seriously infected. help. Taskmanager disabled, Smitfraud-C., Smitfraud-C.gp, zango
Deckard's System Scanner v20071014.68
Run by Eoin on 2008-04-28 19:05:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 4 Restore Point(s) --
4: 2008-04-28 17:02:16 UTC - RP607 - Windows Update
3: 2008-04-25 21:51:08 UTC - RP606 - Windows Defender Checkpoint
2: 2008-04-25 15:46:00 UTC - RP604 - Removed AVG 7.5
1: 2008-04-25 15:33:12 UTC - RP602 - Installed Ad-Aware 2007
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 10.56 GiB (less than 15%) free.
-- HijackThis (run as Eoin.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:04, on 28/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wmsdkns.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Eoin\Desktop\dss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Eoin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01D7F8D2-56DB-4327-A992-00ACE6684580} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {73D6E387-53ED-41B7-9F02-DD9E615DFB2B} - C:\Windows\system32\khfCtsRk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7} - (no file)
O2 - BHO: (no name) - {A72E4F7F-F506-4898-B609-FF892745A1F5} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287} - (no file)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\Windows\system32\hgGvtSkl.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hgGvtSkl.dll,#1
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [BM3a2b1158] Rundll32.exe "C:\Windows\system32\yvfsnrdr.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA4200] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5079] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA673] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC444] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1039] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2090] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1763] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC315] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2293] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3147] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7958] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3930] command /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6712] command /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9078] command /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1397] cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8426] command /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5643] cmd /c del "C:\Windows\System32\khfCtsRk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5406] command /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6113] cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB698] command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9873] cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3282] command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD524] cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup (User 'LNSS_MONITOR_USR')
O4 - HKUS\S-1-5-21-785140555-1394460376-2434275207-1013\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'LNSS_MONITOR_USR')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: GpsGate.lnk.disabled
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winpto32 - winpto32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GFI LANguard N.S.S. 8.0 Attendant Service (gfi_lnss8_attservice) - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 16199 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071010-171806-718 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 AFS - c:\windows\system32\drivers\afs.sys <Not Verified; Oak Technology Inc.; AFS>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
S0 MFX - c:\windows\system32\drivers\mfx.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 ColdFusion MX Application Server - "c:\cfusionmx\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX ODBC Agent - c:\cfusionmx\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent"
R2 ColdFusion MX ODBC Server - c:\cfusionmx\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server"
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>
S2 MySQL - "c:\program files\mysql\mysql server 6.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 6.0\my.ini" mysql (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr -
S4 iSafer (iSafer - Personal Firewall) -
S4 NMIndexingService -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Slimtype DVD A DS8AZH ATA Device
PNP Device ID: IDE\CDROMSLIMTYPE_DVD_A__DS8AZH__________________NH61____\5&61DFA57&0&0.0.0
Service: cdrom
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Dm12
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Dm12
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-04-25 15:21:43 406 --a------ C:\Windows\Tasks\Norton Security Scan.job
2007-11-14 09:38:12 370 --a------ C:\Windows\Tasks\RegCure.job
2007-11-14 09:38:12 436 --a------ C:\Windows\Tasks\RegCure Program Check.job
2007-11-14 01:25:00 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job
-- Files created between 2008-03-28 and 2008-04-28 -----------------------------
2008-04-28 19:05:21 14080 --a------ C:\Windows\stcloader.exe
2008-04-28 19:05:19 10752 --a------ C:\Windows\2020search2.dll
2008-04-28 19:05:19 8192 --a------ C:\Windows\2020search.dll
2008-04-28 18:06:17 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
2008-04-27 20:59:39 370945 --ahs---- C:\Windows\system32\RuBJlUvw.ini2
2008-04-26 20:11:44 11776 --a------ C:\Windows\bokja.exe
2008-04-26 02:06:07 32512 --a------ C:\Windows\saiemod.dll
2008-04-26 01:05:26 25088 --a------ C:\Windows\swin32.dll
2008-04-25 16:10:32 28672 --a------ C:\Windows\voiceip.dll
2008-04-25 16:10:32 9728 --a------ C:\Windows\cdsm32.dll
2008-04-25 16:10:31 13312 --a------ C:\Windows\mssvr.exe
2008-04-25 16:10:31 20992 --a------ C:\Windows\mspphe.dll
2008-04-25 16:10:31 14848 --a------ C:\Windows\bjam.dll
2008-04-25 16:10:26 15360 --a------ C:\Windows\msapasrc.dll
2008-04-25 16:10:26 22016 --a------ C:\Windows\msa64chk.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\shdocpl.dll
2008-04-25 16:10:25 14592 --a------ C:\Windows\shdocpe.dll
2008-04-25 16:10:25 21504 --a------ C:\Windows\ntnut.exe
2008-04-25 16:10:24 24320 --a------ C:\Windows\winsb.dll
2008-04-25 16:10:24 22272 --a------ C:\Windows\browserad.dll
2008-04-25 16:10:24 19968 --a------ C:\Windows\aviwrap32.dll
2008-04-25 16:10:24 24320 --a------ C:\Windows\avisynthex32.dll
2008-04-25 16:10:24 32000 --a------ C:\Windows\avifile32.dll
2008-04-25 16:10:23 23552 --a------ C:\Windows\autodisc32.dll
2008-04-25 16:10:23 28160 --a------ C:\Windows\audiosrv32.dll
2008-04-25 16:10:23 19200 --a------ C:\Windows\ati2dvag32.dll
2008-04-25 16:10:23 23296 --a------ C:\Windows\ati2dvaa32.dll
2008-04-25 16:10:23 21504 --a------ C:\Windows\athprxy32.dll
2008-04-25 16:10:22 29952 --a------ C:\Windows\changeurl_30.dll
2008-04-25 16:10:22 32512 --a------ C:\Windows\asycfilt32.dll
2008-04-25 16:10:22 8704 --a------ C:\Windows\asferror32.dll
2008-04-25 16:10:22 15872 --a------ C:\Windows\apphelp32.dll
2008-04-25 15:46:02 0 d-------- C:\Program Files\Bat
2008-04-25 15:44:51 4 --a------ C:\Windows\system32\winfrun32.bin
2008-04-25 15:44:36 88491 --a------ C:\Windows\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:44:36 88491 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-04-25 15:43:58 0 d-------- C:\Program Files\Thinstall.VS
2008-04-25 15:42:26 38400 --a------ C:\Windows\system32\iifCVPfG.dll
2008-04-25 14:52:34 691545 --a------ C:\Windows\unins000.exe
2008-04-25 14:52:34 2535 --a------ C:\Windows\unins000.dat
2008-04-24 21:59:16 39936 --a------ C:\Windows\system32\jkkIXqpn.dll
2008-04-24 21:59:15 39936 --a------ C:\Windows\system32\geBspoNf.dll
2008-04-24 21:52:31 0 d-------- C:\Program Files\ClamWin
2008-04-24 21:42:18 372459 --ahs---- C:\Windows\system32\kRstCfhk.ini2
2008-04-24 21:42:13 272384 -----n--- C:\Windows\system32\khfCtsRk.dll
2008-04-24 19:08:00 0 d-------- C:\Program Files\Spyware Doctor
2008-04-24 18:58:43 0 d-------- C:\Program Files\Norton Security Scan
2008-04-08 23:09:36 0 d-------- C:\Program Files\NFR
2008-04-08 23:05:08 0 d-------- C:\PCPRO
2008-04-08 23:03:57 0 d-------- C:\Program Files\MOBv2
2008-04-08 21:47:00 8 --a------ C:\Windows\system32\Urncb.dll
2008-04-02 21:03:33 0 d-------- C:\Program Files\Freeware PDF Unlocker
2008-04-01 15:32:37 0 d-------- C:\Program Files\Packet Tracer 4.11
-- Find3M Report ---------------------------------------------------------------
2008-04-28 19:18:43 0 d-------- C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-28 18:53:40 0 d-------- C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 18:07:32 21 --a------ C:\qpmd8376.bin
2008-04-28 18:03:29 3308 --a------ C:\Windows\bthservsdp.dat
2008-04-28 17:39:51 0 d-------- C:\Program Files\UZC Trial
2008-04-28 17:39:37 0 d-------- C:\Program Files\Sony Ericsson
2008-04-26 21:33:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-26 01:44:37 12978 --a------ C:\Users\Eoin\AppData\Roaming\nvModes.001
2008-04-26 01:17:13 0 d-------- C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-25 16:53:30 554 --a------ C:\sccfg.sys
2008-04-25 16:35:33 0 d-------- C:\Program Files\Lavasoft
2008-04-25 16:32:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 15:42:28 0 d-------- C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-24 21:59:18 0 d-------- C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 21:53:50 0 d-------- C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 21:32:39 0 d-------- C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 19:08:00 0 d-------- C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 18:59:58 0 --a------ C:\Users\Eoin\AppData\Roaming\.googlewebacchosts
2008-04-24 18:54:18 0 d-------- C:\Program Files\Google
2008-04-18 13:17:11 0 d-------- C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 16:42:32 0 d-------- C:\Program Files\Azureus
2008-04-15 19:15:12 0 d-------- C:\Program Files\Common Files
2008-04-10 13:18:58 0 d-------- C:\Program Files\Windows Mail
2008-04-09 21:19:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-31 12:46:14 536784 --a------ C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 15:43:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-03-23 22:25:11 0 d-------- C:\Program Files\HCScript
2008-03-23 21:13:56 0 d-------- C:\Program Files\Folder Lock
2008-03-21 23:01:22 0 d-------- C:\Program Files\Mindscape
2008-03-20 21:58:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 21:39:06 0 d-------- C:\Program Files\iTunes
2008-03-20 21:38:35 0 d-------- C:\Program Files\iPod
2008-03-12 23:36:38 0 d-------- C:\Program Files\LaceLevel2GDS
2008-03-12 23:17:54 0 d-------- C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 23:17:53 0 d-------- C:\Program Files\Intel
2008-03-05 11:16:41 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 18:11:32 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-03 18:10:59 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 19:55:33 0 d-------- C:\Users\Eoin\AppData\Roaming\Real
2008-03-01 15:59:59 0 d-------- C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 23:55:40 0 d-------- C:\Program Files\Cell Phone Manager
2008-02-29 23:23:17 0 d-------- C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 23:23:00 0 d-------- C:\Program Files\Advanced System Optimizer
2008-02-26 19:26:19 73 --a------ C:\Windows\system32\ssprs.dll
2008-02-26 19:26:17 336 --a------ C:\Windows\system32\lsprst7.dll
2008-02-25 23:57:00 75 --a------ C:\Windows\Memory
2008-02-25 23:57:00 74 --a------ C:\Windows\Logic
2008-02-25 23:53:48 76 --a------ C:\Windows\Spatial
2008-02-25 23:50:12 78 --a------ C:\Windows\Numerical
2008-02-25 23:48:50 75 --a------ C:\Windows\Verbal
2008-02-25 23:48:14 73 --a------ C:\Windows\Times New Roman
2008-02-25 23:48:14 454 --a------ C:\Windows\0
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\sysprs7.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth2.dll
2008-02-12 14:05:08 1025 --a------ C:\Windows\system32\clauth1.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01D7F8D2-56DB-4327-A992-00ACE6684580}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D6E387-53ED-41B7-9F02-DD9E615DFB2B}]
24/04/2008 21:42 272384 --------- C:\Windows\system32\khfCtsRk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CCA0E4-F942-4CD3-A871-A9CF10F77DF7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A72E4F7F-F506-4898-B609-FF892745A1F5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52BEFEB-2290-4BDF-87F9-5EC9F7ECE287}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]
24/04/2008 21:37 37888 --a------ C:\Windows\system32\hgGvtSkl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/04/2007 00:07]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/03/2008 18:08]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/11/2006 06:02]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
"MSServer"="C:\Windows\system32\hgGvtSkl.dll" [24/04/2008 21:37]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 08:11]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/06/2007 09:12]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [19/04/2008 16:35]
"BM3a2b1158"="C:\Windows\system32\yvfsnrdr.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 22:30]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB3930"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingD1626"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingB6712"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingD4767"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingB9078"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingD1397"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingB8426"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingD5643"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingB5406"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingD6113"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingB698"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingD9873"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingB3282"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingD524"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4200"=command /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingC3996"=cmd /c del "C:\Windows\System32\dncjghsu.dll_old"
"SpybotDeletingA5079"=command /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingC8460"=cmd /c del "C:\Windows\System32\drdekhcm.dll_old"
"SpybotDeletingA673"=command /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingC444"=cmd /c del "C:\Windows\System32\jneqcrbb.dll_old"
"SpybotDeletingA1039"=command /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingC2090"=cmd /c del "C:\Windows\System32\khfCtsRk.dll"
"SpybotDeletingA1763"=command /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingC315"=cmd /c del "C:\Windows\System32\vruhqdpo.dll_old"
"SpybotDeletingA2293"=command /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingC3280"=cmd /c del "C:\Windows\System32\wvUlJBuR.dll_old"
"SpybotDeletingA3147"=command /c del "C:\Windows\System32\yvfsnrdr.dll_old"
"SpybotDeletingC7958"=cmd /c del "C:\Windows\System32\yvfsnrdr.dll_old"
C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [25/04/2008 15:45:58]
GpsGate.lnk.disabled [15/12/2007 15:16:35]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [30/08/2007 12:40:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\Windows\system32\hgGvtSkl.dll [24/04/2008 21:37 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\wmsdkns.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\khfCtsRk
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c1367c3-c478-11dc-b0dc-001636e944a6}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36571902-a6af-11dc-ad11-9dcbe14d6b3d}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
- Cn911.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8300 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-28 19:21:59 ------------
Wuhoo. I think that worked
hey, thanks very much. that seems to have worked. here's that file
ComboFix 08-04-29.3 - Eoin 2008-04-29 23:19:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.907 [GMT 1:00]
Running from: C:\Users\Eoin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Windows\123messenger.per
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\browserad.dll
C:\Windows\cdsm32.dll
C:\Windows\changeurl_30.dll
C:\Windows\default.htm
C:\Windows\didduid.ini
C:\Windows\lfn.exe
C:\Windows\licencia.txt
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\muotr.so
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\cictlvvx.dll
C:\Windows\system32\fccbCuvT.dll
C:\Windows\system32\fcccbxvt.dll
C:\Windows\system32\geBspoNf.dll
C:\Windows\system32\gupwngnw.ini
C:\Windows\system32\iifCVPfG.dll
C:\Windows\system32\jkkIXqpn.dll
C:\Windows\system32\khfCtsRk.dll
C:\Windows\System32\kRstCfhk.ini
C:\Windows\System32\kRstCfhk.ini2
C:\Windows\System32\lbgdjdqo.ini
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nrjjwnmi.dll
C:\Windows\system32\ntlenshe.dll
C:\Windows\system32\onoavnok.dll
C:\Windows\system32\oqdjdgbl.dll
C:\Windows\system32\rqRJYrSK.dll
C:\Windows\System32\RuBJlUvw.ini
C:\Windows\System32\RuBJlUvw.ini2
C:\Windows\system32\ssprs.dll
C:\Windows\system32\uqvnwtuk.dll
C:\Windows\system32\Urncb.dll
C:\Windows\system32\urqNGvwV.dll
C:\Windows\system32\vtUlJdAp.dll
C:\Windows\system32\winfrun32.bin
C:\Windows\system32\wmsdkns.exe
C:\Windows\system32\wtssvtr32.exe
C:\Windows\telefonos.txt
C:\Windows\textos.txt
C:\Windows\voiceip.dll
C:\Windows\winsb.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 22:31 21 ----a-w C:\qpmd8376.bin
2008-04-29 22:28 --------- d-----w C:\Users\Eoin\AppData\Roaming\Azureus
2008-04-29 22:05 --------- d-----w C:\ProgramData\Google Updater
2008-04-29 22:02 --------- d-----w C:\Users\Eoin\AppData\Roaming\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-29 22:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-29 20:50 --------- d-----w C:\ProgramData\VMware
2008-04-29 18:11 --------- d-----w C:\Users\Eoin\AppData\Roaming\OpenOffice.org2
2008-04-29 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-28 19:55 --------- d-----w C:\Program Files\Freeware PDF Unlocker
2008-04-28 19:53 --------- d-----w C:\Program Files\WinPcap
2008-04-28 19:52 --------- d-----w C:\Program Files\ElcomSoft
2008-04-28 17:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\KompoZer
2008-04-28 16:39 --------- d-----w C:\Program Files\UZC Trial
2008-04-28 16:39 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-26 20:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 15:53 554 ----a-w C:\sccfg.sys
2008-04-25 15:53 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 15:37 --------- d-----w C:\ProgramData\Lavasoft
2008-04-25 15:35 --------- d-----w C:\Program Files\Lavasoft
2008-04-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 14:50 --------- d-----w C:\ProgramData\Rabio
2008-04-25 14:48 --------- d-----w C:\Program Files\Bat
2008-04-25 14:47 --------- d-----w C:\Program Files\Thinstall.VS
2008-04-25 14:42 --------- d-----w C:\Users\Eoin\AppData\Roaming\Downloaded Installations
2008-04-25 14:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-25 13:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 13:43 691,545 ----a-w C:\Windows\unins000.exe
2008-04-24 20:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\Thinstall
2008-04-24 20:53 --------- d-----w C:\Users\Eoin\AppData\Roaming\.clamwin
2008-04-24 20:52 --------- d-----w C:\ProgramData\.clamwin
2008-04-24 20:52 --------- d-----w C:\Program Files\ClamWin
2008-04-24 20:32 --------- d-----w C:\Users\Eoin\AppData\Roaming\WinCare2008
2008-04-24 18:20 --------- d---a-w C:\ProgramData\TEMP
2008-04-24 18:09 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-24 18:08 --------- d-----w C:\Users\Eoin\AppData\Roaming\PC Tools
2008-04-24 17:54 --------- d-----w C:\Program Files\Google
2008-04-18 12:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\VMware
2008-04-17 15:42 --------- d-----w C:\Program Files\Azureus
2008-04-10 12:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 22:09 --------- d-----w C:\Program Files\NFR
2008-04-08 22:04 --------- d-----w C:\Program Files\MOBv2
2008-04-01 14:33 --------- d-----w C:\Program Files\Packet Tracer 4.11
2008-03-31 11:46 536,784 ----a-w C:\Users\Eoin\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-03-26 14:43 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-23 21:25 --------- d-----w C:\Program Files\HCScript
2008-03-23 20:13 --------- d-----w C:\Program Files\Folder Lock
2008-03-21 22:01 --------- d-----w C:\Program Files\Mindscape
2008-03-20 20:58 --------- d-----w C:\Users\Eoin\AppData\Roaming\Apple Computer
2008-03-20 20:39 --------- d-----w C:\Program Files\iTunes
2008-03-20 20:38 --------- d-----w C:\ProgramData\Apple Computer
2008-03-20 20:38 --------- d-----w C:\Program Files\iPod
2008-03-14 12:17 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 22:36 --------- d-----w C:\Program Files\LaceLevel2GDS
2008-03-12 22:17 --------- d-----w C:\Users\Eoin\AppData\Roaming\Intel
2008-03-12 22:17 --------- d-----w C:\Program Files\Intel
2008-03-06 18:12 --------- d-----w C:\ProgramData\Sony Ericsson
2008-03-05 10:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-03 17:11 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-03 17:10 --------- d-----w C:\Program Files\Common Files\Real
2008-03-01 14:59 --------- d-----w C:\Users\Eoin\AppData\Roaming\AVG7
2008-02-29 22:55 --------- d-----w C:\Program Files\Cell Phone Manager
2008-02-29 22:23 --------- d-----w C:\Users\Eoin\AppData\Roaming\Systweak
2008-02-29 22:23 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 03:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 03:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 03:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-16 03:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 03:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-08-31 02:20 174 --sha-w C:\Program Files\desktop.ini
2007-05-03 16:36 12,978 ----a-w C:\Users\Eoin\AppData\Roaming\nvModes.dat
2007-05-02 01:37 30,357 ----a-w C:\Users\Eoin\menu3.zip
2007-05-02 01:37 184,790 ----a-w C:\Users\Eoin\menu015try.zip
2007-05-02 01:37 125,141 ----a-w C:\Users\Eoin\menu4.zip
2007-05-02 01:36 32,308 ----a-w C:\Users\Eoin\menu2.zip
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0009\tmpA24C.tmp
2007-03-16 17:05 9,292 ----a-w C:\Windows\inf\SmarterMail\0000\tmpA24C.tmp
2007-03-03 17:34 0 ----a-w C:\Users\Eoin\AppData\Roaming\wklnhst.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-11-19 22:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2007-05-10 23:11 56 --sha-r C:\Windows\System32\AEBD113E2B.sys
2007-09-16 21:52 1,890 --sha-w C:\Windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 22:30 249856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-12 00:07 1006264]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-03 18:08 185896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]
C:\Users\Eoin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [2008-04-25 15:45:58 178419]
GpsGate.lnk.disabled [2007-12-15 15:16:35 727]
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-08-30 12:40:18 967680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpto32]
winpto32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BySoft IRServer"=C:\Program Files\IRControl\IRServer.exe
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTRegRun"=C:\Windows\CTRegRun.EXE
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
"Startup Manager"="C:\Program Files\Advanced System Optimizer\startUp manager.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe"
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
"<NO NAME>"=
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032007 serial=dr12wex-1504397-kty lang=EN
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"win32"=win32.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe"
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"win32"=win32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C44FE2CB-3481-4FBF-A5F3-B2FABE8CC8B7}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{188B4E3A-3F51-4A7B-A1C0-2820E27496CA}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{27C3463E-256C-4ED3-8FE0-EB259A9922A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{ECCE41E4-72AC-4F5B-8CE5-D0C43ADF8284}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E33A3EE7-8792-41C5-9668-06D5A06D5053}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{1F397FCB-1A91-4FA6-BBC2-43D0CD0F38B5}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{D301CEEB-ABC7-4281-B7A9-B54E284E11CF}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"UDP Query User{BFC33E59-3570-49DC-8A90-7A1B227E2003}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8
"TCP Query User{29BBA6C7-300D-42D4-9CF5-68C27829829B}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{B317AD82-1ED5-40D6-B464-3EA434EAEBC9}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{755898F7-C334-434A-ACAA-26296C755950}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{713370D8-C926-45D9-8E9F-3CB415C38128}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{12EF38DD-32CA-4056-B125-ACA178E455F8}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{513DFAC5-EFE8-4C59-9ABB-01A2DD27B921}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{A9FFC76B-D956-477B-8C4A-7EB6C12C4BA5}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{F420B305-9AAF-406C-B08E-1F15CF64228A}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{CF4AEA11-9AB7-48F4-915D-329A5E943C2C}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{5F70D864-796D-47E7-B768-B76BB747C514}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{79F51C64-6F48-422A-BAA2-DBF066FC5E0B}C:\\program files\\bzflag2.0.8\\bzflag.exe"= UDP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"UDP Query User{DA2874DE-C06D-45FE-A9CD-3D360D447285}C:\\program files\\bzflag2.0.8\\bzflag.exe"= TCP:C:\program files\bzflag2.0.8\bzflag.exe:bzflag
"TCP Query User{2EE415E1-E854-4467-8A95-23100A4938CF}C:\\program files\\ircontrol\\irserver.exe"= UDP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"UDP Query User{D8AEB950-D728-4F71-8672-209C92049B86}C:\\program files\\ircontrol\\irserver.exe"= TCP:C:\program files\ircontrol\irserver.exe:BySoft Internet Remote Control - Server
"TCP Query User{62B2583D-2781-4435-99EE-55DEB64AF067}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{910C5ACA-299A-46DE-AC08-5A8D4C59393A}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\javaw.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6572FA1D-CD2E-46D9-957E-1C07FE55A0C3}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= UDP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{F558A4B3-FBD2-45CB-9576-15C8500FD3A9}C:\\program files\\adventnet\\me\\wifimanager\\jre\\bin\\java.exe"= TCP:C:\program files\adventnet\me\wifimanager\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"{02A329AF-C624-4373-B7E2-9B2DB3FD3D8D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C3B6C4B9-C6AB-4DE1-884F-47B18EA9F568}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{62BF94D5-9554-48DE-AD16-7675D4859FE9}C:\\program files\\lanhelper\\lanhelper.exe"= UDP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"UDP Query User{A5B80441-DFD9-47B3-A3D2-A5FDC5C3E058}C:\\program files\\lanhelper\\lanhelper.exe"= TCP:C:\program files\lanhelper\lanhelper.exe:LanHelper
"TCP Query User{A4819CB2-182B-4FD7-AF79-654A08696F0F}C:\\windows\\system32\\win32.exe"= UDP:C:\windows\system32\win32.exe:win32
"UDP Query User{A612699F-046F-42FA-BE3B-29346A6FEFDF}C:\\windows\\system32\\win32.exe"= TCP:C:\windows\system32\win32.exe:win32
"TCP Query User{0E5C01F0-6724-4743-9F83-D0DD1C245F6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3AF82318-F002-4CC4-97A9-CD8B73D34E25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{317F486D-E12F-4739-B30F-7C4AE83DB813}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{1FE3B78C-C42F-4339-8DC1-ABDADCD13B67}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{D7DE3678-CB81-4D86-8ADF-5871F26FEB30}C:\\program files\\software602\\602lan suite\\lansuite.exe"= UDP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"UDP Query User{2C4448CC-9403-49CC-9EB2-4C50BE4AF11C}C:\\program files\\software602\\602lan suite\\lansuite.exe"= TCP:C:\program files\software602\602lan suite\lansuite.exe:Lansuite
"TCP Query User{122DBDF8-E22D-456A-BC7B-87381E482007}C:\\program files\\winhttrack\\winhttrack.exe"= UDP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"UDP Query User{C325A83E-F4EE-4F5D-BCBB-219A4F1C6CA6}C:\\program files\\winhttrack\\winhttrack.exe"= TCP:C:\program files\winhttrack\winhttrack.exe:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes
"TCP Query User{409BEF95-6FC5-499C-84F0-FCA0593E537C}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= UDP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"UDP Query User{B26E29C1-895A-4530-8BF2-E21B13C6622A}C:\\program files\\freeciv-2.0.9-gtk2\\civserver.exe"= TCP:C:\program files\freeciv-2.0.9-gtk2\civserver.exe:civserver
"TCP Query User{218C4ED3-D71A-4C7C-A623-85B247D65541}C:\\program files\\onshare\\onshare.exe"= UDP:C:\program files\onshare\onshare.exe:Only tell your friends
"UDP Query User{6A67A492-5B9E-47E5-BA56-10CA437A5A97}C:\\program files\\onshare\\onshare.exe"= TCP:C:\program files\onshare\onshare.exe:Only tell your friends
"TCP Query User{B110815C-2272-401D-B354-FA5E0C478DE5}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2BE1654A-BF55-4883-A94F-423FBB46ED61}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{D33BA580-DC8A-434F-859B-04C394AB8575}C:\\program files\\printeranywhere\\paconsole.exe"= UDP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"UDP Query User{6A4A7029-4FE8-4BD7-97A7-5E6C3A7ADE83}C:\\program files\\printeranywhere\\paconsole.exe"= TCP:C:\program files\printeranywhere\paconsole.exe:PrinterAnywhere Console
"TCP Query User{A8EFB8E0-63B2-412E-B064-70B4EE7D9224}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= UDP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"UDP Query User{A02F2CAF-5E69-4846-915C-B65DCFE1A361}C:\\program files\\openwave\\v7 simulator\\bin\\phone.exe"= TCP:C:\program files\openwave\v7 simulator\bin\phone.exe:Openwave Simulator
"TCP Query User{AFDB44F8-7978-442A-9129-A61F84B6444D}C:\\program files\\act\\act for win 7\\act7.exe"= UDP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"UDP Query User{A7BB86C4-91E3-4AC4-9804-99D5AEE071A1}C:\\program files\\act\\act for win 7\\act7.exe"= TCP:C:\program files\act\act for win 7\act7.exe:ACT! 7.x/2005
"TCP Query User{8939DC1F-0A47-4C56-9924-3E0A49DA8C19}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{A13A1466-617E-49B0-82D3-6E1AF5BE0569}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{ECDAC532-BD4D-408F-BD41-5D625CCA9C46}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{468D8920-30DA-4AD3-BF7A-D57E171941B3}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{B6783685-E473-41B4-BE9D-4398017C4D54}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= UDP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"UDP Query User{459BCF29-1E44-4953-8443-AFDEDE57B48B}C:\\program files\\spiceworks\\bin\\spiceworks.exe"= TCP:C:\program files\spiceworks\bin\spiceworks.exe:spiceworks
"TCP Query User{DBE77AC5-984E-44B4-976B-87C1EA629CCB}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{23E75A70-2BF3-42FE-A4E7-82B0331E45ED}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{692E9D1D-7BC5-40D3-8A84-F3D31E83DE87}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= UDP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"UDP Query User{0E23CF64-AE0F-4D62-9902-6C00CF0F94C3}C:\\program files\\huawei technologies\\huawei umts data card\\3 datamodem hsdpa.exe"= TCP:C:\program files\huawei technologies\huawei umts data card\3 datamodem hsdpa.exe:3 DDataModem HSDPA
"TCP Query User{92901270-D66B-41BA-96C1-EA6803A427F2}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"UDP Query User{E30F714D-D7AD-4D26-88B8-6FF141782A92}C:\\program files\\sugarcrm-4.5.1e\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\sugarcrm-4.5.1e\mysql\bin\mysqld.exe:mysqld
"TCP Query User{1ED80795-E7EF-413E-884D-B583102BF45A}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= UDP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"UDP Query User{60D4A8EE-AC74-425A-A140-A69BB0CD17A1}C:\\program files\\sugarcrm-4.5.1e\\apache2\\bin\\apache.exe"= TCP:C:\program files\sugarcrm-4.5.1e\apache2\bin\apache.exe:Apache HTTP Server
"TCP Query User{F81C2E42-C615-4AAF-A028-1E142B3B5E1F}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{72B80CA4-84EF-474A-9F2F-7A4295CD5529}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager
"{15C4A70A-6403-49EC-8B2B-3E5594577CB7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{DF489AFB-5603-4E7D-8E5D-E0D6D2974F15}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{0B1E84C4-3B2A-430F-9A79-7432269993CF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{12263D06-480C-4FE4-AD25-9D06306F48AA}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{34A02684-D24A-4CA1-8D72-47591482ADE7}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{BF29EB53-6D26-493D-841B-B0B55015ACE6}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{DE1F1B2C-EF75-46EC-B0C0-EE74D26EF30D}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{9FE57C8A-7CA5-43BD-B917-B982B2AFAF84}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{C4F38A2D-E526-429B-A5E0-251B8C9CCB89}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{82A8F417-40D2-4EA8-9E16-E0BCEAE1313F}C:\\program files\\snmpc network manager\\crserv.exe"= UDP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"UDP Query User{6460D90C-3C5C-42AC-A249-0C14AE3119A2}C:\\program files\\snmpc network manager\\crserv.exe"= TCP:C:\program files\snmpc network manager\crserv.exe:SNMPc Server
"TCP Query User{DC646897-A69E-41E3-A995-DF59BDE1FD76}C:\\program files\\snmpc network manager\\discagt.exe"= UDP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"UDP Query User{BF11F33D-2197-4667-A5D6-AEC8C3BF440A}C:\\program files\\snmpc network manager\\discagt.exe"= TCP:C:\program files\snmpc network manager\discagt.exe:DISCOVERYAGENT
"TCP Query User{2916E70F-2A86-461F-B806-C4B0485C3C7B}C:\\program files\\snmpc network manager\\hist32.exe"= UDP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"UDP Query User{8B9DFB14-E146-47DD-940D-75855A519D8E}C:\\program files\\snmpc network manager\\hist32.exe"= TCP:C:\program files\snmpc network manager\hist32.exe:History 32 Poller
"TCP Query User{8CDB1622-263E-4DE6-8462-24A6C74A9528}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{E17D0939-5B3E-4506-BA59-FDCD53633D65}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"{93DDBCCF-473B-469F-8057-6EDDDC25C96C}"= UDP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"{7A69DFBB-067F-40E4-BAE8-9FFC9FB324F7}"= TCP:C:\Windows\Temp\~os9CBC.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{95345637-FB24-4F17-B463-A89E8F353A5A}C:\\program files\\net tools\\nettools5.exe"= UDP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"UDP Query User{49542D88-5B1A-4A47-B763-1DBA63B6AD0D}C:\\program files\\net tools\\nettools5.exe"= TCP:C:\program files\net tools\nettools5.exe:Net Tools by Mohammad Ahmadi Bidakhvidi
"TCP Query User{E15B006E-3176-48AA-838B-8ED6847E01DB}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= UDP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"UDP Query User{11820745-F4A7-48BF-93FB-ED73509459A4}C:\\program files\\gfi\\languard network security scanner 8.0\\lnss.exe"= TCP:C:\program files\gfi\languard network security scanner 8.0\lnss.exe:lnss
"{547C8FF0-71C1-4E26-854F-FF726EDAF31C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4E61C821-09DA-4ED4-B979-CBE2928821B2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EFB1BC85-9420-4AF6-84D7-588037D135C3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{086064AD-E3FF-4E9C-9CA5-458C230596E1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7E6081F6-0E36-4B54-8BC6-3F80D4D6BBDF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{945E2144-BA2C-425C-A3BF-5C6F555AE164}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{414752C9-B471-49E9-B9A4-B3C2C10BA9B0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D038A45C-94EB-43A5-B3BB-FCB77629F8CB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{87B09E58-FACD-4098-BE48-E9D62C3BDEFE}C:\\windows\\system32\\rlvknlg.exe"= UDP:C:\windows\system32\rlvknlg.exe:rlvknlg.exe
"{B6B99E3B-D1FF-4983-A4EC-389E4DB15B63}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{E222D3CD-8A07-4F22-A8E0-E6C10CA7D4B9}"= UDP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"{028FE1AA-816F-43E8-9F3E-BA046911B995}"= TCP:C:\Windows\Temp\~os576E.tmp\ossproxy.exe:ossproxy.exe
"TCP Query User{24B5CAAC-EFC6-4DCC-A42E-7BF789DD2F1E}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= UDP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"UDP Query User{53D2DE27-FCD1-435F-A2DB-7076C7F21D82}C:\\users\\eoin\\documents\\azureus downloads\\portable applications\\remote administrator\\remote administrator settings\\1400000ad00002i\\r_server.exe"= TCP:C:\users\eoin\documents\azureus downloads\portable applications\remote administrator\remote administrator settings\1400000ad00002i\r_server.exe:r_server.exe
"{64901ED3-BA96-418E-85E8-B4716880EE7D}"= UDP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
"{88D1E12C-30ED-4A16-9563-2043886FD70C}"= TCP:C:\Windows\Temp\~osCC3D.tmp\ossproxy.exe:ossproxy.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-05-23 23:05]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 01:45]
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" []
R2 gfi_lnss8_attservice;GFI LANguard N.S.S. 8.0 Attendant Service;"C:\Program Files\GFI\LANguard Network Security Scanner 8.0\lnssatt.exe" -service []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 21:44]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
S0 MFX;MFX;C:\Windows\system32\drivers\MFX.sys [2006-09-01 16:55]
S3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 13:17]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3027bfd7-7b07-11dc-949a-001636e944a6}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49319c14-8bc7-11dc-b21e-001641da0939}]
\shell\Auto\command - Cn911.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 14:21:43 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 08:38:12 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-14 00:25:00 C:\Windows\Tasks\User_Feed_Synchronization-{EDEBA330-0D8D-4AC6-9BBE-DB587BD208FE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 23:31:37
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Bat\X_Bat.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-04-29 23:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 22:43:09
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
437 --- E O F --- 2008-04-29 07:03:58