combofix-report
-------------------------------------------------------------------------------------------------------
ComboFix 08-03-10.1 - ZI 2008-03-11 18:25:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.150 [GMT -5:00]
Running from: C:\Users\ZI\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\inetget2
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Users\ZI\install.exe
C:\Windows\b104.exe
C:\Windows\b152.exe
C:\Windows\b153.exe
C:\Windows\mrofinu1535.exe
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\wvutrpp.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.
2008-03-10 16:45 . 2008-03-10 16:45 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-03-10 16:45 . 2008-03-10 16:45 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-03-10 16:34 . 2008-03-10 16:34 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-03-10 16:33 . 2008-03-10 16:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-10 16:33 . 2008-03-10 16:33 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-03-10 16:29 . 2008-03-10 16:29 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-03-09 17:21 . 2008-03-09 17:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-09 14:56 . 2008-03-09 15:04 <DIR> d-------- C:\Users\ZI\AppData\Roaming\ErrorSmart
2008-03-09 14:55 . 2008-03-10 07:17 <DIR> d-------- C:\Program Files\ErrorSmart
2008-03-03 03:13 . 2008-03-03 03:13 <DIR> d-------- C:\Program Files\nvcoi
2008-03-03 01:21 . 2008-03-03 01:21 0 --------- C:\Windows\WB.ini
2008-03-03 01:18 . 2007-09-12 18:58 58,792 --------- C:\Windows\System32\wbload.dll
2008-03-03 01:18 . 2007-07-11 15:06 42,672 --------- C:\Windows\System32\wbsys.dll
2008-03-02 17:05 . 2008-03-02 17:05 <DIR> d-------- C:\Program Files\iTunes
2008-03-02 17:05 . 2008-03-02 17:05 <DIR> d-------- C:\Program Files\iPod
2008-03-02 16:06 . 2008-03-02 16:44 <DIR> d-------- C:\MemDB
2008-02-22 19:25 . 2008-03-03 03:23 <DIR> d-------- C:\Users\ZI\Shared
2008-02-22 19:25 . 2008-03-03 03:29 <DIR> d-------- C:\Users\ZI\Incomplete
2008-02-22 19:25 . 2008-03-03 03:24 <DIR> d-------- C:\Users\ZI\AppData\Roaming\FrostWire
2008-02-22 19:24 . 2008-02-22 19:25 <DIR> d-------- C:\Program Files\FrostWire
2008-02-22 19:24 . 2008-02-22 19:24 <DIR> d-------- C:\Program Files\AskSBar
2008-02-21 19:24 . 2008-02-21 19:24 <DIR> d-------- C:\Program Files\Alias
2008-02-14 15:43 . 2008-02-14 15:43 <DIR> d-------- C:\Program Files\Delta
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 23:27 --------- d-----w C:\Users\ZI\AppData\Roaming\BitTorrent DNA
2008-03-11 22:24 --------- d-----w C:\Users\ZI\AppData\Roaming\StumbleUpon
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k7
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k6
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k5
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k4
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k3
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k2
2008-03-11 00:42 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k1
2008-03-11 00:42 523,418 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k0
2008-03-10 21:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-10 21:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-10 21:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-10 21:34 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-10 21:34 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-10 21:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-10 21:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-10 21:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-10 21:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-10 21:34 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-10 21:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-10 21:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-10 21:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-10 21:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-10 21:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-10 21:31 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-10 21:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-10 21:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-10 21:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-10 00:49 --------- d-----w C:\Users\ZI\AppData\Roaming\GSC
2008-03-09 19:59 --------- d-----w C:\Program Files\Lx_cats
2008-03-09 00:23 --------- d-----w C:\Users\ZI\AppData\Roaming\gtk-2.0
2008-03-03 06:46 --------- d-----w C:\Users\ZI\AppData\Roaming\BitTorrent
2008-03-02 22:05 --------- d-----w C:\ProgramData\Apple Computer
2008-03-02 21:59 --------- d-----w C:\Program Files\QuickTime
2008-02-25 06:07 --------- d-----w C:\Program Files\Opera
2008-02-22 05:52 --------- d-----w C:\Program Files\Last.fm
2008-02-22 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-21 02:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-14 20:55 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-02-14 04:03 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-14 04:03 --------- d-----w C:\Program Files\Common Files\Scanner
2008-02-08 22:48 --------- d-----w C:\Program Files\GSC
2008-02-08 04:28 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-03 21:57 --------- d-----w C:\Users\ZI\AppData\Roaming\Apple Computer
2008-02-03 21:47 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-02 13:14 --------- d-----w C:\ProgramData\FLEXnet
2008-02-02 13:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 13:05 --------- d-----w C:\Program Files\Bonjour
2008-02-02 12:49 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-26 05:11 --------- d-----w C:\Users\ZI\AppData\Roaming\IrfanView
2008-01-23 21:22 --------- d-----w C:\Users\connie\AppData\Roaming\Hewlett-Packard
2008-01-21 02:54 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-01-20 23:00 --------- d-----w C:\Program Files\Macromedia
2008-01-20 23:00 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-20 20:55 --------- d-----w C:\Users\ZI\AppData\Roaming\Yahoo!
2008-01-20 20:25 --------- d-----w C:\ProgramData\Yahoo!
2008-01-20 20:20 --------- d-----w C:\Program Files\Yahoo!
2008-01-20 00:08 --------- d-----w C:\Program Files\VentSrv
2008-01-20 00:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-17 05:35 --------- d-----w C:\Program Files\StumbleUpon
2008-01-17 00:55 --------- d-----w C:\Program Files\Oberon Media
2008-01-17 00:53 --------- d-----w C:\Program Files\Real Alternative
2008-01-17 00:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-01-17 00:52 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-17 00:52 --------- d-----w C:\Program Files\GStudio7
2008-01-17 00:52 --------- d-----w C:\Program Files\DivX
2008-01-17 00:52 --------- d-----w C:\Program Files\Dictionary
2008-01-17 00:52 --------- d-----w C:\Program Files\Autodesk Network License Manager
2008-01-17 00:51 --------- d-----w C:\Program Files\Active WebCam
2008-01-17 00:50 --------- d-----w C:\ProgramData\Dragon's Eye Productions
2008-01-17 00:50 --------- d-----w C:\Program Files\Furcadia
2008-01-17 00:48 --------- d-----w C:\Program Files\NCH Software
2008-01-15 22:22 --------- d-----w C:\Users\ZI\AppData\Roaming\Ventrilo
2008-01-15 03:50 --------- d-----w C:\Program Files\Ventrilo
2008-01-14 23:20 67,722 ----a-w C:\Users\ZI\AppData\Roaming\nvModes.dat
2008-01-09 09:24 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-03 06:58 88,576 ----a-w C:\Windows\System32\infocardapi.dll
2008-01-03 06:58 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-03 06:58 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-03 06:58 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-03 06:58 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-03 06:58 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-01-03 06:58 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-01-03 06:45 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-03 06:45 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-03 06:45 41,984 ----a-w C:\Windows\System32\netfxperf.dll
2008-01-03 06:45 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-03 06:45 158,720 ----a-w C:\Windows\System32\mscorier.dll
2007-12-31 04:58 398,200 ----a-w C:\Windows\System32\SpoonUninstall.exe
2007-12-14 03:09 2,341,603 ----a-w C:\Users\ZI\GenuineCheck.exe
2007-12-12 09:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 09:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 09:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-10-27 20:06 0 ----a-w C:\Users\ZI\AppData\Roaming\wklnhst.dat
2007-10-12 07:05 27,572 ----a-w C:\Users\ZI\Config.bin
2007-10-07 00:11 174 --sha-w C:\Program Files\desktop.ini
2007-07-16 21:53 48 ----a-w C:\Users\ZI\readme.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-22 19:24 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-22 19:24 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-22 19:24 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 15:26 484904]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"BitTorrent DNA"="C:\Users\ZI\Program Files\BitTorrent_DNA\dna.exe" [2007-11-04 19:59 286016]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-03 03:13 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-03-03 02:06 173320]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 04:57 1006264]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 20:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 13:38 159744]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-10-05 21:55 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-10-05 21:55 230928]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-03-03 02:06 1193224]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\ZI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-02 23:24:31 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 14:00 79368 C:\Windows\System32\UmxWNP.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\Windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^ZI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\Windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^ZI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^ZI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
backup=C:\Windows\pss\SDK Tray Menu.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun]
C:\Program Files\NCH Software\Eyeline\eyeline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 01:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-03-01 15:18 472776 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
--a------ 2007-03-05 02:40 20480 C:\Program Files\Lexmark 2500 Series\lxddamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-05-04 01:38 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-08 21:57 8433664 C:\Windows\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-07-08 21:57 81920 C:\Windows\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-07-08 21:57 86016 C:\Windows\system32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-09 04:24 1232896 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-10 18:12 317128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2692123140-1123390192-3691900916-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ACBA157B-9CC4-454E-90C9-4C9F47187009}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{54D7B48F-6D43-4AC8-8EBF-0131AFA134B8}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{3F3A36E4-548A-473B-9B66-2F5C0AC5708D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5C74AF3F-4210-4081-93D7-E0D0DE6E06EC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{F4E02867-156A-49EE-8CF2-70E69C614DAA}"= Disabled:UDP:135:TCP Port 135
"{CD34C9D0-B6F4-485A-B04B-5DF92B0DAA49}"= Disabled:UDP:5000:TCP Port 5000
"{AB170540-5E15-4E56-8D30-C0F966CF7775}"= Disabled:UDP:5001:TCP Port 5001
"{572B0CD7-D3B2-4C53-8A20-F73AF26F9CC1}"= Disabled:UDP:5002:TCP Port 5002
"{7D26ABF7-2C11-4D4D-99A1-A32D28C2E963}"= Disabled:UDP:5003:TCP Port 5003
"{6D878997-DABD-4CDA-9317-4733A805509F}"= Disabled:UDP:5004:TCP Port 5004
"{732F7284-4D25-40DE-918E-A653CCF83C1F}"= Disabled:UDP:5005:TCP Port 5005
"{52040BF8-DB3C-4E7C-B7B0-D3B3E352F923}"= Disabled:UDP:5006:TCP Port 5006
"{23C58A6D-82C7-44FF-AF28-D300B0471103}"= Disabled:UDP:5007:TCP Port 5007
"{2FF6A539-90C8-42AC-981D-6E5BD6DDB78F}"= Disabled:UDP:5008:TCP Port 5008
"{3B7204F0-2E93-446A-96CC-92C3FC826F8E}"= Disabled:UDP:5009:TCP Port 5009
"{46E083AE-5F4C-4BA2-A425-947E9749B5CF}"= Disabled:UDP:5010:TCP Port 5010
"{7ACF543B-84DA-4299-9C46-E548FC9FF2C1}"= Disabled:UDP:5011:TCP Port 5011
"{38581B2A-5BDD-42D0-80F8-CAD958AACE55}"= Disabled:UDP:5012:TCP Port 5012
"{B20058FA-583C-4139-AEAF-AF590AA07C28}"= Disabled:UDP:5013:TCP Port 5013
"{3B7955FC-C97D-4493-BB61-DCD141C8C49E}"= Disabled:UDP:5014:TCP Port 5014
"{444D7593-D762-40E9-B060-8A04DD4438B4}"= Disabled:UDP:5015:TCP Port 5015
"{4ADC884A-D0AB-489E-86AD-B12FAA903132}"= Disabled:UDP:5016:TCP Port 5016
"{C608F80E-718D-4F1B-BD56-4257E655264E}"= Disabled:UDP:5017:TCP Port 5017
"{8B0C7230-B4B9-4022-9147-DE2F940E5C17}"= Disabled:UDP:5018:TCP Port 5018
"{D24CE363-A0AA-4663-AEF3-2C8AAA4539AD}"= Disabled:UDP:5019:TCP Port 5019
"{F5901AEE-CB74-4858-86BB-D615B10D891F}"= Disabled:UDP:5020:TCP Port 5020
"{24AA0AC4-CE2B-4489-A8B7-B7AF38B3F81D}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{7AC43AEC-16B6-475E-92C6-1FB250AF7917}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{3F8C9B3B-5C1D-453A-B643-5AF280B1EAF1}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{29F327B0-5642-42E5-BFF9-C761321AACF5}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{CAE796A5-9AFD-4999-B5B5-93AD8D1F0FF9}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{FFC5FB34-A931-4140-AEE3-5B55E1E7544C}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{3D7353B7-9050-4108-8F56-3390530CD657}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{91324480-6F86-47D3-A62D-B6C8B9A5D095}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{38CB1413-D112-4B43-9363-C44FB82F8D1E}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{04E096ED-C81C-46F9-B4FA-08D152CCB519}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{6C30351D-318B-4D97-A90A-57D09EE7CD2F}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{C30F85DD-FB76-4076-B59B-D97FEFC04E92}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"TCP Query User{FFE78433-A3EC-4522-BFD8-BAC7D6702202}C:\users\zi\documents\blender-verse-win-2005-10-12[1]\blender-2.37a-windows\verse.exe"= UDP:C:\users\zi\documents\blender-verse-win-2005-10-12[1]\blender-2.37a-windows\verse.exe:verse.exe|Desc=verse.exe
"UDP Query User{C7428E4C-2913-4A81-96D9-E890DD6EFB39}C:\users\zi\documents\blender-verse-win-2005-10-12[1]\blender-2.37a-windows\verse.exe"= TCP:C:\users\zi\documents\blender-verse-win-2005-10-12[1]\blender-2.37a-windows\verse.exe:verse.exe|Desc=verse.exe
"{C1E8A3F8-F40B-46CE-B8E6-1C1C9806AD5C}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{41AEC936-3D3E-48E8-AB6C-94697CD06EBD}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{A0019D80-D865-4B26-8E5E-153344718B4F}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0ECCD3D4-8F4A-4B08-98F1-19C86158F18C}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4C1C9678-D62C-4621-9B4E-43D145826C0E}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B0FFF268-1647-48AC-AE3B-B95D47E47B05}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{539AD96F-11F4-4702-A5CD-A3CC681EA992}"= UDP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{C93D572A-21D5-4903-B6C9-175E4D461A7D}"= TCP:C:\Program Files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit
"{85EEB680-9B6D-4572-86B2-80FD1953888D}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{7B1B38F5-28CA-44BF-9C3A-A00D574DEC2E}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"TCP Query User{C7C7BC41-E9F1-4E2B-A871-8566B8A62D24}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"UDP Query User{C70B944A-100C-485C-9E4D-0E1A6B151118}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent|Desc=bittorrent
"TCP Query User{B50E826C-093F-4B93-A99C-6A8DF7D71EF7}C:\users\zi\appdata\local\temp\java_ee_sdk-5_03-windows[1].exe2\package\jre\bin\javaw.exe"= UDP:C:\users\zi\appdata\local\temp\java_ee_sdk-5_03-windows[1].exe2\package\jre\bin\javaw.exe:javaw.exe|Desc=javaw.exe
"UDP Query User{D90E3BD3-CBB4-4F0D-83BF-F0E106F18194}C:\users\zi\appdata\local\temp\java_ee_sdk-5_03-windows[1].exe2\package\jre\bin\javaw.exe"= TCP:C:\users\zi\appdata\local\temp\java_ee_sdk-5_03-windows[1].exe2\package\jre\bin\javaw.exe:javaw.exe|Desc=javaw.exe
"TCP Query User{49EF3920-A9FD-4C99-A07E-74D79B365B07}C:\sun\sdk\jdk\bin\java.exe"= UDP:C:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"UDP Query User{DD72B8B0-F731-4C29-85DC-38085D706F5E}C:\sun\sdk\jdk\bin\java.exe"= TCP:C:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"TCP Query User{F2355528-10B7-4FF9-83CE-82031708D71F}C:\sun\sdk\jdk\jre\bin\java.exe"= UDP:C:\sun\sdk\jdk\jre\bin\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"UDP Query User{E6266F0D-B32D-463C-8474-2C143ECBF5C6}C:\sun\sdk\jdk\jre\bin\java.exe"= TCP:C:\sun\sdk\jdk\jre\bin\java.exe:Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary
"{06B88494-B54F-42C2-9482-0187144EC824}"= c:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaTrans.exe:XNA Game Studio 2.0 Transport
"{32F9CA82-C372-4895-841B-F9A47865E010}"= c:\Program Files\Microsoft XNA\XNA Game Studio\v2.0\Bin\XnaLiveProxy.exe:XNA Framework Games for Windows – LIVE
"{102D7310-8242-4A7A-B6BD-466CF34330CB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{718DEC72-7A36-4CE4-8CB3-7CE28FE0E6D8}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{78A8A569-445B-45DE-9E51-846D6EF26C0B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{FF99C2A3-70DA-45EF-B6E7-16D8EF964CBB}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F7002033-64CA-43FE-B790-63114645003A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{38126411-3D6A-4592-824E-33D2CD0284D2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys [2007-10-18 14:28]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys [2007-03-21 18:49]
R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys [2007-03-16 03:39]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 10:46]
R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys [2007-10-18 10:46]
R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys [2007-11-02 04:54]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-05-25 09:41]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 17:05]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 09:23]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 09:39]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-03-05 18:36]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys [2007-09-12 12:02]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 18:50]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 09:41]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-11-09 17:59]
S3 MAC607;MAC607 Filter;C:\Windows\system32\DRIVERS\MAC607.sys [2007-03-05 02:06]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 22:43:23 C:\Windows\Tasks\CAAntiSpywareScan_Daily as ZI at 12 12 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-03-11 08:30:00 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-03-11 22:27:26 C:\Windows\Tasks\User_Feed_Synchronization-{4BFC41B3-FA82-4A5D-84F5-DF8C2DCEE897}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-03-11 18:34:01
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-11 18:38:09
ComboFix-quarantined-files.txt 2008-03-11 23:38:04
.
2008-03-10 21:45:33 --- E O F ---
---------------------------------------------------------------------------------------------------------
fresh-hijackthis log
--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:24 PM, on 3/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\mrofinu1535.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Users\ZI\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O1 - Hosts: 87.117.202.232 nprotect.battlelands.net
O1 - Hosts: 87.117.202.232 update.nprotect.net
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvutrpp.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\ZI\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ZI\AppData\Local\Temp\vtuts.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ZI\AppData\Local\Temp\ddawv.dll,c
O4 - HKCU\..\Run: [BM174c89bc] Rundll32.exe "C:\Users\ZI\AppData\Local\Temp\rifwmius.dll",s
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\ZI\AppData\Local\Temp\behpmeab.dll",run
O4 - HKCU\..\Run: [147fba20] rundll32.exe "C:\Users\ZI\AppData\Local\Temp\xofcpvmg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZN
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} -
http://www.infospace.com/mypoints.ma...ointsSetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13396 bytes
-------------------------------------------------------------------------
this is for a problem that keeps on hapening.....when ever I open a folder windows explorer closes and I have to restart or work with the task manager
Marked Solved 
. Please do so on your next post.
Offline 
