sorry didnt see this post(thought i was subscribed to the thread but apparently not)
There have been a few more detections of the virus so i uess i need to give yu new logs for a new script. Sorry.
Cfixer.
ComboFix 08-05-09.1 - Dave 2008-05-14 8:39:10.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1092 [GMT 1:00]
Running from: C:\Users\Dave\Desktop\ComboFix.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-14 08:38 . 2008-05-14 08:38 d-------- C:\327882R2FWJFW
2008-05-13 13:41 . 2008-05-13 13:41 0 --ah----- C:\Windows\SwSys2.bmp
2008-05-13 13:41 . 2008-05-13 13:41 0 --ah----- C:\Windows\SwSys1.bmp
2008-05-13 13:40 . 2008-05-13 13:40 d-------- C:\Program Files\Game_Maker7
2008-05-12 21:08 . 2008-05-12 21:08 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-05-12 11:51 . 2008-05-13 11:11 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-12 11:51 . 2008-05-12 11:51 1,409 --a------ C:\Windows\QTFont.for
2008-05-11 14:15 . 2008-05-11 14:47 1,583 --a------ C:\Users\Dave\CFScript.txt
2008-05-11 13:02 . 2008-05-14 08:31 4,958,588 --a------ C:\Windows\{00000004-00000000-00000004-00001102-00000004-20021102}.BAK
2008-05-11 12:48 . 2008-05-11 13:01 d-------- C:\Users\Dave\AppData\Roaming\AOL
2008-05-11 12:48 . 2008-05-11 12:48 855 --a------ C:\Windows\aolback.exe.lnk
2008-05-11 12:46 . 2008-05-11 12:46 d-------- C:\Users\All Users\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:46 d-------- C:\ProgramData\Viewpoint
2008-05-11 12:46 . 2008-05-11 12:27 54,832 --a------ C:\Windows\System32\AOLParconLink.exe
2008-05-11 12:31 . 2008-05-11 13:36 d-------- C:\Users\All Users\AOL
2008-05-11 12:31 . 2008-05-11 13:36 d-------- C:\ProgramData\AOL
2008-05-11 12:31 . 2008-05-11 12:47 d-------- C:\Program Files\Common Files\aolshare
2008-05-11 12:31 . 2008-05-11 13:33 d-------- C:\Program Files\AOL 9.0
2008-05-11 12:31 . 2006-11-29 23:24 33,588 --a------ C:\Windows\System32\drivers\wanatw4.sys
2008-05-11 11:51 . 2008-05-13 09:59 270,218,657 --a------ C:\Windows\MEMORY.DMP
2008-05-11 11:43 . 2005-01-14 04:41 11,254 --a------ C:\Windows\System32\locate.com
2008-05-11 11:41 . 2008-05-11 11:47 d-------- C:\MGtools
2008-05-11 11:41 . 2008-05-11 11:47 71,275 --a------ C:\MGlogs.zip
2008-05-11 11:17 . 2008-05-11 11:17 d-------- C:\cf
2008-05-11 10:26 . 2008-05-11 10:30 1,238,055 --a------ C:\MGtools.exe
2008-05-11 10:14 . 2008-05-11 10:14 335 --a------ C:\Windows\nsreg.dat
2008-05-07 12:58 . 2008-05-07 12:58 d-------- C:\Users\All Users\Yahoo! Companion
2008-05-07 12:58 . 2008-05-07 12:58 d-------- C:\ProgramData\Yahoo! Companion
2008-05-06 16:03 . 2008-05-06 16:03 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-06 16:03 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-06 16:03 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-06 10:39 . 2008-05-06 10:39 944,184 --a------ C:\Windows\System32\winload.exe
2008-05-06 10:39 . 2008-05-06 10:39 620,088 --a------ C:\Windows\System32\ci.dll
2008-05-06 10:39 . 2008-05-06 10:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-05-06 10:39 . 2008-05-06 10:39 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-05-06 10:39 . 2008-05-06 10:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-06 10:39 . 2008-05-06 10:39 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-06 10:39 . 2008-05-06 10:39 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-05-06 10:39 . 2008-05-06 10:39 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-05-06 10:39 . 2008-05-06 10:39 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-06 10:38 . 2008-05-06 10:38 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-06 10:38 . 2008-05-06 10:38 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-03 15:34 . 2008-05-03 15:34 d-------- C:\Users\Dave\AppData\Roaming\WaterProof
2008-05-03 15:33 . 2008-05-03 15:33 d-------- C:\Program Files\WaterProof
2008-05-03 15:28 . 2008-05-03 15:28 765 --a------ C:\Windows\wininit.ini
2008-05-03 14:46 . 2008-05-03 14:46 401,720 --a------ C:\Users\Dave\HiJackThis.exe
2008-05-03 12:15 . 2008-05-03 12:15 d-------- C:\Users\Dave\AppData\Roaming\ActiveState
2008-05-03 11:44 . 2008-05-03 11:44 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-03 11:44 . 2008-05-03 11:44 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-03 11:41 . 2008-05-03 11:41 99,840 --a------ C:\Windows\System32\poqexec.exe
2008-05-03 11:03 . 2008-05-03 11:03 d-------- C:\Program Files\Yahoo!
2008-05-03 10:59 . 2008-05-03 11:15 d-------- C:\Program Files\ScanSpyware v3.8
2008-05-03 10:56 . 2008-05-03 10:57 d-------- C:\Users\Dave\AppData\Roaming\AdwareAlert
2008-05-03 10:53 . 2008-05-03 10:53 dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-03 10:52 . 2008-05-03 10:49 691,545 --a------ C:\Windows\unins000.exe
2008-05-03 10:52 . 2008-05-03 10:52 2,538 --a------ C:\Windows\unins000.dat
2008-05-02 14:42 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\bibrraad.exe
2008-05-02 13:17 . 2008-05-02 13:17 d-------- C:\Program Files\Discreet e-Learning
2008-05-02 13:16 . 2000-10-31 02:11 98,304 --a------ C:\Windows\System32\tsccvid.dll
2008-04-27 18:56 . 2008-04-27 18:56 d-------- C:\Program Files\Lavasoft
2008-04-27 18:50 . 2008-04-27 18:50 d-------- C:\Users\Dave\AppData\Roaming\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 d-------- C:\Users\All Users\TuneUp Software
2008-04-27 18:49 . 2008-04-27 18:49 d-------- C:\ProgramData\TuneUp Software
2008-04-27 18:49 . 2008-05-06 16:03 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-20 11:23 . 2008-04-20 11:24 d--h----- C:\Program Files\Zero G Registry
2008-04-20 11:18 . 2008-04-20 11:18 d--h----- C:\Users\Dave\InstallAnywhere
2008-04-18 13:25 . 2007-11-14 17:52 765,952 -r-hs---- C:\Windows\System32\bspyjwxp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 07:33 --------- d-----w C:\Users\Dave\AppData\Roaming\WTablet
2008-05-14 06:52 --------- d-----w C:\Users\Dave\AppData\Roaming\uTorrent
2008-05-13 21:21 --------- d-----w C:\ProgramData\Google Updater
2008-05-11 11:53 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 10:57 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-08 10:44 --------- d-----w C:\Users\Dave\AppData\Roaming\CoreFTP
2008-05-07 14:19 --------- d-----w C:\Users\Dave\AppData\Roaming\OpenOffice.org2
2008-05-07 13:38 --------- d-----w C:\Program Files\PartyGaming
2008-05-06 15:09 --------- d-----w C:\Program Files\Windows Mail
2008-05-06 09:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-05 09:50 --------- d-----w C:\Program Files\iTunes
2008-05-05 09:50 --------- d-----w C:\Program Files\iPod
2008-05-05 09:48 --------- d-----w C:\Program Files\QuickTime
2008-05-05 09:40 --------- d-----w C:\Program Files\Apple Software Update
2008-05-05 08:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-03 11:18 --------- d-----w C:\Program Files\Developers Pad
2008-05-03 10:42 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-03 10:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-03 10:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-03 10:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-03 09:42 --------- d-----w C:\Program Files\Opera
2008-05-03 09:37 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 18:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-27 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:26 --------- d-----w C:\Users\Dave\AppData\Roaming\Sports Interactive
2008-04-20 10:23 --------- d-----w C:\Program Files\Sports Interactive
2008-04-11 16:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-04-05 14:08 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-04 16:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 16:01 --------- d-----w C:\Program Files\Dark Basic Software
2008-03-30 21:28 --------- d-----w C:\Program Files\VideoLAN
2008-03-26 11:58 --------- d-----w C:\ProgramData\Avira
2008-03-26 11:58 --------- d-----w C:\Program Files\Avira
2008-03-26 11:13 --------- d-----w C:\ProgramData\iolo
2008-03-26 11:13 --------- d-----w C:\Program Files\iolo
2008-03-25 18:16 --------- d-----w C:\Users\Dave\AppData\Roaming\iolo
2008-03-25 17:04 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-03-24 19:28 --------- d-----w C:\ProgramData\Joy coal mpeg heck
2008-03-24 11:36 102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2008-03-19 20:55 --------- d-----w C:\Program Files\Java
2008-03-19 12:28 --------- d-----w C:\Program Files\ActiveState Komodo Edit 4
2008-03-17 12:31 --------- d-----w C:\Program Files\CoreFTP
2008-03-16 18:14 --------- d-----w C:\Program Files\MSN Messenger
2008-03-16 18:13 --------- d-----w C:\Program Files\Windows Live
2008-03-16 18:12 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 17:53 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-02-29 17:53 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-02-29 17:53 22,328 ----a-w C:\Users\Dave\AppData\Roaming\PnkBstrK.sys
2008-02-29 17:53 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-17 10:48 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-17 10:48 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-17 10:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:48 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-17 10:45 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 10:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:44 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:44 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:44 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:44 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:40 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-05 20:02 174 --sha-w C:\Program Files\desktop.ini
2006-10-20 11:09 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2005-09-20 12:07 52 ----a-w C:\Program Files\Save Windows and Programs (No Data or Documents).BDF
2005-09-20 12:07 52 ----a-w C:\Program Files\Save Data and Documents Only.BDF
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\axbrvpte.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bibrraad.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\bspyjwxp.exe
2007-11-14 16:52 765,952 --sh--r C:\Windows\System32\cfuctank.exe
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_13.23.01.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 12:04:33 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-14 07:33:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2004-07-15 01:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_aspnet_isapi.dll
+ 2004-07-15 00:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_CORPerfMonExt.dll
+ 2004-07-15 00:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_fusion.dll
+ 2004-07-15 00:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorjit.dll
+ 2004-07-15 14:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorlib.dll
+ 2003-02-20 19:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsn.dll
+ 2004-07-15 00:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorsvr.dll
+ 2004-07-15 00:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_mscorwks.dll
+ 2003-02-21 04:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_msvcr71.dll
+ 2004-07-15 00:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1956\_PerfCounter.dll
+ 2004-07-15 01:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_aspnet_isapi.dll
+ 2004-07-15 00:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_CORPerfMonExt.dll
+ 2004-07-15 00:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_fusion.dll
+ 2004-07-15 00:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorjit.dll
+ 2004-07-15 14:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorlib.dll
+ 2003-02-20 19:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorsn.dll
+ 2004-07-15 00:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorsvr.dll
+ 2004-07-15 00:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_mscorwks.dll
+ 2003-02-21 04:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_msvcr71.dll
+ 2004-07-15 00:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SHADOW5568\_PerfCounter.dll
- 2008-05-11 12:04:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-14 07:33:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-11 12:04:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-14 07:33:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-11 12:06:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 01:24:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-11 12:10:08 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 07:34:40 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-11 12:07:43 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 01:32:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-11 12:17:09 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 07:39:27 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-11 12:14:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-13 21:21:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-11 12:14:03 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-13 21:21:38 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-11 12:14:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-13 21:21:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-11 12:10:52 117,292 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-13 10:15:45 117,292 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-11 12:10:52 128,134 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-13 10:15:45 128,134 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-11 12:10:52 643,670 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-13 10:15:45 643,670 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-11 12:10:53 689,746 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-13 10:15:45 689,746 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-11 12:02:53 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-12 22:54:59 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-11 12:11:11 11,306 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1078081533-1500820517-839522115-1004_UserData.bin
+ 2008-05-14 07:34:59 11,580 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1078081533-1500820517-839522115-1004_UserData.bin
- 2008-05-11 12:11:10 63,038 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 07:34:59 63,716 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-11 12:11:08 53,788 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 07:34:58 54,984 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-12 20:08:46 678,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_6.0.6001.18034_none_372cc6574910ad11\gpprefcl.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 10:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:34 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-05 19:31 1006264]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-11-02 10:44 989696 C:\Windows\System32\bthprops.cpl]
"RAMDef"="C:\Program Files\RAM Def\ramdef.exe" [2002-10-28 13:39 122040]
"CTHelper"="CTHELPER.EXE" [2007-02-12 20:47 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 20:47 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 12:58 176128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-03 10:40 262401]
"HostManager"="C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-07-11 13:15:13 132656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\livecall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\utorrent\\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\utorrent\\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\utorrent\utorrent.exe:µTorrent
"C:\\Program Files\\TVAnts\\Tvants.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\TVAnts\\Tvants.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\TVAnts\Tvants.exe:TVAnts
"C:\\Program Files\\SopCast\\SopCast.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\SopCast\\SopCast.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\SopCast\SopCast.exe:SopCast Main Application
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.1
"C:\\Program Files\\MSN Messenger\\livecall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\Messenger\\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\Messenger\\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\\Program Files\\iTunes\\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\iTunes\\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\\Program Files\\IBP 9\\IBP.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\IBP 9\\IBP.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\IBP 9\IBP.exe:Internet Business Promoter (IBP)
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"C:\\Program Files\\Bonjour\\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"%windir%\\Network Diagnostic\\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\\Network Diagnostic\\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"TCP Query User{E05D58D4-6560-400F-A664-64191E7CA826}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{F9A0ED79-DB85-4E49-93DE-76DB28B2F15B}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{426FBEA7-1A5E-48A4-878C-C105CBF84334}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{9F23201F-CE52-4663-8527-143BFEDF2151}C:\\users\\dave\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\dave\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{57E00588-0F89-44E0-A247-F47B6E47450C}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{53EE0EEC-A933-4A48-A748-EA10F313C919}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{C9ED7F9B-A248-42A6-89B6-9F8A9EA99E82}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{158F18F6-D29C-4530-A8D7-8B51E7149F11}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{6DB8402B-1FBB-4A49-9BB7-9FC94B1C47FE}"= UDP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{CEC74C67-A518-48CA-B048-4BC42D41E89F}"= TCP:H:\unreal\Binaries\UT3.exe:Unreal Tournament 3
"{84B3973C-7D95-4A19-8F0C-F4987831704D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36037F1D-7BDB-4820-8F36-1D10FEBCD72D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DC709908-E897-4293-BE2B-E814DFBF470B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{088112E6-BED9-432A-9468-AF9C7734FFC2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0893BA79-0B4F-4A45-9111-98D2F73DF0FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{724B2031-4947-40EB-9317-E51AF25D4CDC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{BD5A081B-EA6A-4AF8-9A13-DAF47F4C2C7C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{776D0B28-F065-4CBA-9B91-9127880D94F7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8394283E-36F2-4DB6-A825-793290C5CDD7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6038B33C-0341-4FD5-AEFD-1C214B316338}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{07DC3DAD-53D5-4315-8DEE-1251D0593271}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{E66E0EEC-6430-4BB5-AEEE-19B1D12FD79B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"UDP Query User{60570AD3-ED4A-4904-8DD8-63C065E4231B}H:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:H:\program files\autodesk\maya2008\bin\maya.exe:Maya
"TCP Query User{B179DF4A-4D4B-42AF-BF1C-76B08DB0C129}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AE4F3A99-B3AC-458E-A905-0BD19A468184}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{9FF7EF2A-82E6-4E65-A32E-4BB4CC926B61}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{82CC5686-BD3B-4054-B6FF-6D0769C2C4B7}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3CB84FEF-4FCE-47DC-8161-F1CBC11799EF}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{6C78AB72-2D71-4B13-A849-A717CE5FE326}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{FC49E3C6-4DE5-46C7-A6CE-ACD488A61588}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{FF572F38-CC5B-4DB2-A2D6-F2872427FF51}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{0801D404-1A75-4A62-8F8A-5DEC132E3049}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{FD8CF48C-CE3B-435E-A297-789CC90A6FA9}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{F1DB7785-1283-4E2D-8093-9BAB773400A6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5CC46B23-F7F5-431D-9551-7A3B8E060075}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{7C418694-2DC5-486F-8099-DBE0143E2919}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{C104931C-22A9-4303-9666-41A7E498A502}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{16936F71-55E0-44AF-8C78-0B72FF4CF8B9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{C0C54C3F-939F-4DB0-9B36-1A2687708F62}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D466F799-29B1-489F-BCE8-EE26F3BA4AA0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F834A401-D696-4406-9317-EB3F6D3973FF}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{04F1F59F-D018-4E8B-A273-FD8D456D3003}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{0B0FDDF8-379F-4519-993C-2649EA6643AE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{5CB1894E-FC63-419D-A81A-85006A73334D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15A36052-ED44-42E0-ADBB-1F08A37FB45E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F3206ABD-6493-447A-B8E7-C3F93447D2C8}C:\\windows\\system32\\jgjiszqs.exe"= UDP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"UDP Query User{9C85A4F2-5CC9-4905-AD06-6DD9914BF5DA}C:\\windows\\system32\\jgjiszqs.exe"= TCP:C:\windows\system32\jgjiszqs.exe:jgjiszqs
"{F1DE8232-3B4B-4649-A281-AFED640388EA}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{930E6734-29D4-41F0-A99F-E32D2C35BF2D}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:iolo Firewall®
"{A0634106-A719-439C-AB18-572D474B63C4}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{DACBE09F-6582-485A-BF49-44196A9D94FB}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:iolo AntiVirus®
"{3E7A4E3A-8EC3-42ED-8D52-35FC4085EEC3}"= UDP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{7826A1F6-143A-442F-A361-11281D378B4B}"= TCP:C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:iolo AntiVirus® Email Protection
"{049DAC5B-5F8C-4F08-B7D2-B8FE1C3CC39F}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{EEF25ED6-EA8D-4BE6-ABDB-FA1447FC77FC}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{F2470EA9-E515-41AC-BA31-F757668039EA}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{98E37358-7C01-415E-B706-2A79739492A7}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{5FC1F75C-CBF4-4AE0-B1B1-F4C323DDF218}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"UDP Query User{2850068E-2C6E-4ED4-BC7E-E19B39C443A0}C:\\program files\\waterproof\\phpedit\\2.12.8\\extensions\\dbg\\dbglistener.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\extensions\dbg\dbglistener.exe:Listener for php debugger DBG
"TCP Query User{2CCEFD09-E466-4B23-98C3-926A35EB0F9A}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= UDP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"UDP Query User{70EB3B0D-8ABA-4B91-8605-53FB9F3CCB4D}C:\\program files\\waterproof\\phpedit\\2.12.8\\phpedit.exe"= TCP:C:\program files\waterproof\phpedit\2.12.8\phpedit.exe:PHPEdit - The PHP IDE
"{EAC2F4A5-972F-4B2A-8020-BBEA49396EAE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEB7FF30-D24D-4468-BC75-DEF48DD1D6C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AEB14E4-9666-4AFF-BE8A-2065DA8280F9}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{1FBA6D27-EBFC-463C-9FE4-F88D2E6C2877}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{D7F07924-1CE7-421D-8DEC-5AFBE47C843D}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{33687362-DEC2-46FF-B7C8-CF82C69B6883}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{7117EE63-2804-4CA2-A94C-CA0D53A94991}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A07A7C15-7885-4DF6-9BE6-23DBEE3E72B8}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E8FA962E-6ECA-4A9E-B42C-8F6FA830A771}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{B7640469-2281-4B6B-9EB1-65271B65A7B7}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"TCP Query User{81EF36C0-ACB9-43A4-8C9B-8FA7DEE989EE}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{D7F5EB55-DBA6-4F38-82ED-FFD3993F1C23}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{FE3077FE-4EBF-4731-A155-14D220403746}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C837819B-E698-44F6-8A79-5D8037888028}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F51F1490-A682-4300-A5B5-63D437890317}H:\\emule\\emule.exe"= UDP:H:\emule\emule.exe:eMule
"UDP Query User{C3BA1B0B-AC44-4237-998E-9523D8872E90}H:\\emule\\emule.exe"= TCP:H:\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Documents and Settings\\Dave\\Application Data\\SopCast\\adv\\SopAdver.exe"= C:\Users\Dave\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"= C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\\Program Files\\IBP 9\\IBP.exe"= C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP)
"C:\\Program Files\\iTunes\\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\\Program Files\\Messenger\\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\\Program Files\\MSN Messenger\\livecall.exe"= C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\\Program Files\\SopCast\\SopCast.exe"= C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\\Program Files\\TVAnts\\Tvants.exe"= C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\\utorrent\\utorrent.exe"= C:\utorrent\utorrent.exe:*:Enabled:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 15:12]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-08-14 11:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-11-05 17:27]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-06 16:03]
S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 12:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 16:17:20 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-14 07:45:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-02 15:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 08:39:48
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-05-14 8:47:38
ComboFix2.txt 2008-05-11 12:24:37
Pre-Run: 59,170,770,944 bytes free
Post-Run: 59,159,396,352 bytes free
441 --- E O F --- 2008-05-12 20:08:55
Hijack this.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:18, on 14/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RAM Def\ramdef.exe
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Dave\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def\ramdef.exe -tray
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210505470\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186512785546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10300 bytes
![http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]](http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif%5B/IMG%5D){kind=link}