[ALBAY]

Hi;

My Norton Antivirus Corporate edition dedect "Neteven.dll" as hactool.rootkit but couldn't delete or clean it. I tred several tools which are reccommended but notting helped. It is in path C:Windows\System32\neteven.dll. And also It is replaced in register

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E623F2-7935-4C77-9207-01F2B68555FB}\InprocServer32

AB Default REG_SZ C:Windows\System32\neteven.dll.

Threading Model REG_SZ Apartment

It is impossible to clean it I thing It is also effected my sound drivers as well. No sound since I had this evil.

I thing It is recording everything

Please help
Thank You from now :

[Advertisements]

Hi;
I tried all ways which reccommended in the forums but I couln't clean Neteven.dll .
Malwarebytes could dedect it but could not delete it although says to delete it at reboot,
combo fix and wundo fix could not dedect it . I couln't find any solution It is recording and reporting everything I think
here are combo fix and DDS.text
are there nobody to help

Thank you






ComboFix 09-05-09.05 - cesim 10.05.2009 20:58.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1033.18.1536.1028 [GMT 3:00]
Running from: c:\documents and settings\cesim\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\can\Local Settings\Temporary Internet Files\Thumbs.db
c:\windows\IE4 Error Log.txt
c:\windows\system32\msssc.dll
c:\windows\system32\open.ico
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-10 17:39 . 2009-05-10 17:39 -------- d-----w C:\VundoFix Backups
2009-05-09 14:20 . 2009-05-09 14:20 -------- d-----w c:\program files\LEVEL Online
2009-05-09 14:04 . 2009-05-09 14:04 -------- d-----w c:\program files\Sierra On-Line
2009-05-08 21:55 . 2009-05-08 21:55 -------- d-sh--w C:\FOUND.004
2009-05-02 17:48 . 2009-05-02 17:48 -------- d--h--r c:\documents and settings\can\Application Data\SecuROM
2009-05-02 09:19 . 2009-05-02 09:19 -------- d-----w C:\Rooter$
2009-05-01 21:22 . 2009-05-01 21:22 -------- d-----w c:\program files\Trend Micro
2009-05-01 09:31 . 2009-05-01 09:31 -------- d-----w c:\documents and settings\can\Application Data\Malwarebytes
2009-04-30 21:05 . 2009-04-30 21:05 -------- d-----w c:\documents and settings\cesim\Application Data\Malwarebytes
2009-04-30 21:04 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 21:04 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 14:30 . 2009-04-23 14:30 -------- d-----w c:\documents and settings\All Users\Application Data\FNET
2009-04-23 14:30 . 2009-04-23 14:30 7040 ----a-w c:\windows\system32\drivers\FNETURPX.SYS
2009-04-23 14:29 . 2009-04-23 14:29 -------- d-----w c:\program files\PcCloneEX
2009-04-23 14:02 . 2009-04-23 14:02 -------- d-----w C:\Audio
2009-04-23 11:32 . 2001-09-11 12:20 30208 ----a-w c:\windows\system32\wdmioctl.dll
2009-04-23 11:32 . 2001-09-11 13:20 1285632 ----a-w c:\windows\system32\SMMedia.dll
2009-04-23 11:32 . 2002-07-24 11:06 974848 ----a-w c:\windows\SynthCoreA.Dll
2009-04-23 11:32 . 2002-08-30 08:59 380928 ----a-w c:\windows\SynCor.exe
2009-04-23 11:32 . 2002-11-06 16:00 40820 ----a-w c:\windows\system32\Syncor11.dll
2009-04-23 11:32 . 2002-11-06 18:23 49152 ----a-w c:\windows\system32\S11thk32.dll
2009-04-23 11:32 . 2002-07-24 10:06 45056 ----a-w c:\windows\system32\SynthCore11Resources.dll
2009-04-23 11:32 . 2001-09-19 10:47 765952 ----a-w c:\windows\system\crlds3d.dll
2009-04-23 11:32 . 2009-04-23 11:32 -------- d-----w c:\windows\VirtualEar
2009-04-23 11:32 . 2001-09-19 10:47 720896 ----a-w c:\windows\system32\Audio3d.dll
2009-04-23 11:32 . 2002-04-17 12:05 45056 ----a-w c:\windows\system32\CleanUp.exe
2009-04-23 11:32 . 2002-06-06 12:28 45056 ----a-w c:\windows\system32\DSndUp.exe
2009-04-22 20:53 . 2009-04-22 20:53 -------- d-sh--w C:\FOUND.003
2009-04-22 20:15 . 2009-04-22 20:15 520192 ----a-w c:\windows\system32\UEFA 2008 (en).scr
2009-04-22 20:15 . 2009-04-22 20:15 -------- d-----w c:\windows\system32\UEFA 2008 (en) dir
2009-04-22 17:50 . 2003-08-29 12:09 578304 ----a-w c:\windows\system32\smwdm.sys
2009-04-20 19:16 . 2009-04-20 19:16 -------- d-----w C:\New Folder (2)
2009-04-19 14:26 . 2004-08-03 20:15 140928 ----a-w c:\windows\system32\drivers\ks.sys
2009-04-19 14:26 . 2004-08-03 20:15 145792 ----a-w c:\windows\system32\drivers\portcls.sys
2009-04-19 14:26 . 2004-08-03 21:56 4096 ----a-w c:\windows\system32\KSUSER.DLL
2009-04-19 14:26 . 2004-08-03 20:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-19 14:15 . 2009-04-19 14:15 -------- d-sh--w C:\FOUND.002
2009-04-19 14:03 . 2002-11-02 04:08 53248 ----a-r c:\windows\system32\cmuda.dll
2009-04-19 14:03 . 2002-08-13 10:42 28672 ----a-r c:\windows\system32\udaprop.dll
2009-04-19 11:02 . 2009-04-19 11:02 -------- d-----w C:\New Folder
2009-04-18 19:10 . 2009-05-08 21:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-17 18:23 . 2004-08-03 20:15 140928 ----a-w c:\windows\system32\dllcache\ks.sys
2009-04-17 18:23 . 2004-08-03 21:56 23552 ----a-w c:\windows\system32\dllcache\wdmaud.drv
2009-04-17 18:23 . 2004-08-03 21:56 23552 ----a-w c:\windows\system32\WDMAUD.DRV
2009-04-17 18:23 . 2004-08-03 20:15 145792 ----a-w c:\windows\system32\dllcache\portcls.sys
2009-04-17 18:23 . 2004-08-03 20:08 60288 ----a-w c:\windows\system32\dllcache\drmk.sys
2009-04-17 18:23 . 2004-08-03 20:08 48640 ----a-w c:\windows\system32\dllcache\stream.sys
2009-04-17 18:23 . 2004-08-03 20:08 48640 ----a-w c:\windows\system32\drivers\stream.sys
2009-04-17 18:11 . 2009-04-17 18:11 -------- d-sh--w C:\FOUND.001
2009-04-17 17:58 . 2002-10-18 12:55 237568 ----a-w c:\windows\CMIUninstall.exe
2009-04-17 17:58 . 2002-07-01 09:01 212992 ----a-w c:\windows\CmiRmRedundDir.exe
2009-04-17 17:58 . 2002-10-18 12:56 28672 ----a-w c:\windows\CMIRmDriver.dll
2009-04-17 17:37 . 2001-09-19 11:32 720896 ----a-w c:\windows\system32\dllcache\a3d.dll
2009-04-17 17:23 . 2004-08-03 21:56 9728 ------w c:\windows\system32\rwnh.dll
2009-04-17 17:23 . 2004-08-03 21:56 10752 ------w c:\windows\system32\smtpapi.dll
2009-04-17 17:23 . 2004-08-03 20:00 29056 ------w c:\windows\system32\drivers\ip6fw.sys
2009-04-16 19:43 . 2009-04-16 19:43 -------- d-----w c:\program files\E-Color
2009-04-16 17:58 . 2008-06-19 13:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-15 18:46 . 2008-12-11 05:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 18:46 . 2009-03-06 13:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-15 18:46 . 2008-12-18 09:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-15 18:45 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\program files\Spyware Doctor
2009-04-14 19:52 . 2009-04-14 19:52 -------- d-sh--w C:\FOUND.000
2009-04-12 20:13 . 2004-08-03 21:56 4096 ----a-w c:\windows\system32\dllcache\ksuser.dll
2009-04-12 14:58 . 2003-08-29 12:09 578304 ----a-w c:\windows\system32\drivers\smwdm.sys
2009-04-12 14:58 . 2003-04-08 08:30 3744 ----a-w c:\windows\system32\drivers\smsens.sys
2009-04-12 14:58 . 2002-04-01 11:15 4816 ----a-w c:\windows\system32\drivers\aeaudio.sys
2009-04-12 14:58 . 2001-09-19 11:32 720896 ----a-w c:\windows\system32\a3d.dll
2009-04-11 19:19 . 2001-08-23 08:00 97792 ----a-w c:\windows\system32\neteven.dll
2009-04-10 19:58 . 2009-04-10 19:58 -------- d-----w c:\windows\VirtualEar(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 14:58 . 2009-05-09 17:03 22117376 ----a-w c:\windows\Internet Logs\rDB10E.tmp
2009-05-08 13:53 . 2009-05-08 14:01 22132224 ----a-w c:\windows\Internet Logs\rDB10D.tmp
2009-05-04 16:53 . 2009-05-04 17:06 22107136 ----a-w c:\windows\Internet Logs\rDB10C.tmp
2009-04-26 10:35 . 2009-04-26 10:49 22064640 ----a-w c:\windows\Internet Logs\rDB10B.tmp
2009-04-23 13:58 . 2009-04-23 14:04 22015488 ----a-w c:\windows\Internet Logs\rDB10A.tmp
2009-04-22 19:06 . 2009-04-22 20:55 22010880 ----a-w c:\windows\Internet Logs\rDB109.tmp
2009-04-21 17:54 . 2009-04-30 19:48 346496 ----a-w c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-04-19 13:50 . 2009-04-19 14:17 21997056 ----a-w c:\windows\Internet Logs\rDB108.tmp
2009-04-18 21:52 . 2009-04-19 09:24 21991936 ----a-w c:\windows\Internet Logs\rDB107.tmp
2009-04-17 17:52 . 2009-04-17 18:13 21983232 ----a-w c:\windows\Internet Logs\rDB106.tmp
2009-04-15 20:25 . 2009-04-15 20:24 6584 ----a-w c:\windows\srchasst\mui\0409\lclrfine.xml.tmp
2009-04-15 18:59 . 2009-04-15 19:37 21940224 ----a-w c:\windows\Internet Logs\rDB105.tmp
2009-04-14 19:30 . 2009-04-14 19:54 21871104 ----a-w c:\windows\Internet Logs\rDB104.tmp
2009-04-12 15:23 . 2009-04-12 20:44 21871104 ----a-w c:\windows\Internet Logs\rDB103.tmp
2009-04-12 15:23 . 2009-04-12 20:07 21871104 ----a-w c:\windows\Internet Logs\rDB102.tmp
2009-04-12 15:23 . 2009-04-12 18:21 21871104 ----a-w c:\windows\Internet Logs\rDB101.tmp
2009-04-12 11:13 . 2009-04-12 14:50 21911552 ----a-w c:\windows\Internet Logs\rDB100.tmp
2009-03-29 21:39 . 2009-03-30 09:14 21865472 ----a-w c:\windows\Internet Logs\rDBFF.tmp
2009-03-29 12:28 . 2009-03-29 20:00 21865472 ----a-w c:\windows\Internet Logs\rDBFE.tmp
2009-03-23 18:18 . 2009-03-23 18:47 22331392 ----a-w c:\windows\Internet Logs\rDBFD.tmp
2009-03-19 19:54 . 2009-03-19 20:19 21806592 ----a-w c:\windows\Internet Logs\rDBFC.tmp
2009-03-19 13:02 . 2009-03-19 13:02 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 02:19 . 2009-01-07 20:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 19:47 . 2009-03-05 14:18 21739520 ----a-w c:\windows\Internet Logs\rDBFB.tmp
2009-02-18 21:12 . 2009-02-19 17:09 21694976 ----a-w c:\windows\Internet Logs\rDBF9.tmp
2009-02-15 00:56 . 2009-02-15 13:13 21683200 ----a-w c:\windows\Internet Logs\rDBF8.tmp
2009-02-12 21:12 . 2009-02-13 19:37 21680640 ----a-w c:\windows\Internet Logs\rDBF7.tmp
2009-02-12 08:11 . 2009-02-12 10:09 21680640 ----a-w c:\windows\Internet Logs\rDBF6.tmp
2005-04-18 19:56 . 2005-04-18 19:33 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2005-04-18 19:56 . 2005-04-18 19:33 56 --sh--r c:\windows\system32\4869164673.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E623F2-7935-4C77-9207-01F2B68555FB}]
2001-08-23 08:00 97792 ----a-w c:\windows\system32\neteven.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-09-29 176128]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-10 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]
"anvshell"="anvshell.exe" - c:\windows\anvshell.exe [2003-03-13 348160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CUseeMe Setup.lnk - c:\windows\system32\RunDll32.exe [2001-8-23 33280]

c:\documents and settings\can\Start Menu\Programs\Startup\
uefa.com Alerts.lnk - c:\my pictures\uefa-alerts.exe [2009-4-22 1492867]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2003-6-10 1122304]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-6-15 106560]
ZoneAlarm Pro.lnk - c:\program files\Zone Labs\ZoneAlarm\zapro.exe [2003-11-5 299040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2003-01-29 40960]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"MIDI5"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
backup=c:\windows\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^True Internet Color Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk
backup=c:\windows\pss\True Internet Color Icon.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boost XP Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"Netlogon"=3 (0x3)
"ERSvc"=2 (0x2)
"RDSessMgr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=2 (0x2)
"Crypkey License"=2 (0x2)
"ose"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"h:\\Valve\\hl.exe"=
"h:\\Program Files\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 13:43 22016]
R0 gszspzji;gszspzji;c:\windows\system32\drivers\gszspzji.sys [23.08.2001 11:00 23424]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.04.2009 20:58 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15.04.2009 21:46 130424]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [05.10.2003 21:57 232480]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [23.04.2009 17:30 7040]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [20.11.2006 21:33 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15.04.2009 21:45 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dabb07fc-ca20-11dd-896c-000c6e44c862}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Mevcut PDF’ye Dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seçili bağlantıları Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seçili bağlantıları mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Seçimi Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Seçimi mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {50D38CD9-9F5B-45A8-8017-40D141E5CCA9} = 193.192.98.8,192.168.1.1
TCP: {D1624524-3917-48B9-BB19-B8055B00DEBE} = 193.192.98.8,192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {94D69559-E6CB-4D60-BB12-56B16DCBC5C6} - hxxp://joy.tr.lgmobile.com/enjoy/photoeditor/TR/woweditor.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 21:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-854245398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codecp.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\imc32.acm

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\nview.dll
c:\program files\SAMSUNG\Samsung Internet Keyboard\SITKbdHk.DLL
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\l3codecp.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\imc32.acm
.
------------------------ Other Running Processes ------------------------
.
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
c:\documents and settings\ALL USERS\APPLICATION DATA\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\DRIVERS\KODAKCCS.EXE
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\ZONELABS\VSMON.EXE
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
c:\program files\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-10 21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-10 18:11

Pre-Run: 3.773.661.184 bytes free
Post-Run: 4.278.829.056 bytes free

331


DDS (Ver_09-03-16.01) - FAT32x86
Run by cesim at 21:35:32,75 on 10.05.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1033.18.1536.1031 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Documents and Settings\cesim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: GetRight IE Download Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: {95e623f2-7935-4c77-9207-01f2b68555fb} - c:\windows\system32\neteven.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\tr-tr\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S14E.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [anvshell] anvshell.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intern~1.lnk - c:\program files\samsung\samsung internet keyboard\MMKbd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zone labs\zonealarm\zapro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ADOBEA~2.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-787c-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Mevcut PDF’ye Dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Microsoft Excel'e Gö&nder - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Seçili bağlantıları Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seçili bağlantıları mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Seçimi Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Seçimi mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {44EFB53C-C965-43CF-9F45-52242D134187}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://www.pandasecurity.com/activescan/cabs/as2stubie.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {94D69559-E6CB-4D60-BB12-56B16DCBC5C6} - hxxp://joy.tr.lgmobile.com/enjoy/photoeditor/TR/woweditor.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {50D38CD9-9F5B-45A8-8017-40D141E5CCA9} = 193.192.98.8,192.168.1.1
TCP: {D1624524-3917-48B9-BB19-B8055B00DEBE} = 193.192.98.8,192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\progra~1\common~1\micros~1\refere~1\msref.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdidl~1\DVDShell.dll

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 gszspzji;gszspzji;c:\windows\system32\drivers\gszspzji.sys [2001-8-23 23424]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-15 130424]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-10-5 232480]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-23 7040]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-11-5 130176]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090510.003\NAVENG.sys [2009-5-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090510.003\NAVEX15.sys [2009-5-10 876144]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2003-2-26 31868]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\nvtunep.sys --> c:\windows\system32\drivers\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\nvtvsnd.sys --> c:\windows\system32\drivers\nvtvsnd.sys [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-11-20 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-15 1095560]

=============== Created Last 30 ================

2009-05-10 20:56 161,792 a------- c:\windows\SWREG.exe
2009-05-10 20:56 98,816 a------- c:\windows\sed.exe
2009-05-10 20:56 <DIR> --d----- C:\ComboFix
2009-05-10 20:39 <DIR> --d----- C:\VundoFix Backups
2009-05-09 17:20 <DIR> --d----- c:\program files\LEVEL Online
2009-05-09 17:04 <DIR> --d----- c:\program files\Sierra On-Line
2009-05-09 00:55 <DIR> --dsh--- C:\FOUND.004
2009-05-04 22:39 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-04 22:39 1,409 a------- c:\windows\QTFont.for
2009-05-02 12:19 <DIR> --d----- C:\Rooter$
2009-05-02 00:22 <DIR> --d----- c:\program files\Trend Micro
2009-05-01 00:05 <DIR> --d----- c:\docume~1\cesim\applic~1\Malwarebytes
2009-05-01 00:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 00:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 00:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-23 17:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FNET
2009-04-23 17:30 7,040 a------- c:\windows\system32\drivers\FNETURPX.SYS
2009-04-23 17:29 <DIR> --d----- c:\program files\PcCloneEX
2009-04-23 17:02 <DIR> --d----- C:\Audio
2009-04-23 14:32 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-04-23 14:32 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-04-23 14:32 974,848 a------- c:\windows\SynthCoreA.Dll
2009-04-23 14:32 380,928 a------- c:\windows\SynCor.exe
2009-04-23 14:32 49,152 a------- c:\windows\system32\S11thk32.dll
2009-04-23 14:32 45,056 a------- c:\windows\system32\SynthCore11Resources.dll
2009-04-23 14:32 40,820 a------- c:\windows\system32\Syncor11.dll
2009-04-23 14:32 765,952 a------- c:\windows\system\crlds3d.dll
2009-04-23 14:32 720,896 a------- c:\windows\system32\Audio3d.dll
2009-04-23 14:32 <DIR> --d----- c:\windows\VirtualEar
2009-04-23 14:32 45,056 a------- c:\windows\system32\DSndUp.exe
2009-04-23 14:32 45,056 a------- c:\windows\system32\CleanUp.exe
2009-04-22 23:53 <DIR> --dsh--- C:\FOUND.003
2009-04-22 23:41 4,816 a----r-- c:\windows\system32\drivers\SETED.tmp
2009-04-22 23:15 520,192 a------- c:\windows\system32\UEFA 2008 (en).scr
2009-04-22 23:15 <DIR> --d----- c:\windows\system32\UEFA 2008 (en) dir
2009-04-22 20:50 578,304 a------- c:\windows\system32\smwdm.sys
2009-04-20 22:16 <DIR> --d----- C:\New Folder (2)
2009-04-19 17:26 140,928 a------- c:\windows\system32\drivers\ks.sys
2009-04-19 17:26 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-04-19 17:26 4,096 a------- c:\windows\system32\KSUSER.DLL
2009-04-19 17:26 130,048 a------- c:\windows\system32\KSPROXY.AX
2009-04-19 17:26 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-04-19 17:15 <DIR> --dsh--- C:\FOUND.002
2009-04-19 17:03 53,248 a----r-- c:\windows\system32\cmuda.dll
2009-04-19 17:03 28,672 a----r-- c:\windows\system32\udaprop.dll
2009-04-19 17:03 60,288 a------- c:\windows\system32\drivers\SETD0.tmp
2009-04-19 14:18 3,805 a------- c:\windows\Ascd_tmp.ini
2009-04-19 14:02 <DIR> --d----- C:\New Folder
2009-04-18 22:10 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-17 21:23 140,928 a------- c:\windows\system32\dllcache\ks.sys
2009-04-17 21:23 23,552 a------- c:\windows\system32\WDMAUD.DRV
2009-04-17 21:23 23,552 a------- c:\windows\system32\dllcache\wdmaud.drv
2009-04-17 21:23 145,792 a------- c:\windows\system32\dllcache\portcls.sys
2009-04-17 21:23 60,288 a------- c:\windows\system32\dllcache\drmk.sys
2009-04-17 21:23 48,640 a------- c:\windows\system32\drivers\stream.sys
2009-04-17 21:23 48,640 a------- c:\windows\system32\dllcache\stream.sys
2009-04-17 21:11 <DIR> --dsh--- C:\FOUND.001
2009-04-17 20:58 92 a------- c:\windows\CMISETUP.INI
2009-04-17 20:58 26 a------- c:\windows\CMCDPLAY.INI
2009-04-17 20:58 237,568 a------- c:\windows\CMIUninstall.exe
2009-04-17 20:58 212,992 a------- c:\windows\CmiRmRedundDir.exe
2009-04-17 20:58 28,672 a------- c:\windows\CMIRmDriver.dll
2009-04-17 20:58 188,416 -------- c:\windows\system32\CMIMPEG2V.ax
2009-04-17 20:58 98,304 -------- c:\windows\system32\CMIVCDNav.ax
2009-04-17 20:58 114,688 -------- c:\windows\system32\CMIEffect.ax
2009-04-17 20:58 65,536 -------- c:\windows\system32\CMIEchoFilter.ax
2009-04-17 20:58 61,440 -------- c:\windows\system32\CMICDDAFilter.ax
2009-04-17 20:58 352,256 -------- c:\windows\system32\ActiveSkin.ocx
2009-04-17 20:56 260 a------- c:\windows\_delis32.ini
2009-04-17 20:37 720,896 a------- c:\windows\system32\dllcache\a3d.dll
2009-04-17 20:23 10,752 -------- c:\windows\system32\smtpapi.dll
2009-04-17 20:23 9,728 -------- c:\windows\system32\rwnh.dll
2009-04-17 20:23 29,056 -------- c:\windows\system32\drivers\ip6fw.sys
2009-04-17 20:21 19,528 a------- c:\windows\000001_.tmp
2009-04-16 22:43 <DIR> --d----- c:\program files\E-Color
2009-04-16 20:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-15 21:46 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 21:46 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-15 21:46 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 21:45 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-15 21:45 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-15 21:45 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-15 21:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-14 22:52 <DIR> --dsh--- C:\FOUND.000
2009-04-12 23:13 130,048 a------- c:\windows\system32\dllcache\ksproxy.ax
2009-04-12 23:13 4,096 a------- c:\windows\system32\dllcache\ksuser.dll
2009-04-12 22:54 16,384 a------- c:\windows\system32\drivers\SET13E.tmp
2009-04-12 22:54 4,096 a------- c:\windows\system32\SET13D.tmp
2009-04-12 17:58 720,896 a------- c:\windows\system32\a3d.dll
2009-04-12 17:58 578,304 a------- c:\windows\system32\drivers\smwdm.sys
2009-04-12 17:58 4,816 a------- c:\windows\system32\drivers\aeaudio.sys
2009-04-12 17:58 3,744 a------- c:\windows\system32\drivers\smsens.sys
2009-04-11 22:19 97,792 a------- c:\windows\system32\neteven.dll
2009-04-10 22:58 <DIR> --d----- c:\windows\VirtualEar(2)

==================== Find3M ====================

2009-04-21 20:54 346,496 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-15 23:25 6,584 a------- c:\windows\srchasst\mui\0409\lclrfine.xml.tmp
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-01-07 22:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-09-08 22:18 68,584 a------- c:\docume~1\cesim\applic~1\GDIPFONTCACHEV1.DAT
2005-04-18 22:56 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-04-18 22:56 56 ---shr-- c:\windows\system32\4869164673.sys

============= FINISH: 21:36:21,25 ===============

[ALBAY]

Hi;
I tried all ways which reccommended in the forums but I couln't clean Neteven.dll .
Malwarebytes could dedect it but could not delete it although says to delete it at reboot,
combo fix and wundo fix could not dedect it . I couln't find any solution It is recording and reporting everything I think
here are combo fix and DDS.text
are there nobody to help

Thank you






ComboFix 09-05-09.05 - cesim 10.05.2009 20:58.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1033.18.1536.1028 [GMT 3:00]
Running from: c:\documents and settings\cesim\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\can\Local Settings\Temporary Internet Files\Thumbs.db
c:\windows\IE4 Error Log.txt
c:\windows\system32\msssc.dll
c:\windows\system32\open.ico
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-10 17:39 . 2009-05-10 17:39 -------- d-----w C:\VundoFix Backups
2009-05-09 14:20 . 2009-05-09 14:20 -------- d-----w c:\program files\LEVEL Online
2009-05-09 14:04 . 2009-05-09 14:04 -------- d-----w c:\program files\Sierra On-Line
2009-05-08 21:55 . 2009-05-08 21:55 -------- d-sh--w C:\FOUND.004
2009-05-02 17:48 . 2009-05-02 17:48 -------- d--h--r c:\documents and settings\can\Application Data\SecuROM
2009-05-02 09:19 . 2009-05-02 09:19 -------- d-----w C:\Rooter$
2009-05-01 21:22 . 2009-05-01 21:22 -------- d-----w c:\program files\Trend Micro
2009-05-01 09:31 . 2009-05-01 09:31 -------- d-----w c:\documents and settings\can\Application Data\Malwarebytes
2009-04-30 21:05 . 2009-04-30 21:05 -------- d-----w c:\documents and settings\cesim\Application Data\Malwarebytes
2009-04-30 21:04 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 21:04 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:04 . 2009-04-30 21:04 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 14:30 . 2009-04-23 14:30 -------- d-----w c:\documents and settings\All Users\Application Data\FNET
2009-04-23 14:30 . 2009-04-23 14:30 7040 ----a-w c:\windows\system32\drivers\FNETURPX.SYS
2009-04-23 14:29 . 2009-04-23 14:29 -------- d-----w c:\program files\PcCloneEX
2009-04-23 14:02 . 2009-04-23 14:02 -------- d-----w C:\Audio
2009-04-23 11:32 . 2001-09-11 12:20 30208 ----a-w c:\windows\system32\wdmioctl.dll
2009-04-23 11:32 . 2001-09-11 13:20 1285632 ----a-w c:\windows\system32\SMMedia.dll
2009-04-23 11:32 . 2002-07-24 11:06 974848 ----a-w c:\windows\SynthCoreA.Dll
2009-04-23 11:32 . 2002-08-30 08:59 380928 ----a-w c:\windows\SynCor.exe
2009-04-23 11:32 . 2002-11-06 16:00 40820 ----a-w c:\windows\system32\Syncor11.dll
2009-04-23 11:32 . 2002-11-06 18:23 49152 ----a-w c:\windows\system32\S11thk32.dll
2009-04-23 11:32 . 2002-07-24 10:06 45056 ----a-w c:\windows\system32\SynthCore11Resources.dll
2009-04-23 11:32 . 2001-09-19 10:47 765952 ----a-w c:\windows\system\crlds3d.dll
2009-04-23 11:32 . 2009-04-23 11:32 -------- d-----w c:\windows\VirtualEar
2009-04-23 11:32 . 2001-09-19 10:47 720896 ----a-w c:\windows\system32\Audio3d.dll
2009-04-23 11:32 . 2002-04-17 12:05 45056 ----a-w c:\windows\system32\CleanUp.exe
2009-04-23 11:32 . 2002-06-06 12:28 45056 ----a-w c:\windows\system32\DSndUp.exe
2009-04-22 20:53 . 2009-04-22 20:53 -------- d-sh--w C:\FOUND.003
2009-04-22 20:15 . 2009-04-22 20:15 520192 ----a-w c:\windows\system32\UEFA 2008 (en).scr
2009-04-22 20:15 . 2009-04-22 20:15 -------- d-----w c:\windows\system32\UEFA 2008 (en) dir
2009-04-22 17:50 . 2003-08-29 12:09 578304 ----a-w c:\windows\system32\smwdm.sys
2009-04-20 19:16 . 2009-04-20 19:16 -------- d-----w C:\New Folder (2)
2009-04-19 14:26 . 2004-08-03 20:15 140928 ----a-w c:\windows\system32\drivers\ks.sys
2009-04-19 14:26 . 2004-08-03 20:15 145792 ----a-w c:\windows\system32\drivers\portcls.sys
2009-04-19 14:26 . 2004-08-03 21:56 4096 ----a-w c:\windows\system32\KSUSER.DLL
2009-04-19 14:26 . 2004-08-03 20:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-19 14:15 . 2009-04-19 14:15 -------- d-sh--w C:\FOUND.002
2009-04-19 14:03 . 2002-11-02 04:08 53248 ----a-r c:\windows\system32\cmuda.dll
2009-04-19 14:03 . 2002-08-13 10:42 28672 ----a-r c:\windows\system32\udaprop.dll
2009-04-19 11:02 . 2009-04-19 11:02 -------- d-----w C:\New Folder
2009-04-18 19:10 . 2009-05-08 21:56 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-17 18:23 . 2004-08-03 20:15 140928 ----a-w c:\windows\system32\dllcache\ks.sys
2009-04-17 18:23 . 2004-08-03 21:56 23552 ----a-w c:\windows\system32\dllcache\wdmaud.drv
2009-04-17 18:23 . 2004-08-03 21:56 23552 ----a-w c:\windows\system32\WDMAUD.DRV
2009-04-17 18:23 . 2004-08-03 20:15 145792 ----a-w c:\windows\system32\dllcache\portcls.sys
2009-04-17 18:23 . 2004-08-03 20:08 60288 ----a-w c:\windows\system32\dllcache\drmk.sys
2009-04-17 18:23 . 2004-08-03 20:08 48640 ----a-w c:\windows\system32\dllcache\stream.sys
2009-04-17 18:23 . 2004-08-03 20:08 48640 ----a-w c:\windows\system32\drivers\stream.sys
2009-04-17 18:11 . 2009-04-17 18:11 -------- d-sh--w C:\FOUND.001
2009-04-17 17:58 . 2002-10-18 12:55 237568 ----a-w c:\windows\CMIUninstall.exe
2009-04-17 17:58 . 2002-07-01 09:01 212992 ----a-w c:\windows\CmiRmRedundDir.exe
2009-04-17 17:58 . 2002-10-18 12:56 28672 ----a-w c:\windows\CMIRmDriver.dll
2009-04-17 17:37 . 2001-09-19 11:32 720896 ----a-w c:\windows\system32\dllcache\a3d.dll
2009-04-17 17:23 . 2004-08-03 21:56 9728 ------w c:\windows\system32\rwnh.dll
2009-04-17 17:23 . 2004-08-03 21:56 10752 ------w c:\windows\system32\smtpapi.dll
2009-04-17 17:23 . 2004-08-03 20:00 29056 ------w c:\windows\system32\drivers\ip6fw.sys
2009-04-16 19:43 . 2009-04-16 19:43 -------- d-----w c:\program files\E-Color
2009-04-16 17:58 . 2008-06-19 13:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-15 18:46 . 2008-12-11 05:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 18:46 . 2009-03-06 13:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-15 18:46 . 2008-12-18 09:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-15 18:45 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-15 18:45 . 2009-04-15 18:45 -------- d-----w c:\program files\Spyware Doctor
2009-04-14 19:52 . 2009-04-14 19:52 -------- d-sh--w C:\FOUND.000
2009-04-12 20:13 . 2004-08-03 21:56 4096 ----a-w c:\windows\system32\dllcache\ksuser.dll
2009-04-12 14:58 . 2003-08-29 12:09 578304 ----a-w c:\windows\system32\drivers\smwdm.sys
2009-04-12 14:58 . 2003-04-08 08:30 3744 ----a-w c:\windows\system32\drivers\smsens.sys
2009-04-12 14:58 . 2002-04-01 11:15 4816 ----a-w c:\windows\system32\drivers\aeaudio.sys
2009-04-12 14:58 . 2001-09-19 11:32 720896 ----a-w c:\windows\system32\a3d.dll
2009-04-11 19:19 . 2001-08-23 08:00 97792 ----a-w c:\windows\system32\neteven.dll
2009-04-10 19:58 . 2009-04-10 19:58 -------- d-----w c:\windows\VirtualEar(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 14:58 . 2009-05-09 17:03 22117376 ----a-w c:\windows\Internet Logs\rDB10E.tmp
2009-05-08 13:53 . 2009-05-08 14:01 22132224 ----a-w c:\windows\Internet Logs\rDB10D.tmp
2009-05-04 16:53 . 2009-05-04 17:06 22107136 ----a-w c:\windows\Internet Logs\rDB10C.tmp
2009-04-26 10:35 . 2009-04-26 10:49 22064640 ----a-w c:\windows\Internet Logs\rDB10B.tmp
2009-04-23 13:58 . 2009-04-23 14:04 22015488 ----a-w c:\windows\Internet Logs\rDB10A.tmp
2009-04-22 19:06 . 2009-04-22 20:55 22010880 ----a-w c:\windows\Internet Logs\rDB109.tmp
2009-04-21 17:54 . 2009-04-30 19:48 346496 ----a-w c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-04-19 13:50 . 2009-04-19 14:17 21997056 ----a-w c:\windows\Internet Logs\rDB108.tmp
2009-04-18 21:52 . 2009-04-19 09:24 21991936 ----a-w c:\windows\Internet Logs\rDB107.tmp
2009-04-17 17:52 . 2009-04-17 18:13 21983232 ----a-w c:\windows\Internet Logs\rDB106.tmp
2009-04-15 20:25 . 2009-04-15 20:24 6584 ----a-w c:\windows\srchasst\mui\0409\lclrfine.xml.tmp
2009-04-15 18:59 . 2009-04-15 19:37 21940224 ----a-w c:\windows\Internet Logs\rDB105.tmp
2009-04-14 19:30 . 2009-04-14 19:54 21871104 ----a-w c:\windows\Internet Logs\rDB104.tmp
2009-04-12 15:23 . 2009-04-12 20:44 21871104 ----a-w c:\windows\Internet Logs\rDB103.tmp
2009-04-12 15:23 . 2009-04-12 20:07 21871104 ----a-w c:\windows\Internet Logs\rDB102.tmp
2009-04-12 15:23 . 2009-04-12 18:21 21871104 ----a-w c:\windows\Internet Logs\rDB101.tmp
2009-04-12 11:13 . 2009-04-12 14:50 21911552 ----a-w c:\windows\Internet Logs\rDB100.tmp
2009-03-29 21:39 . 2009-03-30 09:14 21865472 ----a-w c:\windows\Internet Logs\rDBFF.tmp
2009-03-29 12:28 . 2009-03-29 20:00 21865472 ----a-w c:\windows\Internet Logs\rDBFE.tmp
2009-03-23 18:18 . 2009-03-23 18:47 22331392 ----a-w c:\windows\Internet Logs\rDBFD.tmp
2009-03-19 19:54 . 2009-03-19 20:19 21806592 ----a-w c:\windows\Internet Logs\rDBFC.tmp
2009-03-19 13:02 . 2009-03-19 13:02 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-09 02:19 . 2009-01-07 20:38 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 19:47 . 2009-03-05 14:18 21739520 ----a-w c:\windows\Internet Logs\rDBFB.tmp
2009-02-18 21:12 . 2009-02-19 17:09 21694976 ----a-w c:\windows\Internet Logs\rDBF9.tmp
2009-02-15 00:56 . 2009-02-15 13:13 21683200 ----a-w c:\windows\Internet Logs\rDBF8.tmp
2009-02-12 21:12 . 2009-02-13 19:37 21680640 ----a-w c:\windows\Internet Logs\rDBF7.tmp
2009-02-12 08:11 . 2009-02-12 10:09 21680640 ----a-w c:\windows\Internet Logs\rDBF6.tmp
2005-04-18 19:56 . 2005-04-18 19:33 6580 --sha-w c:\windows\system32\KGyGaAvL.sys
2005-04-18 19:56 . 2005-04-18 19:33 56 --sh--r c:\windows\system32\4869164673.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E623F2-7935-4C77-9207-01F2B68555FB}]
2001-08-23 08:00 97792 ----a-w c:\windows\system32\neteven.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-09-29 176128]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-10 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]
"anvshell"="anvshell.exe" - c:\windows\anvshell.exe [2003-03-13 348160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CUseeMe Setup.lnk - c:\windows\system32\RunDll32.exe [2001-8-23 33280]

c:\documents and settings\can\Start Menu\Programs\Startup\
uefa.com Alerts.lnk - c:\my pictures\uefa-alerts.exe [2009-4-22 1492867]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2003-6-10 1122304]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-6-15 106560]
ZoneAlarm Pro.lnk - c:\program files\Zone Labs\ZoneAlarm\zapro.exe [2003-11-5 299040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2003-01-29 40960]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"MIDI5"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
backup=c:\windows\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^True Internet Color Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk
backup=c:\windows\pss\True Internet Color Icon.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boost XP Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardSvr"=3 (0x3)
"SCardDrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"Netlogon"=3 (0x3)
"ERSvc"=2 (0x2)
"RDSessMgr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=2 (0x2)
"Crypkey License"=2 (0x2)
"ose"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
"h:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"h:\\Valve\\hl.exe"=
"h:\\Program Files\\Sierra\\Half-Life\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 13:43 22016]
R0 gszspzji;gszspzji;c:\windows\system32\drivers\gszspzji.sys [23.08.2001 11:00 23424]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16.04.2009 20:58 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [15.04.2009 21:46 130424]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [05.10.2003 21:57 232480]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [23.04.2009 17:30 7040]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys --> c:\windows\system32\DRIVERS\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys --> c:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [20.11.2006 21:33 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15.04.2009 21:45 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dabb07fc-ca20-11dd-896c-000c6e44c862}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Mevcut PDF’ye Dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Seçili bağlantıları Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seçili bağlantıları mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Seçimi Adobe PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Seçimi mevcut PDF’ye dönüştür - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {50D38CD9-9F5B-45A8-8017-40D141E5CCA9} = 193.192.98.8,192.168.1.1
TCP: {D1624524-3917-48B9-BB19-B8055B00DEBE} = 193.192.98.8,192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {94D69559-E6CB-4D60-BB12-56B16DCBC5C6} - hxxp://joy.tr.lgmobile.com/enjoy/photoeditor/TR/woweditor.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 21:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-854245398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\l3codecp.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\imc32.acm

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\nview.dll
c:\program files\SAMSUNG\Samsung Internet Keyboard\SITKbdHk.DLL
c:\windows\system32\msi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\l3codecp.acm
c:\windows\system32\divxa32.acm
c:\windows\system32\vorbis.acm
c:\windows\system32\imc32.acm
.
------------------------ Other Running Processes ------------------------
.
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
c:\documents and settings\ALL USERS\APPLICATION DATA\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\DRIVERS\KODAKCCS.EXE
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\ZONELABS\VSMON.EXE
c:\program files\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT_SL.EXE
c:\program files\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-10 21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-10 18:11

Pre-Run: 3.773.661.184 bytes free
Post-Run: 4.278.829.056 bytes free

331


DDS (Ver_09-03-16.01) - FAT32x86
Run by cesim at 21:35:32,75 on 10.05.2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1033.18.1536.1031 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Documents and Settings\cesim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: GetRight IE Download Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: {95e623f2-7935-4c77-9207-01f2b68555fb} - c:\windows\system32\neteven.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\tr-tr\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [EPSON Stylus DX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticee.exe /fu "c:\windows\temp\E_S14E.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [anvshell] anvshell.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intern~1.lnk - c:\program files\samsung\samsung internet keyboard\MMKbd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zone labs\zonealarm\zapro.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ADOBEA~2.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-787c-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Bağlantı hedefini mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Mevcut PDF’ye Dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Microsoft Excel'e Gö&nder - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: Seçili bağlantıları Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Seçili bağlantıları mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Seçimi Adobe PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Seçimi mevcut PDF’ye dönüştür - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {44EFB53C-C965-43CF-9F45-52242D134187}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://www.pandasecurity.com/activescan/cabs/as2stubie.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {94D69559-E6CB-4D60-BB12-56B16DCBC5C6} - hxxp://joy.tr.lgmobile.com/enjoy/photoeditor/TR/woweditor.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {50D38CD9-9F5B-45A8-8017-40D141E5CCA9} = 193.192.98.8,192.168.1.1
TCP: {D1624524-3917-48B9-BB19-B8055B00DEBE} = 193.192.98.8,192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\common files\microsoft shared\information retrieval\itss51.dll
Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\progra~1\common~1\micros~1\refere~1\msref.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdidl~1\DVDShell.dll

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 gszspzji;gszspzji;c:\windows\system32\drivers\gszspzji.sys [2001-8-23 23424]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-16 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-15 130424]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2003-10-5 232480]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-23 7040]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-11-5 130176]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090510.003\NAVENG.sys [2009-5-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090510.003\NAVEX15.sys [2009-5-10 876144]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2003-2-26 31868]
S2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\nvtunep.sys --> c:\windows\system32\drivers\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\nvtvsnd.sys --> c:\windows\system32\drivers\nvtvsnd.sys [?]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-11-20 12800]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-15 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-15 1095560]

=============== Created Last 30 ================

2009-05-10 20:56 161,792 a------- c:\windows\SWREG.exe
2009-05-10 20:56 98,816 a------- c:\windows\sed.exe
2009-05-10 20:56 <DIR> --d----- C:\ComboFix
2009-05-10 20:39 <DIR> --d----- C:\VundoFix Backups
2009-05-09 17:20 <DIR> --d----- c:\program files\LEVEL Online
2009-05-09 17:04 <DIR> --d----- c:\program files\Sierra On-Line
2009-05-09 00:55 <DIR> --dsh--- C:\FOUND.004
2009-05-04 22:39 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-04 22:39 1,409 a------- c:\windows\QTFont.for
2009-05-02 12:19 <DIR> --d----- C:\Rooter$
2009-05-02 00:22 <DIR> --d----- c:\program files\Trend Micro
2009-05-01 00:05 <DIR> --d----- c:\docume~1\cesim\applic~1\Malwarebytes
2009-05-01 00:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-01 00:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 00:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-23 17:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FNET
2009-04-23 17:30 7,040 a------- c:\windows\system32\drivers\FNETURPX.SYS
2009-04-23 17:29 <DIR> --d----- c:\program files\PcCloneEX
2009-04-23 17:02 <DIR> --d----- C:\Audio
2009-04-23 14:32 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-04-23 14:32 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-04-23 14:32 974,848 a------- c:\windows\SynthCoreA.Dll
2009-04-23 14:32 380,928 a------- c:\windows\SynCor.exe
2009-04-23 14:32 49,152 a------- c:\windows\system32\S11thk32.dll
2009-04-23 14:32 45,056 a------- c:\windows\system32\SynthCore11Resources.dll
2009-04-23 14:32 40,820 a------- c:\windows\system32\Syncor11.dll
2009-04-23 14:32 765,952 a------- c:\windows\system\crlds3d.dll
2009-04-23 14:32 720,896 a------- c:\windows\system32\Audio3d.dll
2009-04-23 14:32 <DIR> --d----- c:\windows\VirtualEar
2009-04-23 14:32 45,056 a------- c:\windows\system32\DSndUp.exe
2009-04-23 14:32 45,056 a------- c:\windows\system32\CleanUp.exe
2009-04-22 23:53 <DIR> --dsh--- C:\FOUND.003
2009-04-22 23:41 4,816 a----r-- c:\windows\system32\drivers\SETED.tmp
2009-04-22 23:15 520,192 a------- c:\windows\system32\UEFA 2008 (en).scr
2009-04-22 23:15 <DIR> --d----- c:\windows\system32\UEFA 2008 (en) dir
2009-04-22 20:50 578,304 a------- c:\windows\system32\smwdm.sys
2009-04-20 22:16 <DIR> --d----- C:\New Folder (2)
2009-04-19 17:26 140,928 a------- c:\windows\system32\drivers\ks.sys
2009-04-19 17:26 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-04-19 17:26 4,096 a------- c:\windows\system32\KSUSER.DLL
2009-04-19 17:26 130,048 a------- c:\windows\system32\KSPROXY.AX
2009-04-19 17:26 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-04-19 17:15 <DIR> --dsh--- C:\FOUND.002
2009-04-19 17:03 53,248 a----r-- c:\windows\system32\cmuda.dll
2009-04-19 17:03 28,672 a----r-- c:\windows\system32\udaprop.dll
2009-04-19 17:03 60,288 a------- c:\windows\system32\drivers\SETD0.tmp
2009-04-19 14:18 3,805 a------- c:\windows\Ascd_tmp.ini
2009-04-19 14:02 <DIR> --d----- C:\New Folder
2009-04-18 22:10 664 a------- c:\windows\system32\d3d9caps.dat
2009-04-17 21:23 140,928 a------- c:\windows\system32\dllcache\ks.sys
2009-04-17 21:23 23,552 a------- c:\windows\system32\WDMAUD.DRV
2009-04-17 21:23 23,552 a------- c:\windows\system32\dllcache\wdmaud.drv
2009-04-17 21:23 145,792 a------- c:\windows\system32\dllcache\portcls.sys
2009-04-17 21:23 60,288 a------- c:\windows\system32\dllcache\drmk.sys
2009-04-17 21:23 48,640 a------- c:\windows\system32\drivers\stream.sys
2009-04-17 21:23 48,640 a------- c:\windows\system32\dllcache\stream.sys
2009-04-17 21:11 <DIR> --dsh--- C:\FOUND.001
2009-04-17 20:58 92 a------- c:\windows\CMISETUP.INI
2009-04-17 20:58 26 a------- c:\windows\CMCDPLAY.INI
2009-04-17 20:58 237,568 a------- c:\windows\CMIUninstall.exe
2009-04-17 20:58 212,992 a------- c:\windows\CmiRmRedundDir.exe
2009-04-17 20:58 28,672 a------- c:\windows\CMIRmDriver.dll
2009-04-17 20:58 188,416 -------- c:\windows\system32\CMIMPEG2V.ax
2009-04-17 20:58 98,304 -------- c:\windows\system32\CMIVCDNav.ax
2009-04-17 20:58 114,688 -------- c:\windows\system32\CMIEffect.ax
2009-04-17 20:58 65,536 -------- c:\windows\system32\CMIEchoFilter.ax
2009-04-17 20:58 61,440 -------- c:\windows\system32\CMICDDAFilter.ax
2009-04-17 20:58 352,256 -------- c:\windows\system32\ActiveSkin.ocx
2009-04-17 20:56 260 a------- c:\windows\_delis32.ini
2009-04-17 20:37 720,896 a------- c:\windows\system32\dllcache\a3d.dll
2009-04-17 20:23 10,752 -------- c:\windows\system32\smtpapi.dll
2009-04-17 20:23 9,728 -------- c:\windows\system32\rwnh.dll
2009-04-17 20:23 29,056 -------- c:\windows\system32\drivers\ip6fw.sys
2009-04-17 20:21 19,528 a------- c:\windows\000001_.tmp
2009-04-16 22:43 <DIR> --d----- c:\program files\E-Color
2009-04-16 20:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-15 21:46 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-15 21:46 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-15 21:46 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-15 21:45 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-15 21:45 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-15 21:45 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-15 21:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-14 22:52 <DIR> --dsh--- C:\FOUND.000
2009-04-12 23:13 130,048 a------- c:\windows\system32\dllcache\ksproxy.ax
2009-04-12 23:13 4,096 a------- c:\windows\system32\dllcache\ksuser.dll
2009-04-12 22:54 16,384 a------- c:\windows\system32\drivers\SET13E.tmp
2009-04-12 22:54 4,096 a------- c:\windows\system32\SET13D.tmp
2009-04-12 17:58 720,896 a------- c:\windows\system32\a3d.dll
2009-04-12 17:58 578,304 a------- c:\windows\system32\drivers\smwdm.sys
2009-04-12 17:58 4,816 a------- c:\windows\system32\drivers\aeaudio.sys
2009-04-12 17:58 3,744 a------- c:\windows\system32\drivers\smsens.sys
2009-04-11 22:19 97,792 a------- c:\windows\system32\neteven.dll
2009-04-10 22:58 <DIR> --d----- c:\windows\VirtualEar(2)

==================== Find3M ====================

2009-04-21 20:54 346,496 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-15 23:25 6,584 a------- c:\windows\srchasst\mui\0409\lclrfine.xml.tmp
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2008-01-07 22:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2005-09-08 22:18 68,584 a------- c:\docume~1\cesim\applic~1\GDIPFONTCACHEV1.DAT
2005-04-18 22:56 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-04-18 22:56 56 ---shr-- c:\windows\system32\4869164673.sys

============= FINISH: 21:36:21,25 ===============