HijackThis Log
January 22nd, 2020
Scan saved at 12:08:49 PM, on 11/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jdk\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.temple.edu:8080
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 – URLSearchHook: (no name) – {EA756889-2338-43DB-8F07-D1CA6FB9C90D} – (no file)
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – (no file)
O1 – Hosts: ::1 localhost
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jdk\bin\ssv.dll
O2 – BHO: (no name) – {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} – (no file)
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: (no name) – {9685a586-6963-4249-a189-ce354cf0870d} – C:\Windows\system32\pipemuyo.dll
O2 – BHO: CBrowserHelperObject Object – {CA6319C0-31B7-401E-A518-A07C3DB8F777} – C:\Program Files\BAE\BAE.dll
O3 – Toolbar: (no name) – {DE9C389F-3316-41A7-809B-AA305ED9D922} – (no file)
O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 – HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 – HKLM\..\Run: [VolPanel] “C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” /r
O4 – HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 – HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 – HKLM\..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 – HKLM\..\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe”
O4 – HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jdk\bin\jusched.exe”
O4 – HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”
O4 – HKLM\..\Run: [AdobeCS4ServiceManager] “C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” -launchedbylogin
O4 – HKLM\..\Run: [dipunohabu] Rundll32.exe “C:\Windows\system32\yuloreme.dll”,s
O4 – HKLM\..\Run: [CPMd92dd0bb] Rundll32.exe “c:\windows\system32\suyivaye.dll”,a
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 – HKCU\..\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\Run: [dipunohabu] Rundll32.exe “C:\Windows\system32\yuloreme.dll”,s (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Bluetooth.lnk = ?
O4 – Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 – Global Startup: QuickSet.lnk = ?
O8 – Extra context menu item: &AIM Search – c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 – Extra context menu item: &Winamp Search – C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 – Extra context menu item: Add to Banner Ad Blocker – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 – Extra context menu item: Send image to &Bluetooth Device… – c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 – Extra context menu item: Send page to &Bluetooth Device… – c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\PROGRA~1\Java\jdk\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\PROGRA~1\Java\jdk\bin\ssv.dll
O9 – Extra button: Web traffic protection statistics – {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 – Extra button: AIM Toolbar – {3369AF0D-62E9-4bda-8103-B4C75499B578} – (no file)
O9 – Extra button: @btrez.dll,-4015 – {CCA281CA-C863-46ef-9331-5C8D4460577F} – c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 – Extra ‘Tools’ menuitem: @btrez.dll,-12650 – {CCA281CA-C863-46ef-9331-5C8D4460577F} – c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 – Gopher Prefix: O16 – DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) – C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 – DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} – http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 – DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) – http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://download.divx.com/player/DivXBrowserPlugin.cab
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll C:\Windows\system32\fahigape.dll c:\windows\system32\zulomuri.dll c:\windows\system32\suyivaye.dll
O21 – SSODL: SSODL – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\zulomuri.dll
O22 – SharedTaskScheduler: STS – {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} – c:\windows\system32\suyivaye.dll
O23 – Service: Ad-Aware 2007 Service (aawservice) – Lavasoft AB – C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Ati External Event Utility – ATI Technologies Inc. – C:\Windows\system32\Ati2evxx.exe
O23 – Service: ATI WebPAM (ATIWebPAM) – Unknown owner – C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Unknown owner – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 – Service: Creative Labs Licensing Service – Creative Labs – C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\Windows\system32\CTsvcCDA.exe
O23 – Service: DSBrokerService – Unknown owner – C:\Program Files\DellSupport\brkrsvc.exe
O23 – Service: FLEXnet Licensing Service – Acresso Software Inc. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: npkcmsvc – INCA Internet Co., Ltd. – C:\Nexon\Mabinogi\npkcmsvc.exe
O23 – Service: RoxMediaDB9 – Sonic Solutions – C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 – Service: Roxio Hard Drive Watcher 9 (RoxWatch9) – Sonic Solutions – C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 – Service: SigmaTel Audio Service (STacSV) – SigmaTel, Inc. – C:\Windows\system32\STacSV.exe
O23 – Service: Steam Client Service – Valve Corporation – C:\Program Files\Common Files\Steam\SteamService.exe
O23 – Service: stllssvr – MicroVision Development, Inc. – C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 – Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) – TuneUp Software GmbH – C:\Windows\System32\TuneUpDefragService.exe
O23 – Service: Viewpoint Manager Service – Viewpoint Corporation – C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 – Service: Dell Wireless WLAN Tray Service (wltrysvc) – Unknown owner – C:\Windows\System32\WLTRYSVC.EXE
O23 – Service: XAudioService – Conexant Systems, Inc. – C:\Windows\system32\DRIVERS\xaudio.exe
—
End of file – 11987 bytes
More vundo. 1. Download this file – http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts, but choose NOT to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix’s window whilst it’s running. That may cause it to stall.
ComboFix 08-11-26.03 – Scott 2008-11-26 12:37:46.1 – NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.912 [GMT -5:00]
Running from: c:\users\Scott\Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RichVideoCodec
c:\program files\RichVideoCodec\install.ico
c:\program files\RichVideoCodec\Uninstall.exe
c:\users\Scott\AppData\Roaming\inst.exe
c:\windows\system32\abokofup.ini
c:\windows\system32\akufawot.ini
c:\windows\system32\buhemubu.dll
c:\windows\system32\divifiku.dll
c:\windows\system32\diwevige.dll
c:\windows\system32\doyakiho.dll
c:\windows\system32\egivewid.ini
c:\windows\system32\fahigape.dll
c:\windows\system32\fajejako.dll
c:\windows\system32\gibokiho.dll
c:\windows\system32\giwolopi.dll
c:\windows\system32\gofipina.dll
c:\windows\system32\horogomo.dll
c:\windows\system32\itunowij.ini
c:\windows\system32\iwujulot.ini
c:\windows\system32\kareheyi.dll
c:\windows\system32\moriwami.dll
c:\windows\system32\noturoya.dll
c:\windows\system32\onokodoj.ini
c:\windows\system32\peluzena.dll
c:\windows\system32\pipemuyo.dll
c:\windows\system32\pufokoba.dll
c:\windows\system32\ribayiro.dll
c:\windows\system32\simadedo.dll
c:\windows\system32\sopisupu.dll
c:\windows\system32\suyivaye.dll
c:\windows\system32\towafuka.dll
c:\windows\system32\ubumehub.ini
c:\windows\system32\ugipegow.ini
c:\windows\system32\wizuyejo.dll
c:\windows\system32\wogepigu.dll
c:\windows\system32\yuloreme.dll
c:\windows\system32\yuzuwudi.dll
c:\windows\system32\zulomuri.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 12:05 . 2008-11-26 12:05<DIR>d——–c:\program files\Trend Micro
2008-11-26 11:49 . 2008-11-26 11:49<DIR>d——–c:\users\Scott\AppData\Roaming\DAEMON Tools Pro
2008-11-26 11:49 . 2008-11-26 11:49<DIR>d——–c:\users\All Users\DAEMON Tools Pro
2008-11-26 11:49 . 2008-11-26 11:49<DIR>d——–c:\programdata\DAEMON Tools Pro
2008-11-26 11:09 . 2008-11-26 11:48<DIR>d——–c:\program files\DAEMON Tools Pro
2008-11-26 00:26 . 2008-11-26 00:26685,816–a——c:\windows\System32\drivers\sptd.sys
2008-11-25 19:23 . 2008-11-25 19:23268–ah—–C:\sqmdata03.sqm
2008-11-25 19:23 . 2008-11-25 19:23244–ah—–C:\sqmnoopt03.sqm
2008-11-25 19:03 . 2008-11-25 19:03268–ah—–C:\sqmdata02.sqm
2008-11-25 19:03 . 2008-11-25 19:03244–ah—–C:\sqmnoopt02.sqm
2008-11-19 01:03 . 2008-11-19 01:03<DIR>d——–c:\users\All Users\acccore
2008-11-19 01:03 . 2008-11-19 01:03<DIR>d——–c:\programdata\acccore
2008-11-14 15:31 . 2008-11-14 15:31<DIR>d——–c:\program files\Lavasoft
2008-11-14 15:30 . 2008-11-14 15:30<DIR>d——–c:\users\All Users\Lavasoft
2008-11-14 15:30 . 2008-11-14 15:30<DIR>d——–c:\programdata\Lavasoft
2008-11-11 15:30 . 2008-09-09 22:401,334,272–a——c:\windows\System32\msxml6.dll
2008-11-11 15:30 . 2008-09-05 00:141,191,936–a——c:\windows\System32\msxml3.dll
2008-11-11 15:30 . 2008-08-26 20:05212,480–a——c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 12:59 . 2008-11-21 21:22<DIR>d——–c:\users\Scott\javascript
2008-11-11 08:18 . 2008-11-11 08:1856–ah—–c:\windows\System32\ezsidmv.dat
2008-11-11 08:17 . 2008-11-25 17:57<DIR>d——–c:\users\Scott\AppData\Roaming\skypePM
2008-11-11 08:13 . 2008-11-25 19:23<DIR>d——–c:\users\Scott\AppData\Roaming\Skype
2008-11-10 12:20 . 2008-11-10 12:29<DIR>d——–c:\users\Scott\AppData\Roaming\Notepad++
2008-11-10 12:20 . 2008-11-10 12:21<DIR>d——–c:\program files\Notepad++
2008-11-09 19:26 . 2008-11-09 19:26<DIR>d——–c:\program files\Adobe Media Player
2008-11-09 19:23 . 2008-11-09 19:23<DIR>d——–c:\program files\Common Files\Adobe AIR
2008-11-09 19:17 . 2008-11-09 19:17<DIR>d——–c:\program files\Common Files\Macrovision Shared
2008-11-08 03:36 . 2008-11-08 03:36<DIR>d——–c:\users\All Users\Skype
2008-11-08 03:36 . 2008-11-08 03:36<DIR>d——–c:\programdata\Skype
2008-11-08 03:36 . 2008-11-08 03:36<DIR>d——–c:\program files\Skype
2008-11-08 03:36 . 2008-11-08 03:36<DIR>d——–c:\program files\Common Files\Skype
2008-11-07 23:16 . 2008-11-07 23:16268–ah—–C:\sqmdata01.sqm
2008-11-07 23:16 . 2008-11-07 23:16244–ah—–C:\sqmnoopt01.sqm
2008-11-07 15:49 . 2008-11-07 15:51<DIR>d——–c:\users\All Users\FLEXnet
2008-11-07 15:49 . 2008-11-07 15:51<DIR>d——–c:\programdata\FLEXnet
2008-11-07 14:51 . 2008-11-07 15:16<DIR>d——–c:\users\All Users\Yahoo!
2008-11-07 14:51 . 2008-11-07 15:16<DIR>d——–c:\programdata\Yahoo!
2008-11-07 04:00 . 2008-11-07 04:00268–ah—–C:\sqmdata00.sqm
2008-11-07 04:00 . 2008-11-07 04:00244–ah—–C:\sqmnoopt00.sqm
2008-11-07 03:42 . 2008-11-07 03:42<DIR>d——–c:\users\All Users\WindowsSearch
2008-11-07 03:42 . 2008-11-07 03:42<DIR>d——–c:\programdata\WindowsSearch
2008-11-06 20:07 . 2008-11-06 20:18<DIR>d–hsc—c:\program files\Common Files\WindowsLiveInstaller
2008-11-06 20:06 . 2008-11-06 20:19<DIR>d——–c:\program files\Windows Live
2008-11-06 20:05 . 2008-11-06 20:16<DIR>d——–c:\users\All Users\WLInstaller
2008-11-06 20:05 . 2008-11-06 20:16<DIR>d——–c:\programdata\WLInstaller
2008-11-04 16:26 . 2008-10-16 16:131,809,944–a——c:\windows\System32\wuaueng.dll
2008-11-04 16:26 . 2008-10-16 15:561,524,736–a——c:\windows\System32\wucltux.dll
2008-11-04 16:26 . 2008-10-16 16:12561,688–a——c:\windows\System32\wuapi.dll
2008-11-04 16:26 . 2008-10-16 14:08162,064–a——c:\windows\System32\wuwebv.dll
2008-11-04 16:26 . 2008-10-16 15:5583,456–a——c:\windows\System32\wudriver.dll
2008-11-04 16:26 . 2008-10-16 16:0951,224–a——c:\windows\System32\wuauclt.exe
2008-11-04 16:26 . 2008-10-16 16:0943,544–a——c:\windows\System32\wups2.dll
2008-11-04 16:26 . 2008-10-16 16:0834,328–a——c:\windows\System32\wups.dll
2008-11-04 16:26 . 2008-10-16 13:5631,232–a——c:\windows\System32\wuapp.exe
2008-10-31 02:16 . 2008-11-08 23:07<DIR>d——–c:\users\Scott\recording n ss
2008-10-30 23:09 . 2008-08-05 04:49428,544–a——c:\windows\System32\EncDec.dll
2008-10-30 23:09 . 2008-08-05 04:49293,376–a——c:\windows\System32\psisdecd.dll
2008-10-30 23:09 . 2008-08-05 04:48217,088–a——c:\windows\System32\psisrndr.ax
2008-10-30 23:09 . 2008-08-05 04:48177,664–a——c:\windows\System32\mpg2splt.ax
2008-10-30 23:09 . 2008-08-05 04:4880,896–a——c:\windows\System32\MSNP.ax
2008-10-30 15:20 . 2008-10-30 15:3996,976–a——c:\windows\System32\drivers\klin.dat
2008-10-30 15:20 . 2008-10-30 15:2087,855–a——c:\windows\System32\drivers\klick.dat
2008-10-30 15:18 . 2008-11-26 11:07<DIR>d——–c:\users\All Users\Kaspersky Lab
2008-10-30 15:18 . 2008-11-26 11:07<DIR>d——–c:\programdata\Kaspersky Lab
2008-10-30 15:18 . 2008-11-26 12:498,626,720–ahs—-c:\windows\System32\drivers\fidbox.dat
2008-10-30 15:18 . 2008-11-26 12:551,024,032–ahs—-c:\windows\System32\drivers\fidbox2.dat
2008-10-30 15:18 . 2008-11-26 12:4970,572–ahs—-c:\windows\System32\drivers\fidbox.idx
2008-10-30 15:18 . 2008-11-26 12:536,676–ahs—-c:\windows\System32\drivers\fidbox2.idx
2008-10-29 10:45 . 2008-08-11 22:39443,392–a——c:\windows\System32\win32spl.dll
2008-10-29 10:45 . 2008-09-17 23:56147,456–a——c:\windows\System32\Faultrep.dll
2008-10-29 10:45 . 2008-09-17 23:56125,952–a——c:\windows\System32\wersvc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 17:176,754—-a-wc:\users\Scott\AppData\Roaming\wklnhst.dat
2008-11-26 00:47———d—–wc:\program files\Yahoo!
2008-11-23 07:25———d—–wc:\program files\Viewpoint
2008-11-19 06:04———d—–wc:\program files\AIM6
2008-11-19 06:03———d—–wc:\programdata\Viewpoint
2008-11-19 06:02———d—–wc:\programdata\AOL Downloads
2008-11-18 16:19———d—–wc:\users\Scott\AppData\Roaming\U3
2008-11-14 20:28———d—–wc:\program files\Common Files\Wise Installation Wizard
2008-11-14 19:16———d—–wc:\users\Scott\AppData\Roaming\Winamp
2008-11-12 17:00———d—–wc:\programdata\Microsoft Help
2008-11-10 04:09———d—–wc:\program files\Common Files\Adobe
2008-11-10 02:50———d—–wc:\program files\Macromedia
2008-11-10 02:49———d—–wc:\program files\Common Files\Macromedia
2008-11-09 06:56———d—–wc:\users\Scott\AppData\Roaming\BitTorrent
2008-11-07 08:03———d—–wc:\program files\Microsoft Works
2008-10-31 03:05———d—–wc:\users\Scott\AppData\Roaming\Vso
2008-10-30 20:18———d—–wc:\program files\Kaspersky Lab
2008-10-23 17:18———d—–wc:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-23 17:18———d—–wc:\program files\iTunes
2008-10-23 17:17———d—–wc:\program files\iPod
2008-10-22 05:44———d—–wc:\program files\PeerGuardian2
2008-10-17 02:05———d—–wc:\programdata\Kaspersky Lab Setup Files
2008-10-15 09:22———d—–wc:\program files\Windows Mail
2008-10-13 01:38———d—–wc:\programdata\Winamp Toolbar
2008-10-13 01:38———d—–wc:\program files\Winamp Toolbar
2008-10-13 01:38———d—–wc:\program files\Winamp
2008-10-11 08:35———d—–wc:\program files\Ventrilo
2008-10-09 05:56———d—–wc:\program files\Alarm Clock
2008-10-08 01:55———d—–wc:\program files\Stardock
2008-10-08 00:37———d–h–wc:\program files\InstallShield Installation Information
2008-10-06 02:12———d—–wc:\programdata\Stardock
2008-10-04 08:38———d—–wc:\program files\Frameworkx
2008-10-04 04:12———dc-h–wc:\programdata\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
2008-10-02 20:10———d—–wc:\users\Scott\AppData\Roaming\Windows Sidebar Styler
2008-10-02 19:34———d—–wc:\program files\Windows Sidebar
2008-10-02 19:34———d—–wc:\program files\Stanimir Stoyanov
2008-10-02 19:07———d—–wc:\users\Scott\AppData\Roaming\TuneUp Software
2008-10-02 19:06306,432—-a-wc:\windows\System32\TuneUpDefragService.exe
2008-10-02 19:06———d—–wc:\programdata\TuneUp Software
2008-10-02 19:06———d—–wc:\program files\TuneUp Utilities 2008
2008-10-02 03:49827,392—-a-wc:\windows\System32\wininet.dll
2008-10-01 17:0132,000—-a-wc:\windows\system32\drivers\usbaapl.sys
2008-09-30 21:431,286,152—-a-wc:\windows\System32\msxml4.dll
2008-09-30 10:15———d—–wc:\programdata\Webcammax
2008-09-30 09:07———d—–wc:\program files\WebcamMax
2008-09-30 06:34———d—–wc:\users\Scott\AppData\Roaming\Webcammax
2008-09-30 06:26———d—a-wc:\programdata\TEMP
2008-09-29 01:46———d—–wc:\program files\Apple Software Update
2008-09-29 01:42———d—–wc:\program files\QuickTime
2008-09-29 01:42———d—–wc:\program files\Bonjour
2008-09-29 01:41———d—–wc:\program files\Common Files\Apple
2008-09-28 01:37———d—–wc:\program files\CCleaner
2008-09-18 05:093,601,464—-a-wc:\windows\System32\ntkrnlpa.exe
2008-09-18 05:093,549,240—-a-wc:\windows\System32\ntoskrnl.exe
2008-09-18 02:162,032,640—-a-wc:\windows\System32\win32k.sys
2008-09-10 06:3781,920—-a-wc:\windows\System32\frapsvid.dll
2008-09-05 17:34174–sha-wc:\program files\desktop.ini
2008-09-05 16:5282,432—-a-wc:\windows\System32\axaltocm.dll
2008-09-05 16:52101,888—-a-wc:\windows\System32\ifxcardm.dll
2008-09-05 16:0247,560—-a-wc:\windows\System32\SPReview.exe
2008-09-05 16:02152,576—-a-wc:\windows\System32\SPWizUI.dll
2008-08-29 14:1887,336—-a-wc:\windows\System32\dns-sd.exe
2008-08-29 13:5361,440—-a-wc:\windows\System32\dnssd.dll
2008-07-21 21:0547,360—-a-wc:\users\Scott\AppData\Roaming\pcouffin.sys
2007-07-24 14:3680–sh–rc:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=”c:\windows\ehome\ehTray.exe” [2008-01-18 125952]
“WMPNSCFG”=”c:\program files\Windows Media Player\WMPNSCFG.exe” [2008-01-18 202240]
“Aim6″=”c:\program files\AIM6\aim6.exe” [2008-10-31 50480]
“msnmsgr”=”c:\program files\Windows Live\Messenger\msnmsgr.exe” [2007-10-18 5724184]
“DAEMON Tools Pro Agent”=”c:\program files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 136136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=”c:\program files\DellTPad\Apoint.exe” [2007-04-17 159744]
“OEM02Mon.exe”=”c:\windows\OEM02Mon.exe” [2007-02-02 36864]
“VolPanel”=”c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” [2006-11-27 180224]
“UpdReg”=”c:\windows\UpdReg.EXE” [2000-05-11 90112]
“Broadcom Wireless Manager UI”=”c:\windows\system32\WLTRAY.exe” [2007-03-21 1548288]
“ISUSScheduler”=”c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2006-10-03 81920]
“PCMService”=”c:\program files\Dell\MediaDirect\PCMService.exe” [2007-04-16 184320]
“ECenter”=”c:\dell\E-Center\EULALauncher.exe” [2007-03-16 17920]
“ISUSPM Startup”=”c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2006-10-03 221184]
“SunJavaUpdateSched”=”c:\program files\Java\jdk\bin\jusched.exe” [2008-06-10 144784]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]
“AppleSyncNotifier”=”c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2008-09-03 111936]
“AdobeCS4ServiceManager”=”c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” [2008-08-14 611712]
“AVP”=”c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2008-07-29 206088]
“SigmatelSysTrayApp”=”sttray.exe” [2007-03-06 c:\windows\sttray.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk – c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Bluetooth.lnk – c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk – c:\program files\Digital Line Detect\DLG.exe [2007-07-24 50688]
QuickSet.lnk – c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-07-24 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“Aim6″=”c:\program files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
“DellSupport”=”c:\program files\DellSupport\DSAgnt.exe” /startup
“Skype”=”c:\program files\Skype\Phone\Skype.exe” /nosplash /minimized
“MsnMsgr”=”c:\program files\Windows Live\Messenger\MsnMsgr.Exe” /background
“Sidebar”=c:\program files\Windows Sidebar\Sidebar.exe /autoRun
“Messenger (Yahoo!)”=”c:\program files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{5DC10D32-C88B-4C1B-B76F-5FC6BCB4D8D8}”= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
“{C157BA15-2EF6-4B60-B8BD-23EC3AB7E406}”= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
“{A320DE88-558D-4D8F-9EC5-A5997F8B187C}”= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
“{0EB251B2-9E7D-4418-99CA-22A8436666D3}”= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
“{5932C1D4-686C-4AC4-B876-96B4BBA03D4E}”= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
“{D7B29AA2-06E9-4318-89C8-D8EF2E57BF0C}”= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
“TCP Query User{5DED8B22-7DDB-4802-B3DB-26F406B4CF4C}c:\\program files\\internet explorer\\iexplore.exe”= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{31231A33-5258-4666-9375-D9BC2E60B607}c:\\program files\\internet explorer\\iexplore.exe”= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{FB77BB8C-885B-4BEA-BAB5-DE04613A9636}c:\\program files\\morpheus\\morpheus.exe”= UDP:c:\program files\morpheus\morpheus.exe:Morpheus
“UDP Query User{6D69FE7D-E65D-465A-94E2-907A0C73B389}c:\\program files\\morpheus\\morpheus.exe”= TCP:c:\program files\morpheus\morpheus.exe:Morpheus
“{412AF6D8-5FAC-4536-885D-913FC81EDC0B}”= UDP:c:\program files\utorrent\utorrent.exe:�Torrent
“{90CE5254-12E2-42DC-94F8-FFA9C9CFF2DE}”= TCP:c:\program files\utorrent\utorrent.exe:�Torrent
“TCP Query User{32E859AB-195A-4494-90D0-8A18BBC638D1}c:\\users\\scott\\desktop\\starcraft\\starcraft.exe”= UDP:c:\users\scott\desktop\starcraft\starcraft.exe:starcraft.exe
“UDP Query User{EC7D18A8-7459-4EBD-B936-21540F7F3074}c:\\users\\scott\\desktop\\starcraft\\starcraft.exe”= TCP:c:\users\scott\desktop\starcraft\starcraft.exe:starcraft.exe
“TCP Query User{8EC87001-379B-4F81-AC2C-7D91DC082149}c:\\program files\\limewire\\limewire.exe”= UDP:c:\program files\limewire\limewire.exe:LimeWire
“UDP Query User{1B9797AB-D2B7-4125-A083-913960083BE9}c:\\program files\\limewire\\limewire.exe”= TCP:c:\program files\limewire\limewire.exe:LimeWire
“TCP Query User{E2DAC4D2-1D10-4BB6-9118-D7E5688742D4}f:\\nexon\\maplestory\\patcher.exe”= UDP:f:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
“UDP Query User{235A51BE-C841-42A0-BEBE-9B9B4770592A}f:\\nexon\\maplestory\\patcher.exe”= TCP:f:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
“{81C9ECF6-F457-48F5-A781-27916FF01AE8}”= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
“{9FCA853D-8D15-4E10-B65B-55F06A9CDAFC}”= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
“TCP Query User{DABC4091-83FF-4AF3-B79E-2D2AB6322E9C}c:\\program files\\nexon\\maplestory\\patcher.exe”= UDP:c:\program files\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
“UDP Query User{5DF4441B-6CB3-41F1-AB24-3DB36FA52876}c:\\program files\\nexon\\maplestory\\patcher.exe”= TCP:c:\program files\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
“TCP Query User{B0C4D305-E560-41B6-937F-11B94675F2D3}c:\\program files\\nexon\\maplestory\\newpatcher.exe”= UDP:c:\program files\nexon\maplestory\newpatcher.exe:Patcher MFC ?? ????
“UDP Query User{DAEF89DC-C133-4DD5-A808-CC741CD2B7C2}c:\\program files\\nexon\\maplestory\\newpatcher.exe”= TCP:c:\program files\nexon\maplestory\newpatcher.exe:Patcher MFC ?? ????
“TCP Query User{7A6DC2CD-F387-4A45-B1AE-1A54D4C3CB5F}c:\\program files\\aim6\\aim6.exe”= UDP:c:\program files\aim6\aim6.exe:AIM
“UDP Query User{66DA8B47-B0C1-465A-962C-EA7C12511611}c:\\program files\\aim6\\aim6.exe”= TCP:c:\program files\aim6\aim6.exe:AIM
“{D47B96D7-425A-4B39-8BA3-0CA103F63B48}”= UDP:c:\program files\LimeWireTrial\LimeWire.exe:LimeWire
“{0B56D0F0-3B49-4B5B-94D7-EA7C0981CDF3}”= TCP:c:\program files\LimeWireTrial\LimeWire.exe:LimeWire
“{18DA7E22-8F57-4F2F-A2C3-D390113FAEA0}”= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
“{964709BE-3E72-4B76-B3F9-D814942CED4D}”= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
“{4B203BE9-947C-46E9-967E-FF6094BA226A}”= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{557AEB94-C8A7-4A6B-B54A-62FECF3962AF}”= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
“{19404A64-B43C-4A54-BAA0-0D30CFF8428E}”= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{37B75A6A-9C92-4FC6-9AC6-87E6CC956155}”= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{EB9572C5-7D26-4059-BF7C-5396047340E5}”= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{6EA8A43B-2CE8-474B-BE07-ABF47820903E}”= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{47178D82-828D-4433-B9F8-28E7273BD556}”= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{F53EE522-499A-44D9-9849-54D7F178C8ED}”= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{B1177095-8C8D-46CC-9F54-508C2726BB06}”= UDP:c:\program files\DNA\btdna.exe:DNA
“{8464340C-788C-477B-A082-90685E0142DC}”= TCP:c:\program files\DNA\btdna.exe:DNA
“{A367ADD8-E340-4E2C-9F87-9426FEFBBBE0}”= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
“{000F9F61-9AE4-4A65-915C-3D840A55F0A6}”= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
“TCP Query User{8D69E655-40C8-480E-9473-449900E00E5A}c:\\program files\\jdk\\jre\\bin\\java.exe”= UDP:c:\program files\jdk\jre\bin\java.exe:Java(TM) Platform SE binary
“UDP Query User{CBC87E6F-089E-4BD1-82ED-5D921A66E39E}c:\\program files\\jdk\\jre\\bin\\java.exe”= TCP:c:\program files\jdk\jre\bin\java.exe:Java(TM) Platform SE binary
“{D5031D90-4446-4381-B21B-44DCE18839B3}”= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{17B8A1C9-0F85-42CA-B5A9-E8D88A72A1B7}”= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
“{EA47F7CB-D2F1-4D94-A05A-81A9022F989C}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{7F5C1B61-C192-49A4-9664-DC2A399E18D4}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“TCP Query User{6CDC4BE9-F935-4F35-BB68-8535E2D66632}c:\\program files\\mozilla firefox\\firefox.exe”= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{251BC8EC-1852-436B-A116-E88EA77ACD91}c:\\program files\\mozilla firefox\\firefox.exe”= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
“TCP Query User{795C95E0-A3F3-4F6B-B3DE-2ABD848798BF}c:\\program files\\jdk\\jre\\bin\\java.exe”= UDP:c:\program files\jdk\jre\bin\java.exe:Java(TM) Platform SE binary
“UDP Query User{A7978C12-B01A-4DD6-8507-BC34372ADF59}c:\\program files\\jdk\\jre\\bin\\java.exe”= TCP:c:\program files\jdk\jre\bin\java.exe:Java(TM) Platform SE binary
“TCP Query User{1748F164-60E9-48F0-A336-F044C4F03CE9}c:\\kav\\kis7.0\\english\\setup.exe”= UDP:c:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
“UDP Query User{D9E54A59-04C1-4C03-AC96-555B724E7A82}c:\\kav\\kis7.0\\english\\setup.exe”= TCP:c:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
“{247394CF-1F03-4EBE-8700-9D5EAB0C2ECD}”= UDP:c:\program files\iTunes\iTunes.exe:iTunes
“{C95151A2-A59C-4095-9939-7D267C11F088}”= TCP:c:\program files\iTunes\iTunes.exe:iTunes
“{EDD0689E-5683-4140-B8B8-6F1B51756CB5}”= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{9D09EA90-93F2-46AE-931E-EF3895E23D98}”= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“{8BE3D8A5-FF35-4666-B0C7-745E9D172AAE}”= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
“{9F34E3E0-54E0-4A62-9DEF-3157E969C7A9}”= c:\program files\Skype\Phone\Skype.exe:Skype
“{1D0265AB-8C31-4343-8376-1A9E5734E5CC}”= UDP:5353:Adobe CSI CS4
“{77734E75-E1C0-40CC-926B-F1FBDAC2DBFB}”= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
“{C90ABD3C-B49B-4289-88A7-FE40D03DD8A8}”= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
“{988AC9B4-01FB-4861-A338-B2B4976E0994}”= UDP:c:\windows\explorer.exe:Explorer
“{DE3CEDAB-49C7-46C2-B391-7A1ACBE36190}”= TCP:c:\windows\explorer.exe:Explorer
“{59642DC8-B154-441B-9CFA-08F9A7F0791C}”= UDP:c:\windows\System32\LogonUI.exe:LogonUI
“{1D496532-7D14-492D-8BEA-90150F4365ED}”= TCP:c:\windows\System32\LogonUI.exe:LogonUI
“{E9FE5240-A1BC-4C82-B8ED-BDB88E161F18}”= UDP:c:\windows\System32\winlogon.exe:winlogon
“{ECEECEE7-7E72-469F-992B-A14EEEE22BD9}”= TCP:c:\windows\System32\winlogon.exe:winlogon
“{3C95572B-BF5C-42DF-B581-AE019FFC4A93}”= UDP:c:\windows\System32\wininit.exe:wininit
“{E0DDB0A3-7142-4BBF-B91C-B1DA4C144508}”= TCP:c:\windows\System32\wininit.exe:wininit
“{7D338F8F-AB51-4E01-B24E-0185ADDACC73}”= UDP:c:\windows\System32\winlogon.exe:winlogon
“{332D6536-86D1-450C-ADA4-C2DF1AB3F184}”= TCP:c:\windows\System32\winlogon.exe:winlogon
“{5838AFCA-8715-417E-9A25-6C8DB2280684}”= UDP:c:\windows\System32\wininit.exe:wininit
“{67797379-29BB-4F52-8772-8BC927754AD0}”= TCP:c:\windows\System32\wininit.exe:wininit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“c:\\Program Files\\BitTorrent\\bittorrent.exe”= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 ahcix86s;ahcix86s;c:\windows\system32\drivers\ahcix86s.sys [2007-07-24 119296]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2007-07-24 7680]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 adfs;adfs;c:\windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ATIWebPAM;ATI WebPAM;”c:\program files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe” -s wrapper.conf [2003-09-29 110592]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2007-10-06 941784]
R2 npkcmsvc;npkcmsvc;c:\nexon\Mabinogi\npkcmsvc.exe [2008-02-22 80528]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2008-09-05 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;”c:\program files\Viewpoint\Common\ViewpointService.exe” [2007-10-30 24652]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-07-24 2411520]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-07-24 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-07-24 7424]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2007-09-13 87288]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-02 306432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcsREG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost – NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command – G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce7b80e9-8d92-11dd-abac-00197edd2844}]
\shell\AutoRun\command – F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b99564-8491-11dd-9bbe-00197edd2844}]
\shell\AutoRun\command – F:\LaunchU3.exe -a
.
Contents of the ‘Scheduled Tasks’ folder
2008-11-22 c:\windows\Tasks\1-Click Maintenance.job
– c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31]
2008-11-26 c:\windows\Tasks\User_Feed_Synchronization-{387A82CF-2A3F-41D6-86E2-61E0D2107A99}.job
– c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
– – – – ORPHANS REMOVED – – – –
BHO-{9685a586-6963-4249-a189-ce354cf0870d} – c:\windows\system32\pipemuyo.dll
.
——- Supplementary Scan ——-
.
FireFox -: Profile – c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\nhmf5jml.default\
FireFox -: prefs.js – STARTUP.HOMEPAGE – hxxp://www.google.com/
FF -: plugin – c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin – c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin – c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF -: plugin – c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjava11.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjava12.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjava13.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjava14.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjava32.dll
FF -: plugin – c:\program files\Java\jdk\bin\npjpi160_07.dll
FF -: plugin – c:\program files\Java\jdk\bin\npoji610.dll
FF -: plugin – c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin – c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin – c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin – c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin – c:\users\Scott\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin – c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 12:55:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes … scanning hidden autostart entries …
scanning hidden files … **************************************************************************
.
———————— Other Running Processes ————————
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\ATI\WebPAM\_jvm\bin\java.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\combofix\hidec.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\AIM6\aolsoftware.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2008-11-26 13:01:24 – machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 18:01:00
Pre-Run: 42,511,679,488 bytes free
Post-Run: 42,230,509,568 bytes free
426— E O F —2008-11-12 17:00:09
also just a side note.. that scared the hell out of me when it started running
bump for help please
bumping again plzzzzz help