen.dat
c:\program files\Garena\Gametw.dat
c:\program files\Garena\Garena.exe
c:\program files\Garena\GarenaSkin.dll
c:\program files\Garena\GarenaSkin1.dll
c:\program files\Garena\GarenaTV.xml
c:\program files\Garena\GarenaTV\0.bmp
c:\program files\Garena\GarenaTV\1.bmp
c:\program files\Garena\GarenaTV\2.bmp
c:\program files\Garena\GarenaTV\3.bmp
c:\program files\Garena\GarenaTV\4.bmp
c:\program files\Garena\GarenaTV\5.bmp
c:\program files\Garena\GarenaTV\6.bmp
c:\program files\Garena\GarenaTV\cn.ggz
c:\program files\Garena\GarenaTV\cn_s.ggz
c:\program files\Garena\GarenaTV\en.ggz
c:\program files\Garena\GarenaTV\en_s.ggz
c:\program files\Garena\GarenaTV\id_s.ggz
c:\program files\Garena\GarenaTV\tw.ggz
c:\program files\Garena\GarenaTV\tw_s.ggz
c:\program files\Garena\GarenaTV_UI.dll
c:\program files\Garena\GarenaTVHook.dll
c:\program files\Garena\GGICON.ico
c:\program files\Garena\Gn.ggz
c:\program files\Garena\gs.dat
c:\program files\Garena\hc.xml
c:\program files\Garena\Inject.dll
c:\program files\Garena\L4DSocket.dll
c:\program files\Garena\langs.xml
c:\program files\Garena\Languages\FPSGame.dll.cn
c:\program files\Garena\Languages\FPSGame.dll.en
c:\program files\Garena\Languages\FPSGame.dll.tw
c:\program files\Garena\Languages\Garena.exe.br
c:\program files\Garena\Languages\Garena.exe.cn
c:\program files\Garena\Languages\Garena.exe.en
c:\program files\Garena\Languages\Garena.exe.id
c:\program files\Garena\Languages\Garena.exe.ru
c:\program files\Garena\Languages\Garena.exe.sp
c:\program files\Garena\Languages\Garena.exe.th
c:\program files\Garena\Languages\Garena.exe.tw
c:\program files\Garena\Languages\Garena.exe.vn
c:\program files\Garena\Languages\GarenaTV_UI.dll.cn
c:\program files\Garena\Languages\GarenaTV_UI.dll.en
c:\program files\Garena\Languages\GarenaTV_UI.dll.id
c:\program files\Garena\Languages\GarenaTV_UI.dll.tw
c:\program files\Garena\Languages\languages.glf
c:\program files\Garena\Languages\update.exe.cn
c:\program files\Garena\Languages\update.exe.tw
c:\program files\Garena\Languages\update2.exe.cn
c:\program files\Garena\Languages\update2.exe.tw
c:\program files\Garena\Languages\WC3Ass.dll.cn
c:\program files\Garena\Languages\WC3Ass.dll.en
c:\program files\Garena\Languages\WC3Ass.dll.tw
c:\program files\Garena\Languages\WC3Ass.dll.vn
c:\program files\Garena\Languages\WC3Ladder.dll.cn
c:\program files\Garena\Languages\WC3Ladder.dll.en
c:\program files\Garena\Languages\WC3Ladder.dll.tw
c:\program files\Garena\layout\BlackShotView.layout
c:\program files\Garena\layout\layout.ggz
c:\program files\Garena\lib\common\Language.dll
c:\program files\Garena\lib\GarenaRoomSystem.dll
c:\program files\Garena\lib\GarenaWebService.dll
c:\program files\Garena\lib\HttpLayer.dll
c:\program files\Garena\lib\Language.dll
c:\program files\Garena\lib\Layout.dll
c:\program files\Garena\lib\LibPlugin.ggz
c:\program files\Garena\lib\LoadSwf.dll
c:\program files\Garena\lib\MessagePumpLib.dll
c:\program files\Garena\lib\NetworkLayer.dll
c:\program files\Garena\lib\PKCS.dll
c:\program files\Garena\lib\WebCache.dll
c:\program files\Garena\mdata.ggz
c:\program files\Garena\PluginKernel.dll
c:\program files\Garena\plugins\Game\GarenaTVRecorder.dll
c:\program files\Garena\plugins\Game\WC3Ass.dll
c:\program files\Garena\plugins\Game\WC3Ladder.dll
c:\program files\Garena\plugins\Game\WC3VC.dll
c:\program files\Garena\plugins\Plugins.ggz
c:\program files\Garena\plugins\UI\AvoidCrackPlugin.dll
c:\program files\Garena\plugins\UI\BlackShotPlugin.dll
c:\program files\Garena\plugins\UI\CafeLogin.dll
c:\program files\Garena\plugins\UI\Chenyx.dll
c:\program files\Garena\plugins\UI\FavListUIPlugin.dll
c:\program files\Garena\plugins\UI\FPSGame.dll
c:\program files\Garena\plugins\UI\GarenaTV.dll
c:\program files\Garena\plugins\UI\GarenaTVRecUI.dll
c:\program files\Garena\plugins\UI\GEngine.dll
c:\program files\Garena\plugins\UI\ManagePlugin.dll
c:\program files\Garena\plugins\UI\StatPlugin.dll
c:\program files\Garena\plugins\UI\ViwawaPlugin.dll
c:\program files\Garena\plugins\UI\zDep.dll
c:\program files\Garena\plugins\UI\zzzPlugin.dll
c:\program files\Garena\RecConfig.xml
c:\program files\Garena\roomCN.dat
c:\program files\Garena\roomEN.dat
c:\program files\Garena\roomTW.dat
c:\program files\Garena\server.xml
c:\program files\Garena\shop\items\1.gif
c:\program files\Garena\shop\items\100.gif
c:\program files\Garena\shop\items\105.gif
c:\program files\Garena\shop\items\150.gif
c:\program files\Garena\shop\items\2.gif
c:\program files\Garena\shop\items\200.gif
c:\program files\Garena\shop\items\201.gif
c:\program files\Garena\shop\items\202.gif
c:\program files\Garena\shop\items\203.gif
c:\program files\Garena\shop\items\204.gif
c:\program files\Garena\shop\items\205.gif
c:\program files\Garena\shop\items\206.gif
c:\program files\Garena\shop\items\21.gif
c:\program files\Garena\shop\items\22.gif
c:\program files\Garena\shop\items\23.gif
c:\program files\Garena\shop\items\3.gif
c:\program files\Garena\shop\items\300.gif
c:\program files\Garena\shop\items\301.gif
c:\program files\Garena\shop\items\302.gif
c:\program files\Garena\shop\items\303.gif
c:\program files\Garena\shop\items\304.gif
c:\program files\Garena\shop\items\305.gif
c:\program files\Garena\shop\items\306.gif
c:\program files\Garena\shop\items\307.gif
c:\program files\Garena\shop\items\308.gif
c:\program files\Garena\shop\items\309.gif
c:\program files\Garena\shop\items\310.gif
c:\program files\Garena\shop\items\311.gif
c:\program files\Garena\shop\items\312.gif
c:\program files\Garena\shop\items\313.gif
c:\program files\Garena\shop\items\4.gif
c:\program files\Garena\shop\items\40.gif
c:\program files\Garena\shop\items\60.gif
c:\program files\Garena\shop\items\61.gif
c:\program files\Garena\shop\items\62.gif
c:\program files\Garena\shop\items\63.gif
c:\program files\Garena\shop\items\64.gif
c:\program files\Garena\shop\items\65.gif
c:\program files\Garena\shop\items\66.gif
c:\program files\Garena\Skin\Flags\-.gif
c:\program files\Garena\Skin\Flags\ad.gif
c:\program files\Garena\Skin\Flags\ae.gif
c:\program files\Garena\Skin\Flags\af.gif
c:\program files\Garena\Skin\Flags\ag.gif
c:\program files\Garena\Skin\Flags\ai.gif
c:\program files\Garena\Skin\Flags\al.gif
c:\program files\Garena\Skin\Flags\am.gif
c:\program files\Garena\Skin\Flags\an.gif
c:\program files\Garena\Skin\Flags\ao.gif
c:\program files\Garena\Skin\Flags\aq.gif
c:\program files\Garena\Skin\Flags\ar.gif
c:\program files\Garena\Skin\Flags\as.gif
c:\program files\Garena\Skin\Flags\at.gif
c:\program files\Garena\Skin\Flags\au.gif
c:\program files\Garena\Skin\Flags\aw.gif
c:\program files\Garena\Skin\Flags\az.gif
c:\program files\Garena\Skin\Flags\ba.gif
c:\program files\Garena\Skin\Flags\bb.gif
c:\program files\Garena\Skin\Flags\bd.gif
c:\program files\Garena\Skin\Flags\be.gif
c:\program files\Garena\Skin\Flags\bf.gif
c:\program files\Garena\Skin\Flags\bg.gif
c:\program files\Garena\Skin\Flags\bh.gif
c:\program files\Garena\Skin\Flags\bi.gif
c:\program files\Garena\Skin\Flags\bj.gif
c:\program files\Garena\Skin\Flags\bm.gif
c:\program files\Garena\Skin\Flags\bn.gif
c:\program files\Garena\Skin\Flags\bo.gif
c:\program files\Garena\Skin\Flags\br.gif
c:\program files\Garena\Skin\Flags\bs.gif
c:\program files\Garena\Skin\Flags\bt.gif
c:\program files\Garena\Skin\Flags\bv.gif
c:\program files\Garena\Skin\Flags\bw.gif
c:\program files\Garena\Skin\Flags\by.gif
c:\program files\Garena\Skin\Flags\bz.gif
c:\program files\Garena\Skin\Flags\ca.gif
c:\program files\Garena\Skin\Flags\cd.gif
c:\program files\Garena\Skin\Flags\cf.gif
c:\program files\Garena\Skin\Flags\cg.gif
c:\program files\Garena\Skin\Flags\ch.gif
c:\program files\Garena\Skin\Flags\ci.gif
c:\program files\Garena\Skin\Flags\ck.gif
c:\program files\Garena\Skin\Flags\cl.gif
c:\program files\Garena\Skin\Flags\cm.gif
c:\program files\Garena\Skin\Flags\cn.gif
c:\program files\Garena\Skin\Flags\co.gif
c:\program files\Garena\Skin\Flags\cr.gif
c:\program files\Garena\Skin\Flags\cu.gif
c:\program files\Garena\Skin\Flags\cv.gif
c:\program files\Garena\Skin\Flags\cy.gif
c:\program files\Garena\Skin\Flags\cz.gif
c:\program files\Garena\Skin\Flags\de.gif
c:\program files\Garena\Skin\Flags\dj.gif
c:\program files\Garena\Skin\Flags\dk.gif
c:\program files\Garena\Skin\Flags\dm.gif
c:\program files\Garena\Skin\Flags\do.gif
c:\program files\Garena\Skin\Flags\dz.gif
c:\program files\Garena\Skin\Flags\ec.gif
c:\program files\Garena\Skin\Flags\ee.gif
c:\program files\Garena\Skin\Flags\eg.gif
c:\program files\Garena\Skin\Flags\er.gif
c:\program files\Garena\Skin\Flags\es.gif
c:\program files\Garena\Skin\Flags\et.gif
c:\program files\Garena\Skin\Flags\eu.gif
c:\program files\Garena\Skin\Flags\fi.gif
c:\program files\Garena\Skin\Flags\fj.gif
c:\program files\Garena\Skin\Flags\fk.gif
c:\program files\Garena\Skin\Flags\fm.gif
c:\program files\Garena\Skin\Flags\fo.gif
c:\program files\Garena\Skin\Flags\fr.gif
c:\program files\Garena\Skin\Flags\fx.gif
c:\program files\Garena\Skin\Flags\ga.gif
c:\program files\Garena\Skin\Flags\gb.gif
c:\program files\Garena\Skin\Flags\gd.gif
c:\program files\Garena\Skin\Flags\ge.gif
c:\program files\Garena\Skin\Flags\gh.gif
c:\program files\Garena\Skin\Flags\gi.gif
c:\program files\Garena\Skin\Flags\gl.gif
c:\program files\Garena\Skin\Flags\gm.gif
c:\program files\Garena\Skin\Flags\gn.gif
c:\program files\Garena\Skin\Flags\gp.gif
c:\program files\Garena\Skin\Flags\gq.gif
c:\program files\Garena\Skin\Flags\gr.gif
c:\program files\Garena\Skin\Flags\gt.gif
c:\program files\Garena\Skin\Flags\gu.gif
c:\program files\Garena\Skin\Flags\gw.gif
c:\program files\Garena\Skin\Flags\gy.gif
c:\program files\Garena\Skin\Flags\hk.gif
c:\program files\Garena\Skin\Flags\hm.gif
c:\program files\Garena\Skin\Flags\hn.gif
c:\program files\Garena\Skin\Flags\hr.gif
c:\program files\Garena\Skin\Flags\ht.gif
c:\program files\Garena\Skin\Flags\hu.gif
c:\program files\Garena\Skin\Flags\id.gif
c:\program files\Garena\Skin\Flags\ie.gif
c:\program files\Garena\Skin\Flags\il.gif
c:\program files\Garena\Skin\Flags\im.gif
c:\program files\Garena\Skin\Flags\in.gif
c:\program files\Garena\Skin\Flags\io.gif
c:\program files\Garena\Skin\Flags\iq.gif
c:\program files\Garena\Skin\Flags\ir.gif
c:\program files\Garena\Skin\Flags\is.gif
c:\program files\Garena\Skin\Flags\it.gif
c:\program files\Garena\Skin\Flags\je.gif
c:\program files\Garena\Skin\Flags\jm.gif
c:\program files\Garena\Skin\Flags\jo.gif
c:\program files\Garena\Skin\Flags\jp.gif
c:\program files\Garena\Skin\Flags\ke.gif
c:\program files\Garena\Skin\Flags\kg.gif
c:\program files\Garena\Skin\Flags\kh.gif
c:\program files\Garena\Skin\Flags\ki.gif
c:\program files\Garena\Skin\Flags\km.gif
c:\program files\Garena\Skin\Flags\kn.gif
c:\program files\Garena\Skin\Flags\kp.gif
c:\program files\Garena\Skin\Flags\kr.gif
c:\program files\Garena\Skin\Flags\kw.gif
c:\program files\Garena\Skin\Flags\ky.gif
c:\program files\Garena\Skin\Flags\kz.gif
c:\program files\Garena\Skin\Flags\la.gif
c:\program files\Garena\Skin\Flags\lb.gif
c:\program files\Garena\Skin\Flags\lc.gif
c:\program files\Garena\Skin\Flags\li.gif
c:\program files\Garena\Skin\Flags\lk.gif
c:\program files\Garena\Skin\Flags\lr.gif
c:\program files\Garena\Skin\Flags\ls.gif
c:\program files\Garena\Skin\Flags\lt.gif
c:\program files\Garena\Skin\Flags\lu.gif
c:\program files\Garena\Skin\Flags\lv.gif
c:\program files\Garena\Skin\Flags\ly.gif
c:\program files\Garena\Skin\Flags\ma.gif
c:\program files\Garena\Skin\Flags\mc.gif
c:\program files\Garena\Skin\Flags\md.gif
c:\program files\Garena\Skin\Flags\me.gif
c:\program files\Garena\Skin\Flags\mg.gif
c:\program files\Garena\Skin\Flags\mh.gif
c:\program files\Garena\Skin\Flags\mk.gif
c:\program files\Garena\Skin\Flags\ml.gif
c:\program files\Garena\Skin\Flags\mm.gif
c:\program files\Garena\Skin\Flags\mn.gif
c:\program files\Garena\Skin\Flags\mo.gif
c:\program files\Garena\Skin\Flags\mp.gif
c:\program files\Garena\Skin\Flags\mq.gif
c:\program files\Garena\Skin\Flags\mr.gif
c:\program files\Garena\Skin\Flags\ms.gif
c:\program files\Garena\Skin\Flags\mt.gif
c:\program files\Garena\Skin\Flags\mu.gif
c:\program files\Garena\Skin\Flags\mv.gif
c:\program files\Garena\Skin\Flags\mw.gif
c:\program files\Garena\Skin\Flags\mx.gif
c:\program files\Garena\Skin\Flags\my.gif
c:\program files\Garena\Skin\Flags\mz.gif
c:\program files\Garena\Skin\Flags\na.gif
c:\program files\Garena\Skin\Flags\nc.gif
c:\program files\Garena\Skin\Flags\ne.gif
c:\program files\Garena\Skin\Flags\nf.gif
c:\program files\Garena\Skin\Flags\ng.gif
c:\program files\Garena\Skin\Flags\ni.gif
c:\program files\Garena\Skin\Flags\nl.gif
c:\program files\Garena\Skin\Flags\no.gif
c:\program files\Garena\Skin\Flags\np.gif
c:\program files\Garena\Skin\Flags\nr.gif
c:\program files\Garena\Skin\Flags\nz.gif
c:\program files\Garena\Skin\Flags\om.gif
c:\program files\Garena\Skin\Flags\pa.gif
c:\program files\Garena\Skin\Flags\pe.gif
c:\program files\Garena\Skin\Flags\pf.gif
c:\program files\Garena\Skin\Flags\pg.gif
c:\program files\Garena\Skin\Flags\ph.gif
c:\program files\Garena\Skin\Flags\pk.gif
c:\program files\Garena\Skin\Flags\pl.gif
c:\program files\Garena\Skin\Flags\pm.gif
c:\program files\Garena\Skin\Flags\pr.gif
c:\program files\Garena\Skin\Flags\ps.gif
c:\program files\Garena\Skin\Flags\pt.gif
c:\program files\Garena\Skin\Flags\pw.gif
c:\program files\Garena\Skin\Flags\py.gif
c:\program files\Garena\Skin\Flags\qa.gif
c:\program files\Garena\Skin\Flags\re.gif
c:\program files\Garena\Skin\Flags\ro.gif
c:\program files\Garena\Skin\Flags\rs.gif
c:\program files\Garena\Skin\Flags\ru.gif
c:\program files\Garena\Skin\Flags\rw.gif
c:\program files\Garena\Skin\Flags\sa.gif
c:\program files\Garena\Skin\Flags\sb.gif
c:\program files\Garena\Skin\Flags\sc.gif
c:\program files\Garena\Skin\Flags\sd.gif
c:\program files\Garena\Skin\Flags\se.gif
c:\program files\Garena\Skin\Flags\sg.gif
c:\program files\Garena\Skin\Flags\si.gif
c:\program files\Garena\Skin\Flags\sk.gif
c:\program files\Garena\Skin\Flags\sl.gif
c:\program files\Garena\Skin\Flags\sm.gif
c:\program files\Garena\Skin\Flags\sn.gif
c:\program files\Garena\Skin\Flags\so.gif
c:\program files\Garena\Skin\Flags\sr.gif
c:\program files\Garena\Skin\Flags\st.gif
c:\program files\Garena\Skin\Flags\sv.gif
c:\program files\Garena\Skin\Flags\sy.gif
c:\program files\Garena\Skin\Flags\sz.gif
c:\program files\Garena\Skin\Flags\tc.gif
c:\program files\Garena\Skin\Flags\td.gif
c:\program files\Garena\Skin\Flags\tf.gif
c:\program files\Garena\Skin\Flags\tg.gif
c:\program files\Garena\Skin\Flags\th.gif
c:\program files\Garena\Skin\Flags\tj.gif
c:\program files\Garena\Skin\Flags\tm.gif
c:\program files\Garena\Skin\Flags\tn.gif
c:\program files\Garena\Skin\Flags\to.gif
c:\program files\Garena\Skin\Flags\tp.gif
c:\program files\Garena\Skin\Flags\tr.gif
c:\program files\Garena\Skin\Flags\tt.gif
c:\program files\Garena\Skin\Flags\tv.gif
c:\program files\Garena\Skin\Flags\tw.gif
c:\program files\Garena\Skin\Flags\tz.gif
c:\program files\Garena\Skin\Flags\ua.gif
c:\program files\Garena\Skin\Flags\ug.gif
c:\program files\Garena\Skin\Flags\uk.gif
c:\program files\Garena\Skin\Flags\um.gif
c:\program files\Garena\Skin\Flags\us.gif
c:\program files\Garena\Skin\Flags\uy.gif
c:\program files\Garena\Skin\Flags\uz.gif
c:\program files\Garena\Skin\Flags\va.gif
c:\program files\Garena\Skin\Flags\vc.gif
c:\program files\Garena\Skin\Flags\ve.gif
c:\program files\Garena\Skin\Flags\vg.gif
c:\program files\Garena\Skin\Flags\vi.gif
c:\program files\Garena\Skin\Flags\vn.gif
c:\program files\Garena\Skin\Flags\vu.gif
c:\program files\Garena\Skin\Flags\ws.gif
c:\program files\Garena\Skin\Flags\ye.gif
c:\program files\Garena\Skin\Flags\yu.gif
c:\program files\Garena\Skin\Flags\za.gif
c:\program files\Garena\Skin\Flags\zm.gif
c:\program files\Garena\Skin\Flags\zr.gif
c:\program files\Garena\Skin\Flags\zw.gif
c:\program files\Garena\Skin\Skin.ggz
c:\program files\Garena\Skins.xml
c:\program files\Garena\SocketHook.dll
c:\program files\Garena\sound\folder.wav
c:\program files\Garena\sound\game.wav
c:\program files\Garena\sound\msg.wav
c:\program files\Garena\sound\nudge.wav
c:\program files\Garena\sound\quit.wav
c:\program files\Garena\sound\ring.wav
c:\program files\Garena\sound\sysmsg.wav
c:\program files\Garena\source.xml
c:\program files\Garena\sqlite3.dll
c:\program files\Garena\update.exe
c:\program files\Garena\update.xml
c:\program files\Garena\user.xml
c:\program files\Garena\user\12273436\ban.dat
c:\program files\Garena\user\12273436\data.dat
c:\program files\Garena\user\12273436\fps.dat
c:\program files\Garena\user\12273436\recent.txt
c:\program files\Garena\user\12273436\system.xml
c:\program files\Garena\user\12484328\ban.dat
c:\program files\Garena\user\12484328\data.dat
c:\program files\Garena\user\12484328\fps.dat
c:\program files\Garena\user\12484328\recent.txt
c:\program files\Garena\viwawa.cn.xml
c:\program files\Garena\viwawa.en.xml
c:\program files\Garena\viwawa.tw.xml
c:\program files\Garena\War3Hook.dll
c:\program files\Garena\web\1.cn.html
c:\program files\Garena\web\1.en.html
c:\program files\Garena\web\1.tw.html
c:\program files\Garena\web\2.cn.html
c:\program files\Garena\web\2.en.html
c:\program files\Garena\web\2.tw.html
c:\program files\Garena\web\3.cn.html
c:\program files\Garena\web\3.en.html
c:\program files\Garena\web\3.tw.html
c:\program files\Garena\web\6.cn.html
c:\program files\Garena\web\6.en.html
c:\program files\Garena\web\6.tw.html
c:\program files\Garena\web\embed_game.jpg
c:\program files\Garena\web\embed_game_cn.jpg
c:\program files\Garena\web\embed_game_tw.jpg
c:\program files\Garena\web\embed_garenafire_ZH.jpg
c:\program files\Garena\web\embed_gfire.jpg
c:\program files\Garena\web\gfire.cn.html
c:\program files\Garena\web\gfire.en.html
c:\program files\Garena\web\gfire.tw.html
c:\program files\Garena\web\ggbackground.jpg
c:\program files\Garena\YYFileSystem.dll
c:\program files\jimpft
c:\program files\tvsxua

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
-------\Legacy_ehdrv
-------\Service_ehdrv


((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-18 20:31 . 2009-10-18 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 19:55 . 2009-10-17 19:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-15 23:04 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 23:04 . 2009-10-15 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-15 23:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-15 23:04 . 2009-10-15 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 00:35 . 2009-10-03 00:35 159580 ----a-w- c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2009-10-03 00:20 . 2009-10-03 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-02 22:34 . 2009-10-02 23:14 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 23:13 . 2009-02-06 21:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 23:13 . 2009-02-06 21:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 01:52 . 2009-09-26 01:52 -------- d-----w- c:\program files\Ventrilo
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-04-08 15:28 70910 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-25 23:04 70910 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-25 23:04 438824 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-04-08 15:28 438824 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"53:TCP"= 53:TCP:websrvx

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 1:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 1:23 PM 727720]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [9/30/2006 10:37 PM 26624]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [5/17/2009 11:23 AM 386688]
S2 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\ZOUND_~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\ZOUND_~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-27 15:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-573735546-839522115-1007\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Documents and Settings\Pajela`\My Documents\ * * \ *J*A*C*O*B* * \ *S*T*U*F*F* * \GSC\plugins\imageformats]
"qgif4.dll"=multi:"2007-12-04T14:47\00gif\00\00"
"qjpeg4.dll"=multi:"2007-12-04T14:47\00jpeg\00jpg\00\00"
"qmng4.dll"=multi:"2007-12-04T14:48\00mng\00\00"
"qsvg4.dll"=multi:"2007-12-04T14:48\00svg\00\00"
"qtiff4.dll"=multi:"2007-12-04T14:48\00tiff\00tif\00\00"

[HKEY_USERS\S-1-5-21-343818398-573735546-839522115-1007\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\c:\documents and settings\Pajela`\My Documents\ * * \ *J*A*C*O*B* * \ *S*T*U*F*F* * \GSC\plugins\imageformats]
"qgif4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:47\00\00"
"qjpeg4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:47\00\00"
"qmng4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
"qsvg4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
"qtiff4.dll"=multi:"40303\000\00Windows msvc release full-config\002007-12-04T14:48\00\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5488)
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\windows\system32\wscntfy.exe
c:\commy\CF7925.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-27 15:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-27 23:40
ComboFix2.txt 2009-10-24 21:38

Pre-Run: 378,927,312,896 bytes free
Post-Run: 378,851,680,256 bytes free

- - End Of File - - 08E95140BCFBBF734BD8BD77D309C701

COOLSTATIC05
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : XP
Points Points : 26058
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by Belahzur on 28th October 2009, 1:34 am

Hello.
So you play Darkorbit too? noticed it was your homepage. Big Grin

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    proquota.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Need help with Antivirus System PRO.

Post by COOLSTATIC05 on 8th November 2009, 6:23 pm

Well, I think i don't have the problem anymore. It didnt appear since the last time so i think its cool. And yeah I play Darkorbit. Thanks for the help anyways^^

COOLSTATIC05
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-10-22
OS OS : XP
Points Points : 26058
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum