Removing DR

View previous topic View next topic Go down

Removing DR

Post by YuYin93 on 22nd December 2009, 1:33 pm

I've went to this forum(http://www.geekpolice.net/virus-spyware-malware-removal-f11/how-to-remove-this-virus-trojan-dr-delphigen-dropper-t16731.htm?sid=d9f4820295e72f4bddc4fbbb8efe204e
), and I followed the steps as my PC was affected with the DR/Delphi.gen dropper and avira kept on coming out with the anoying pop outs..
This is the log file of the ComboFix file I ran.. I just wanna confirm whether my problem is solved or not or do I need to install anymore softwares in order to re-secure my computer? I already have the following programs:

Avira Free
SUPERAntiSpyware
Malwarebytes' Anti-Malware

Is it sufficient, if the problem is solved or not? Thank you very much for your help..


ComboFix 09-12-21.04 - YuYiN 12/22/2009 21:11:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.659 [GMT 8:00]
Running from: g:\downloads\software\commy.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\YuYiN\Application Data\BITS
c:\documents and settings\YuYiN\Application Data\BITS\BITS.ini
c:\documents and settings\YuYiN\Application Data\BITS\DHTTable.dat
c:\documents and settings\YuYiN\Application Data\BITS\pl.dat
c:\documents and settings\YuYiN\Application Data\BITS\ProxyList.ini
c:\documents and settings\YuYiN\Application Data\BITS\UPnP.ini
c:\documents and settings\YuYiN\Application Data\FlashGetBHO
c:\documents and settings\YuYiN\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\key_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\load_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\nodes.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\preferencesKad.dat
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\src_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_-50-50-20k_.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43253355.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4325355.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_jiushizheyang.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_JuRen.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-6.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1261454483.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\down.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\new_rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\preview.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg1
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft_zhan.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_red3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\css\lightbox.css
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\[You must be registered and logged in to see this link.]
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\builder.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\effects.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\lightbox.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\prototype.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\scriptaculous.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\id3lib.dll
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk_long.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\unrar.dll
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\recycler\S-1-5-21-3365462909-4009163314-397236783-7846
c:\recycler\S-1-5-21-3881012046-9957081239-605021086-6231
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\secustat.dat
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_synsend


((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 12:39 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\YuYiN\Application Data\Simply Super Software\Trojan Remover\foo2.exe
2009-12-22 12:36 . 2009-12-22 12:27 16437 ----a-w- c:\windows\system32\drivers\str.sys.vir
2009-12-22 12:33 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-22 12:33 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-22 12:33 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-22 12:33 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-22 12:33 . 2002-03-05 16:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\program files\Trojan Remover
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Simply Super Software
2009-12-22 12:27 . 2009-12-22 12:27 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2009-12-22 12:26 . 2009-12-22 12:26 73856 ----a-w- c:\windows\system32\drivers\xqgnbaxo.sys
2009-12-22 12:22 . 2009-12-22 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-12-22 12:21 . 2009-12-22 12:21 -------- d-----w- c:\program files\Crcle Developement
2009-12-21 14:56 . 2009-12-21 14:56 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Media Player Classic
2009-12-21 13:24 . 2009-12-21 13:24 270336 ----a-w- c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\ShowBaseAmok.exe
2009-12-21 13:23 . 2009-12-21 13:23 266240 ----a-w- c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\eggs book option dart.exe
2009-12-21 13:21 . 2009-12-22 13:17 724992 ----a-w- c:\documents and settings\All Users\Application Data\gram delete tick dupe\way wma.exe
2009-12-21 13:21 . 2009-12-21 13:21 724992 ----a-w- c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\mlzyelsn.exe
2009-12-21 13:21 . 2009-12-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\gram delete tick dupe
2009-12-21 13:16 . 2009-12-21 13:16 -------- d-----w- c:\program files\LOG EXTRA BIB
2009-12-21 07:13 . 2009-12-22 13:17 52224 ----a-w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-21 07:01 . 2009-12-21 07:01 -------- d-----w- c:\documents and settings\YuYiN\Local Settings\Application Data\Real
2009-12-21 07:00 . 2009-12-22 13:03 2356 ----a-w- c:\windows\system32\secushr.dat
2009-12-21 06:57 . 2009-04-09 07:03 57407 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2009-12-20 14:27 . 2009-12-16 06:42 872960 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-20 14:27 . 2009-12-16 06:42 43008 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-20 14:27 . 2009-12-16 06:42 340480 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-20 14:27 . 2009-12-16 06:41 346624 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-20 13:39 . 2006-05-24 05:36 110592 ----a-w- c:\documents and settings\YuYiN\Application Data\U3\temp\cleanup.exe
2009-12-20 13:33 . 2009-12-20 13:39 -------- d-----w- c:\documents and settings\YuYiN\Application Data\U3
2009-12-16 13:46 . 2009-12-16 13:46 152576 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 13:46 . 2009-12-16 13:46 79488 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 13:55 . 2009-12-21 07:13 117760 ----a-w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-15 12:54 . 2009-12-22 12:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Malwarebytes
2009-12-13 12:54 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-13 12:54 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 11:56 . 2009-12-13 11:56 169336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-13 11:56 . 2009-12-13 11:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 11:56 . 2009-12-13 11:56 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 11:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 11:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-13 11:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-13 11:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-13 11:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-13 11:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-13 11:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-13 11:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-13 11:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-13 11:51 . 2009-12-13 11:51 -------- d-----w- c:\program files\MSXML 6.0
2009-12-12 15:39 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-09 06:49 . 2009-12-09 06:51 -------- d-----w- c:\program files\Graph
2009-12-09 06:45 . 2009-12-09 06:45 -------- d-----w- c:\program files\TEBER
2009-12-09 06:44 . 1999-03-23 01:12 299520 ----a-w- c:\windows\uninst.exe
2009-12-09 06:44 . 2009-12-09 06:44 -------- d-----w- c:\documents and settings\YuYiN\WINDOWS
2009-12-03 14:07 . 2004-08-03 15:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-03 14:07 . 2004-08-03 15:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-03 14:07 . 2008-03-21 05:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-03 14:07 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-03 14:06 . 2009-12-03 14:07 -------- d-----w- c:\documents and settings\YuYiN\Application Data\PC Suite
2009-12-03 14:06 . 2009-12-03 14:07 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Nokia
2009-12-03 14:06 . 2009-12-03 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-03 14:04 . 2009-11-14 01:02 34428780 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-12-03 14:04 . 2009-12-03 14:04 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-03 14:04 . 2009-12-03 14:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-03 14:04 . 2009-12-03 14:04 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-03 14:04 . 2009-12-03 14:04 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-27 04:35 . 2009-11-27 04:35 286720 ------w- c:\windows\Setup1.exe
2009-11-27 04:35 . 2009-11-27 04:35 73216 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 12:27 . 2009-10-25 13:31 -------- d-----w- c:\program files\Garena
2009-12-22 12:21 . 2009-10-25 03:46 -------- d-----w- c:\program files\Messenger Plus! Live
2009-12-21 13:24 . 2009-10-25 13:38 -------- d-----w- c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB
2009-12-21 13:16 . 2009-10-25 13:38 524288 ----a-w- c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\Admin Aim.exe
2009-12-21 07:50 . 2009-11-06 11:42 -------- d-----w- c:\documents and settings\YuYiN\Application Data\ZoomBrowser EX
2009-12-21 07:01 . 2009-10-24 15:43 -------- d-----w- c:\program files\Real Alternative
2009-12-21 06:57 . 2009-10-25 03:05 -------- d-----w- c:\program files\FlashGet
2009-12-21 06:16 . 2009-11-06 11:41 -------- d-----w- c:\documents and settings\YuYiN\Application Data\CameraWindowDC
2009-12-20 16:01 . 2004-08-04 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-20 05:06 . 2009-10-30 12:22 -------- d-----w- c:\program files\PPStream
2009-12-16 13:47 . 2009-11-18 13:09 -------- d-----w- c:\program files\Java
2009-12-15 12:22 . 2009-10-29 08:45 -------- d-----w- c:\documents and settings\YuYiN\Application Data\AIMP
2009-12-13 12:07 . 2009-10-24 15:38 75704 ----a-w- c:\documents and settings\YuYiN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 11:56 . 2009-10-25 04:16 -------- d-----w- c:\program files\MSBuild
2009-12-07 13:47 . 2009-10-25 03:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 16:03 . 2009-10-29 16:02 -------- d-----w- c:\documents and settings\YuYiN\Application Data\PPStream
2009-12-03 14:07 . 2009-12-03 14:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-03 14:07 . 2009-12-03 14:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-03 14:05 . 2009-12-03 14:04 -------- d-----w- c:\program files\DIFX
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-03 14:05 . 2009-12-03 14:04 -------- d-----w- c:\program files\Nokia
2009-12-03 14:04 . 2009-12-03 14:04 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-03 14:04 . 2009-10-24 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-20 04:00 . 2009-10-27 12:46 -------- d-----w- c:\program files\GRETECH
2009-11-19 04:17 . 2009-10-29 08:50 -------- d-----w- c:\program files\Ask.com
2009-11-18 13:08 . 2009-11-18 13:08 152576 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-11-15 03:49 . 2009-11-15 03:48 -------- d-----w- c:\documents and settings\YuYiN\Application Data\GetRightToGo
2009-11-15 03:49 . 2009-11-15 03:45 -------- d-----w- c:\program files\DVD Clone Studio
2009-11-06 11:41 . 2009-11-06 11:41 -------- d-----w- c:\documents and settings\YuYiN\Application Data\CANON INC
2009-11-05 07:02 . 2009-10-24 15:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-02 15:40 . 2009-10-29 09:00 -------- d-----w- c:\program files\MediaMonkey
2009-10-29 09:59 . 2009-10-29 09:59 -------- d-----w- c:\program files\Webteh
2009-10-29 09:12 . 2009-10-29 08:50 -------- d-----w- c:\program files\The KMPlayer
2009-10-29 09:09 . 2009-10-29 09:09 -------- d-----w- c:\program files\GNU
2009-10-29 08:45 . 2009-10-29 08:44 -------- d-----w- c:\program files\AIMP2
2009-10-28 13:39 . 2009-10-28 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-27 17:11 . 2009-10-27 17:11 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Ahead
2009-10-27 12:52 . 2009-10-27 12:51 -------- d-----w- c:\program files\Ares
2009-10-26 12:48 . 2009-10-26 12:48 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-26 12:48 . 2009-10-26 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-25 13:35 . 2009-10-24 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 04:50 . 2009-10-25 04:50 -------- d-----w- c:\program files\EASEUS
2009-10-25 04:33 . 2009-10-24 14:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-25 04:30 . 2009-10-25 04:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-25 04:17 . 2009-10-25 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-25 04:16 . 2009-10-25 04:16 -------- d-----w- c:\program files\Microsoft Works
2009-10-25 04:15 . 2009-10-25 04:15 -------- d-----w- c:\program files\Microsoft.NET
2009-10-25 04:11 . 2009-10-25 04:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-25 03:40 . 2009-10-25 03:40 -------- d-----w- c:\program files\Microsoft
2009-10-25 03:40 . 2009-10-25 03:39 -------- d-----w- c:\program files\Windows Live
2009-10-25 03:40 . 2009-10-25 03:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-25 03:24 . 2009-10-25 03:24 -------- d-----w- c:\program files\Avira
2009-10-25 03:24 . 2009-10-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-25 03:19 . 2009-10-25 03:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-25 02:57 . 2009-10-25 02:57 0 ----a-w- c:\windows\nsreg.dat
2009-10-25 01:10 . 2009-10-25 01:01 15 ----a-w- C:\SelfTests.dat
2009-10-24 15:43 . 2009-10-24 15:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-24 15:36 . 2009-10-24 15:20 -------- d-----w- c:\program files\Canon
2009-10-24 15:32 . 2009-10-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-24 15:31 . 2009-10-24 15:31 -------- d-----w- c:\program files\Common Files\Canon
2009-10-24 15:22 . 2009-10-24 15:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-24 15:19 . 2009-10-24 15:17 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-24 15:17 . 2009-10-24 15:17 -------- d-----w- c:\program files\Nero
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\Realtek Sound Manager
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\AvRack
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\Realtek AC97
2009-10-24 15:01 . 2009-10-24 15:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-24 15:01 . 2009-10-24 15:00 -------- d-----w- c:\program files\ATI Technologies
2009-10-24 14:53 . 2009-10-24 14:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-24 14:50 . 2009-10-24 14:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-10 20:17 . 2009-11-18 13:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 03:55 . 2009-12-03 14:04 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-06 03:52 . 2009-12-03 14:04 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-06 03:52 . 2009-12-03 14:04 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-06 03:52 . 2009-12-03 14:04 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-06 03:52 . 2009-12-03 14:04 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-06 03:52 . 2009-12-03 14:04 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-06 03:52 . 2009-12-03 14:04 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.

------- Sigcheck -------

[-] 2009-11-04 . EBEAB4C47642CD68D7FD23187EECA1B0 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 3BB4B08619C111C7BE8BDA07AA0DE6A2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 09:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"MEOW CITY"="c:\docume~1\YuYiN\APPLIC~1\LOGEXT~1\Admin Aim.exe" [2009-12-21 524288]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMan"="SOUNDMAN.EXE" [2006-09-14 577536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-29 707376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Tick dupe bat film"="c:\documents and settings\All Users\Application Data\gram delete tick dupe\way wma.exe" [2009-12-22 724992]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/25/2009 11:24 AM 108289]
R2 Slp1kdr;SmartLock Pro(1K);c:\windows\system32\drivers\SLP1KDR.SYS [10/25/2009 9:58 PM 6645]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/25/2009 12:50 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/25/2009 12:50 PM 3072]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp --> c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp [?]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &????(FlashGet)?? - c:\program files\FlashGet\jc_link.htm
IE: &????(FlashGet)?????? - c:\program files\FlashGet\jc_all.htm
IE: Download All By FlashGet3 - c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
AddRemove-FlashGet 3.0 Beta - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-HijackThis - c:\documents and settings\YuYiN\My Documents\Downloads\HijackThis.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-22 21:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Completion time: 2009-12-22 21:19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 13:19

Pre-Run: 45,975,683,072 bytes free
Post-Run: 45,975,142,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B8F4C40B773265E85612FACDC8DB06DA

YuYin93
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-12-22
OS OS : Windows XP
Points Points : 25501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing DR

Post by Belahzur on 22nd December 2009, 5:49 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\drivers\str.sys.vir
    c:\windows\system32\drivers\xqgnbaxo.sys

    Folder::
    c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB
    c:\documents and settings\All Users\Application Data\gram delete tick dupe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MEOW CITY"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Tick dupe bat film"=-

    Firefox::
    FF - ProfilePath - c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removing DR

Post by YuYin93 on 23rd December 2009, 11:57 am

May I know what was that for? It's just for my knowledge, please don't misunderstand, I'm not underestimating or anything, I just want to know out of my curiousness.. Thank you...

ComboFix 09-12-21.04 - YuYiN 12/23/2009 19:50:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.627 [GMT 8:00]
Running from: g:\downloads\software\commy.exe.exe
Command switches used :: g:\downloads\software\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\str.sys.vir"
"c:\windows\system32\drivers\xqgnbaxo.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\gram delete tick dupe
c:\documents and settings\All Users\Application Data\gram delete tick dupe\way wma.dat
c:\documents and settings\All Users\Application Data\gram delete tick dupe\way wma.exe
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\0
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\Admin Aim.exe
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\eggs book option dart.exe
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\mlzyelsn.exe
c:\documents and settings\YuYiN\Application Data\LOG EXTRA BIB\ShowBaseAmok.exe
c:\windows\system32\drivers\str.sys.vir
c:\windows\system32\drivers\xqgnbaxo.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 11:45 . 2009-12-23 11:49 -------- d-----w- C:\commy.exe
2009-12-22 15:56 . 2009-12-11 10:05 3613560 ----a-w- c:\documents and settings\YuYiN\Application Data\Simply Super Software\Trojan Remover\xvk1.exe
2009-12-22 14:06 . 2009-12-22 14:06 -------- d-----w- c:\program files\Trend Micro
2009-12-22 12:33 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-22 12:33 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-22 12:33 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-22 12:33 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-22 12:33 . 2002-03-05 16:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-22 12:33 . 2009-12-22 15:08 -------- d-----w- c:\program files\Trojan Remover
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-22 12:33 . 2009-12-22 12:33 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Simply Super Software
2009-12-22 12:27 . 2009-12-22 12:27 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AskToolbar
2009-12-22 12:21 . 2009-12-22 12:21 -------- d-----w- c:\program files\Crcle Developement
2009-12-21 14:56 . 2009-12-21 14:56 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Media Player Classic
2009-12-21 13:16 . 2009-12-21 13:16 -------- d-----w- c:\program files\LOG EXTRA BIB
2009-12-21 07:13 . 2009-12-23 11:25 52224 ----a-w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-21 07:01 . 2009-12-21 07:01 -------- d-----w- c:\documents and settings\YuYiN\Local Settings\Application Data\Real
2009-12-21 07:00 . 2009-12-22 13:03 2356 ----a-w- c:\windows\system32\secushr.dat
2009-12-21 06:57 . 2009-04-09 07:03 57407 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
2009-12-20 14:27 . 2009-12-16 06:42 872960 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-20 14:27 . 2009-12-16 06:42 43008 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-20 14:27 . 2009-12-16 06:42 340480 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-20 14:27 . 2009-12-16 06:41 346624 ----a-w- c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-20 13:39 . 2006-05-24 05:36 110592 ----a-w- c:\documents and settings\YuYiN\Application Data\U3\temp\cleanup.exe
2009-12-20 13:33 . 2009-12-20 13:39 -------- d-----w- c:\documents and settings\YuYiN\Application Data\U3
2009-12-16 13:46 . 2009-12-16 13:46 152576 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 13:46 . 2009-12-16 13:46 79488 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 13:55 . 2009-12-21 07:13 117760 ----a-w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\documents and settings\YuYiN\Application Data\SUPERAntiSpyware.com
2009-12-15 13:36 . 2009-12-15 13:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-15 12:54 . 2009-12-22 15:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Malwarebytes
2009-12-13 12:54 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-13 12:54 . 2009-12-13 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-13 12:54 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 11:56 . 2009-12-13 11:56 169336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-13 11:56 . 2009-12-13 11:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-13 11:56 . 2009-12-13 11:56 -------- d-----w- c:\program files\Reference Assemblies
2009-12-13 11:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-13 11:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-13 11:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-13 11:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-13 11:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-13 11:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-13 11:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-13 11:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-13 11:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-13 11:51 . 2009-12-13 11:51 -------- d-----w- c:\program files\MSXML 6.0
2009-12-12 15:39 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-09 06:49 . 2009-12-09 06:51 -------- d-----w- c:\program files\Graph
2009-12-09 06:45 . 2009-12-09 06:45 -------- d-----w- c:\program files\TEBER
2009-12-09 06:44 . 1999-03-23 01:12 299520 ----a-w- c:\windows\uninst.exe
2009-12-09 06:44 . 2009-12-09 06:44 -------- d-----w- c:\documents and settings\YuYiN\WINDOWS
2009-12-03 14:07 . 2004-08-03 15:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-03 14:07 . 2004-08-03 15:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-03 14:07 . 2008-03-21 05:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-03 14:07 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-03 14:06 . 2009-12-03 14:07 -------- d-----w- c:\documents and settings\YuYiN\Application Data\PC Suite
2009-12-03 14:06 . 2009-12-03 14:07 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Nokia
2009-12-03 14:06 . 2009-12-03 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-03 14:04 . 2009-11-14 01:02 34428780 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-12-03 14:04 . 2009-12-03 14:04 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-03 14:04 . 2009-12-03 14:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-03 14:04 . 2009-12-03 14:04 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-03 14:04 . 2009-12-03 14:04 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-27 04:35 . 2009-11-27 04:35 286720 ------w- c:\windows\Setup1.exe
2009-11-27 04:35 . 2009-11-27 04:35 73216 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 14:55 . 2009-10-25 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-22 12:27 . 2009-10-25 13:31 -------- d-----w- c:\program files\Garena
2009-12-21 07:50 . 2009-11-06 11:42 -------- d-----w- c:\documents and settings\YuYiN\Application Data\ZoomBrowser EX
2009-12-21 07:01 . 2009-10-24 15:43 -------- d-----w- c:\program files\Real Alternative
2009-12-21 06:57 . 2009-10-25 03:05 -------- d-----w- c:\program files\FlashGet
2009-12-21 06:16 . 2009-11-06 11:41 -------- d-----w- c:\documents and settings\YuYiN\Application Data\CameraWindowDC
2009-12-20 16:01 . 2004-08-04 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-20 05:06 . 2009-10-30 12:22 -------- d-----w- c:\program files\PPStream
2009-12-16 13:47 . 2009-11-18 13:09 -------- d-----w- c:\program files\Java
2009-12-15 12:22 . 2009-10-29 08:45 -------- d-----w- c:\documents and settings\YuYiN\Application Data\AIMP
2009-12-13 12:07 . 2009-10-24 15:38 75704 ----a-w- c:\documents and settings\YuYiN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-13 11:56 . 2009-10-25 04:16 -------- d-----w- c:\program files\MSBuild
2009-12-07 13:47 . 2009-10-25 03:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 16:03 . 2009-10-29 16:02 -------- d-----w- c:\documents and settings\YuYiN\Application Data\PPStream
2009-12-03 14:07 . 2009-12-03 14:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-03 14:07 . 2009-12-03 14:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-03 14:05 . 2009-12-03 14:04 -------- d-----w- c:\program files\DIFX
2009-12-03 14:05 . 2009-12-03 14:05 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-03 14:05 . 2009-12-03 14:04 -------- d-----w- c:\program files\Nokia
2009-12-03 14:04 . 2009-12-03 14:04 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-03 14:04 . 2009-10-24 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-20 04:00 . 2009-10-27 12:46 -------- d-----w- c:\program files\GRETECH
2009-11-19 04:17 . 2009-10-29 08:50 -------- d-----w- c:\program files\Ask.com
2009-11-18 13:08 . 2009-11-18 13:08 152576 ----a-w- c:\documents and settings\YuYiN\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-11-15 03:49 . 2009-11-15 03:48 -------- d-----w- c:\documents and settings\YuYiN\Application Data\GetRightToGo
2009-11-15 03:49 . 2009-11-15 03:45 -------- d-----w- c:\program files\DVD Clone Studio
2009-11-06 11:41 . 2009-11-06 11:41 -------- d-----w- c:\documents and settings\YuYiN\Application Data\CANON INC
2009-11-05 07:02 . 2009-10-24 15:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-02 15:40 . 2009-10-29 09:00 -------- d-----w- c:\program files\MediaMonkey
2009-10-29 09:59 . 2009-10-29 09:59 -------- d-----w- c:\program files\Webteh
2009-10-29 09:12 . 2009-10-29 08:50 -------- d-----w- c:\program files\The KMPlayer
2009-10-29 09:09 . 2009-10-29 09:09 -------- d-----w- c:\program files\GNU
2009-10-29 08:45 . 2009-10-29 08:44 -------- d-----w- c:\program files\AIMP2
2009-10-28 13:39 . 2009-10-28 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-27 17:11 . 2009-10-27 17:11 -------- d-----w- c:\documents and settings\YuYiN\Application Data\Ahead
2009-10-27 12:52 . 2009-10-27 12:51 -------- d-----w- c:\program files\Ares
2009-10-26 12:48 . 2009-10-26 12:48 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-26 12:48 . 2009-10-26 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-25 13:35 . 2009-10-24 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 04:50 . 2009-10-25 04:50 -------- d-----w- c:\program files\EASEUS
2009-10-25 04:33 . 2009-10-24 14:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-25 04:30 . 2009-10-25 04:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-10-25 04:16 . 2009-10-25 04:16 -------- d-----w- c:\program files\Microsoft Works
2009-10-25 04:15 . 2009-10-25 04:15 -------- d-----w- c:\program files\Microsoft.NET
2009-10-25 04:11 . 2009-10-25 04:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-25 03:40 . 2009-10-25 03:40 -------- d-----w- c:\program files\Microsoft
2009-10-25 03:40 . 2009-10-25 03:39 -------- d-----w- c:\program files\Windows Live
2009-10-25 03:40 . 2009-10-25 03:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-25 03:24 . 2009-10-25 03:24 -------- d-----w- c:\program files\Avira
2009-10-25 03:24 . 2009-10-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-25 03:19 . 2009-10-25 03:19 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-25 02:57 . 2009-10-25 02:57 0 ----a-w- c:\windows\nsreg.dat
2009-10-25 01:10 . 2009-10-25 01:01 15 ----a-w- C:\SelfTests.dat
2009-10-24 15:43 . 2009-10-24 15:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-24 15:36 . 2009-10-24 15:20 -------- d-----w- c:\program files\Canon
2009-10-24 15:32 . 2009-10-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-24 15:31 . 2009-10-24 15:31 -------- d-----w- c:\program files\Common Files\Canon
2009-10-24 15:22 . 2009-10-24 15:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-24 15:19 . 2009-10-24 15:17 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-24 15:17 . 2009-10-24 15:17 -------- d-----w- c:\program files\Nero
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\Realtek Sound Manager
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\AvRack
2009-10-24 15:02 . 2009-10-24 15:02 -------- d-----w- c:\program files\Realtek AC97
2009-10-24 15:01 . 2009-10-24 15:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-24 15:01 . 2009-10-24 15:00 -------- d-----w- c:\program files\ATI Technologies
2009-10-24 14:53 . 2009-10-24 14:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-24 14:50 . 2009-10-24 14:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-10 20:17 . 2009-11-18 13:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 03:55 . 2009-12-03 14:04 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-06 03:52 . 2009-12-03 14:04 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-06 03:52 . 2009-12-03 14:04 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-06 03:52 . 2009-12-03 14:04 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-06 03:52 . 2009-12-03 14:04 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-06 03:52 . 2009-12-03 14:04 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-06 03:52 . 2009-12-03 14:04 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.

------- Sigcheck -------

[-] 2009-11-04 . EBEAB4C47642CD68D7FD23187EECA1B0 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\backup\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 . 3BB4B08619C111C7BE8BDA07AA0DE6A2 . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-23 11:25 . 2009-12-23 11:25 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 09:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMan"="SOUNDMAN.EXE" [2006-09-14 577536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-29 707376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 06:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/25/2009 11:24 AM 108289]
R2 Slp1kdr;SmartLock Pro(1K);c:\windows\system32\drivers\SLP1KDR.SYS [10/25/2009 9:58 PM 6645]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/25/2009 12:50 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/25/2009 12:50 PM 3072]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp --> c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp [?]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &????(FlashGet)?? - c:\program files\FlashGet\jc_link.htm
IE: &????(FlashGet)?????? - c:\program files\FlashGet\jc_all.htm
IE: Download All By FlashGet3 - c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\YuYiN\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\YuYiN\Application Data\Mozilla\Firefox\Profiles\yreq18e3.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-23 19:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\YuYiN\LOCALS~1\Temp\ZCD8.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-23 19:53:54
ComboFix-quarantined-files.txt 2009-12-23 11:53
ComboFix2.txt 2009-12-22 13:19

Pre-Run: 45,909,852,160 bytes free
Post-Run: 45,884,497,920 bytes free

- - End Of File - - 26F8108ECF41144B2C0CDDADC1DC474E

YuYin93
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-12-22
OS OS : Windows XP
Points Points : 25501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing DR

Post by Belahzur on 23rd December 2009, 7:03 pm

Download [You must be registered and logged in to see this link.]

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removing DR

Post by YuYin93 on 24th December 2009, 6:30 am

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : YuYiN ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:53 Go (Free:42 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:38 Go (Free:32 Go)
G:\ (Local Disk) - NTFS - Total:179 Go (Free:121 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Thu 12/24/2009|14:26 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\YuYiN\Cookies\yuyin@advertising[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[11/01/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe
[10/25/2009|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Avira
[10/24/2009|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ CanonBJ
[10/25/2009|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Google
[12/03/2009|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Installations
[12/13/2009|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes
[10/28/2009|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ McAfee
[10/26/2009|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ McAfee Security Scan
[11/18/2009|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft
[12/22/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft Help
[12/03/2009|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ PC Suite
[12/21/2009|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Real
[12/22/2009|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Simply Super Software
[12/15/2009|09:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SUPERAntiSpyware.com
[12/22/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TEMP
[10/24/2009|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ ZoomBrowser

[10/24/2009|10:53] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft

[10/24/2009|10:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft

[10/24/2009|10:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft

[11/01/2009|09:47] C:\DOCUME~1\YuYiN\APPLIC~1\ Adobe
[10/28/2009|01:11] C:\DOCUME~1\YuYiN\APPLIC~1\ Ahead
[12/15/2009|08:22] C:\DOCUME~1\YuYiN\APPLIC~1\ AIMP
[12/21/2009|02:16] C:\DOCUME~1\YuYiN\APPLIC~1\ CameraWindowDC
[11/06/2009|07:41] C:\DOCUME~1\YuYiN\APPLIC~1\ CANON INC
[11/15/2009|11:49] C:\DOCUME~1\YuYiN\APPLIC~1\ GetRightToGo
[10/24/2009|11:50] C:\DOCUME~1\YuYiN\APPLIC~1\ Help
[10/24/2009|10:59] C:\DOCUME~1\YuYiN\APPLIC~1\ Identities
[10/25/2009|10:59] C:\DOCUME~1\YuYiN\APPLIC~1\ Macromedia
[12/13/2009|08:54] C:\DOCUME~1\YuYiN\APPLIC~1\ Malwarebytes
[12/21/2009|10:56] C:\DOCUME~1\YuYiN\APPLIC~1\ Media Player Classic
[12/22/2009|10:55] C:\DOCUME~1\YuYiN\APPLIC~1\ Microsoft
[10/25/2009|10:57] C:\DOCUME~1\YuYiN\APPLIC~1\ Mozilla
[12/03/2009|10:07] C:\DOCUME~1\YuYiN\APPLIC~1\ Nokia
[12/03/2009|10:07] C:\DOCUME~1\YuYiN\APPLIC~1\ PC Suite
[12/04/2009|12:03] C:\DOCUME~1\YuYiN\APPLIC~1\ PPStream
[12/21/2009|03:01] C:\DOCUME~1\YuYiN\APPLIC~1\ Real
[12/22/2009|08:33] C:\DOCUME~1\YuYiN\APPLIC~1\ Simply Super Software
[11/18/2009|09:04] C:\DOCUME~1\YuYiN\APPLIC~1\ Sun
[12/15/2009|09:36] C:\DOCUME~1\YuYiN\APPLIC~1\ SUPERAntiSpyware.com
[12/20/2009|09:39] C:\DOCUME~1\YuYiN\APPLIC~1\ U3
[12/21/2009|03:50] C:\DOCUME~1\YuYiN\APPLIC~1\ ZoomBrowser EX

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/24/2009 02:01 PM][--a------] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[12/24/2009 01:45 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/05/2009|03:27] C:\Program Files\ Adobe
[10/29/2009|04:45] C:\Program Files\ AIMP2
[10/27/2009|08:52] C:\Program Files\ Ares
[11/19/2009|12:17] C:\Program Files\ Ask.com
[10/24/2009|11:01] C:\Program Files\ ATI Technologies
[10/25/2009|11:24] C:\Program Files\ Avira
[10/24/2009|11:02] C:\Program Files\ AvRack
[10/24/2009|11:36] C:\Program Files\ Canon
[12/23/2009|07:51] C:\Program Files\ Common Files
[10/24/2009|10:49] C:\Program Files\ ComPlus Applications
[12/22/2009|08:21] C:\Program Files\ Crcle Developement
[12/03/2009|10:05] C:\Program Files\ DIFX
[11/15/2009|11:49] C:\Program Files\ DVD Clone Studio
[10/25/2009|12:50] C:\Program Files\ EASEUS
[12/21/2009|02:57] C:\Program Files\ FlashGet
[12/22/2009|08:27] C:\Program Files\ Garena
[10/29/2009|05:09] C:\Program Files\ GNU
[12/09/2009|02:51] C:\Program Files\ Graph
[11/20/2009|12:00] C:\Program Files\ GRETECH
[10/25/2009|09:35] C:\Program Files\ InstallShield Installation Information
[12/13/2009|07:53] C:\Program Files\ Internet Explorer
[12/16/2009|09:47] C:\Program Files\ Java
[10/24/2009|11:43] C:\Program Files\ K-Lite Codec Pack
[12/21/2009|09:16] C:\Program Files\ LOG EXTRA BIB
[12/13/2009|08:54] C:\Program Files\ Malwarebytes' Anti-Malware
[10/26/2009|08:48] C:\Program Files\ McAfee Security Scan
[11/02/2009|11:40] C:\Program Files\ MediaMonkey
[10/25/2009|11:40] C:\Program Files\ Microsoft
[10/24/2009|10:53] C:\Program Files\ microsoft frontpage
[10/25/2009|12:16] C:\Program Files\ Microsoft Office
[10/25/2009|12:15] C:\Program Files\ Microsoft Visual Studio
[10/25/2009|12:11] C:\Program Files\ Microsoft Visual Studio 8
[10/25/2009|12:16] C:\Program Files\ Microsoft Works
[10/25/2009|12:15] C:\Program Files\ Microsoft.NET
[10/24/2009|10:50] C:\Program Files\ Movie Maker
[12/24/2009|02:24] C:\Program Files\ Mozilla Firefox
[12/13/2009|07:56] C:\Program Files\ MSBuild
[10/24/2009|10:48] C:\Program Files\ MSN
[10/24/2009|10:49] C:\Program Files\ MSN Gaming Zone
[12/13/2009|07:51] C:\Program Files\ MSXML 6.0
[10/24/2009|11:17] C:\Program Files\ Nero
[10/24/2009|10:51] C:\Program Files\ NetMeeting
[12/03/2009|10:05] C:\Program Files\ Nokia
[10/24/2009|10:49] C:\Program Files\ Online Services
[10/24/2009|10:51] C:\Program Files\ Outlook Express
[12/03/2009|10:04] C:\Program Files\ PC Connectivity Solution
[12/20/2009|01:06] C:\Program Files\ PPStream
[12/21/2009|03:01] C:\Program Files\ Real Alternative
[10/24/2009|11:02] C:\Program Files\ Realtek AC97
[10/24/2009|11:02] C:\Program Files\ Realtek Sound Manager
[12/13/2009|07:56] C:\Program Files\ Reference Assemblies
[12/15/2009|09:36] C:\Program Files\ SUPERAntiSpyware
[12/09/2009|02:45] C:\Program Files\ TEBER
[10/29/2009|05:12] C:\Program Files\ The KMPlayer
[12/22/2009|10:06] C:\Program Files\ Trend Micro
[12/22/2009|11:08] C:\Program Files\ Trojan Remover
[10/24/2009|10:59] C:\Program Files\ Uninstall Information
[10/29/2009|05:59] C:\Program Files\ Webteh
[10/25/2009|11:40] C:\Program Files\ Windows Live
[10/25/2009|11:40] C:\Program Files\ Windows Live SkyDrive
[11/05/2009|09:28] C:\Program Files\ Windows Media Player
[10/24/2009|10:49] C:\Program Files\ Windows NT
[10/24/2009|10:52] C:\Program Files\ WindowsUpdate
[10/24/2009|10:53] C:\Program Files\ xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/05/2009|03:02] C:\Program Files\Common Files\ Adobe
[10/24/2009|11:19] C:\Program Files\Common Files\ Ahead
[10/24/2009|11:31] C:\Program Files\Common Files\ Canon
[10/25/2009|12:15] C:\Program Files\Common Files\ DESIGNER
[10/24/2009|11:01] C:\Program Files\Common Files\ InstallShield
[10/25/2009|09:56] C:\Program Files\Common Files\ Microsoft Shared
[10/24/2009|10:51] C:\Program Files\Common Files\ MSSoap
[12/03/2009|10:05] C:\Program Files\Common Files\ Nokia
[10/25/2009|06:42] C:\Program Files\Common Files\ ODBC
[12/03/2009|10:05] C:\Program Files\Common Files\ PCSuite
[10/24/2009|10:51] C:\Program Files\Common Files\ Services
[10/25/2009|06:41] C:\Program Files\Common Files\ SpeechEngines
[10/25/2009|12:11] C:\Program Files\Common Files\ System
[10/25/2009|11:19] C:\Program Files\Common Files\ Windows Live
[12/15/2009|09:36] C:\Program Files\Common Files\ Wise Installation Wizard

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hȋdden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-24 14:29:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden files ...
scan completed successfully
hȋdden processes: 0
hȋdden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:15][D:7]-> C:\DOCUME~1\YuYiN\LOCALS~1\Temp
[F:43][D:0]-> C:\DOCUME~1\YuYiN\Cookies
[F:274][D:4]-> C:\DOCUME~1\YuYiN\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 12/24/2009|14:30 - Option : [2]

--------------------\\ Scan completed at 14:30:14

YuYin93
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-12-22
OS OS : Windows XP
Points Points : 25501
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removing DR

Post by Belahzur on 24th December 2009, 5:11 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removing DR

Post by YuYin93 on 25th December 2009, 1:52 pm

The machine's working fine now.. Thanks for your help.. Thank You!

YuYin93
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-12-22
OS OS : Windows XP
Points Points : 25501
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum