Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Juan? Combofix And Hjt Logs


  • Please log in to reply
1 reply to this topic

#1 redalert

redalert

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 18 April 2008 - 07:19 AM

Hi, I think I have the juan virus. I have been getting strange system error messages and browser hijackings. I have run combofix but am still getting slow responses from I.E.... please advise.

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:56, on 18/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Danny\AppData\Local\Temp\Rar$EX00.136\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - EWPP - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7927 bytes

COMBOFIX LOG:

ComboFix 08-04-17.1 - Danny 2008-04-18 12:56:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1056 [GMT 1:00]
Running from: C:\Users\Danny\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Danny\AppData\Roaming\.#
C:\Users\Danny\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-17 18:21 . 2008-04-17 18:26 <DIR> d-------- C:\Program Files\RegistryFix
2008-04-17 00:26 . 2008-04-17 00:26 713,348 --a------ C:\Windows\System32\Windows_Backup.reg
2008-04-17 00:26 . 2008-04-17 00:26 4,468 --a------ C:\Windows\System32\IE_Backup.reg
2008-04-17 00:26 . 2008-04-17 00:26 4,280 --a------ C:\Windows\System32\startupBackup.reg
2008-04-15 17:37 . 2008-04-15 17:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-15 17:34 . 2008-04-15 17:34 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-15 17:32 . 2008-04-15 17:32 <DIR> dr-h----- C:\MSOCache
2008-04-11 13:33 . 2008-04-11 13:33 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-04-10 20:44 . 2008-04-10 20:44 <DIR> d-------- C:\Program Files\PowerISO
2008-04-05 11:23 . 2008-04-05 11:23 <DIR> d-------- C:\Users\Danny\AppData\Roaming\U3
2008-04-02 13:54 . 2008-04-02 13:54 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-02 13:46 . 2008-04-02 21:54 <DIR> d-------- C:\Program Files\VSO
2008-04-02 10:53 . 2008-04-02 13:05 <DIR> d-------- C:\Program Files\HooTech
2008-04-02 10:50 . 2008-04-02 10:51 <DIR> d-------- C:\Program Files\MP3 Audio Converter
2008-04-02 08:14 . 2008-04-02 08:14 <DIR> d-------- C:\Users\Danny\AppData\Roaming\VideoEgg
2008-04-02 00:56 . 2008-04-02 21:50 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-02 00:56 . 2008-04-02 21:50 <DIR> d-------- C:\Program Files\AVSMedia
2008-04-02 00:56 . 2003-05-21 23:50 1,700,352 --a------ C:\Windows\System32\GdiPlus.dll
2008-04-02 00:56 . 2002-01-05 14:48 974,848 --a------ C:\Windows\System32\mfc70.dll
2008-04-02 00:56 . 2002-01-05 13:40 487,424 --a------ C:\Windows\System32\msvcp70.dll
2008-04-02 00:56 . 2002-08-20 00:41 413,760 --a------ C:\Windows\System32\mpg4c32.dll
2008-04-02 00:56 . 2003-05-21 23:50 261,632 --a------ C:\Windows\System32\mcdvd_32.dll
2008-04-02 00:56 . 2003-05-21 23:50 156,910 --a------ C:\Windows\WMSysPr8.prx
2008-04-02 00:56 . 2003-03-25 05:49 98,304 --a------ C:\Windows\System32\L3CODECX.AX
2008-04-02 00:56 . 2003-05-21 23:50 82,944 --a------ C:\Windows\System32\vct3216.acm
2008-04-02 00:56 . 2004-09-06 16:06 53,248 --a------ C:\Windows\System32\xvid.ax
2008-04-02 00:56 . 2003-05-21 23:50 38,912 --a------ C:\Windows\System32\alf2cd.acm
2008-04-02 00:56 . 2000-03-14 20:55 13,239 --a------ C:\Windows\System32\Scg726.acm
2008-04-01 23:42 . 2008-04-01 23:42 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-04-01 21:59 . 2008-04-01 22:31 <DIR> d-------- C:\Windows\Downloaded Installations
2008-04-01 19:07 . 2008-03-29 18:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-01 19:07 . 2008-03-29 18:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-03-31 22:25 . 2008-03-31 22:25 831,488 --a------ C:\Windows\System32\divx_xx0a.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\Windows\System32\divx_xx0c.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\Windows\System32\divx_xx07.dll
2008-03-31 22:25 . 2008-03-31 22:25 802,816 --a------ C:\Windows\System32\divx_xx11.dll
2008-03-31 22:25 . 2008-03-31 22:25 682,496 --a------ C:\Windows\System32\DivX.dll
2008-03-31 22:25 . 2008-03-31 22:25 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-30 19:31 . 2008-04-01 19:11 <DIR> d-------- C:\Program Files\Trojan Remover
2008-03-29 17:39 . 2008-04-04 14:33 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-29 17:39 . 2008-03-29 17:39 1,409 --a------ C:\Windows\QTFont.for
2008-03-28 15:54 . 2008-03-28 15:54 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-03-28 15:36 . 2008-03-28 15:36 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Apple Computer
2008-03-28 15:36 . 2008-03-28 15:36 <DIR> d-------- C:\Program Files\iPod
2008-03-28 15:35 . 2008-03-28 15:36 <DIR> d-------- C:\Program Files\iTunes
2008-03-28 15:35 . 2008-03-28 15:35 <DIR> d-------- C:\Program Files\Bonjour
2008-03-28 15:34 . 2008-03-28 15:35 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-03-28 15:34 . 2008-03-28 15:35 <DIR> d-------- C:\ProgramData\Apple Computer
2008-03-28 15:34 . 2008-03-28 15:34 <DIR> d-------- C:\Program Files\QuickTime
2008-03-28 15:34 . 2008-03-28 15:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-28 15:33 . 2008-03-28 15:33 <DIR> d-------- C:\Users\All Users\Apple
2008-03-28 15:33 . 2008-03-28 15:33 <DIR> d-------- C:\ProgramData\Apple
2008-03-28 15:33 . 2008-03-28 15:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-28 10:32 . 2008-04-02 08:15 <DIR> d-------- C:\Users\Danny\AppData\Roaming\DivX
2008-03-28 09:09 . 2008-03-28 09:09 <DIR> d-------- C:\Users\Danny\AppData\Roaming\LG Electronics
2008-03-28 09:09 . 2008-04-02 07:57 <DIR> d--h----- C:\LG3G
2008-03-28 09:06 . 2008-03-28 09:06 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-28 09:05 . 2008-04-08 16:56 <DIR> d-------- C:\Program Files\DivX
2008-03-28 09:03 . 2008-03-28 09:03 <DIR> d-------- C:\Program Files\LG Electronics
2008-03-28 09:03 . 2007-07-11 11:45 21,632 --a------ C:\Windows\System32\drivers\lgusbmodem.sys
2008-03-28 09:03 . 2007-07-11 16:51 19,840 --a------ C:\Windows\System32\drivers\lgusbdiag.sys
2008-03-28 09:03 . 2007-07-11 11:40 12,416 --a------ C:\Windows\System32\drivers\lgusbbus.sys
2008-03-28 09:01 . 2008-03-28 09:01 <DIR> d-------- C:\Users\Danny\AppData\Roaming\InstallShield
2008-03-28 09:01 . 2008-03-28 09:02 <DIR> d-------- C:\Program Files\LG PC Suite 2
2008-03-27 23:48 . 2008-03-27 23:48 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2008-03-27 18:59 . 2008-03-27 18:59 <DIR> d-------- C:\Users\All Users\vsosdk
2008-03-27 18:59 . 2008-03-27 18:59 <DIR> d-------- C:\ProgramData\vsosdk
2008-03-27 03:58 . 2008-03-27 03:58 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-27 03:58 . 2007-03-28 20:42 29,704 --a------ C:\Windows\System32\uxtuneup.dll
2008-03-27 03:58 . 2007-04-26 16:57 16,904 --a------ C:\Windows\System32\authuitu.dll
2008-03-27 03:56 . 2008-03-27 03:56 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-03-27 03:56 . 2008-03-27 03:56 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-03-26 20:43 . 1997-01-22 22:26 565,760 --------- C:\Windows\System32\MSVCP50.DLL
2008-03-26 20:43 . 1996-08-24 12:11 384,512 --------- C:\Windows\System32\MFCO40.DLL
2008-03-26 20:43 . 1998-08-31 23:44 16,384 --a------ C:\Windows\Photo Express 2 SE.scr
2008-03-26 20:43 . 2008-03-26 20:43 319 --a------ C:\Windows\ULEAD32.INI
2008-03-26 20:42 . 2008-03-26 20:42 <DIR> d-------- C:\Program Files\Ulead Systems
2008-03-26 20:42 . 1998-07-30 13:51 305,152 --a------ C:\Windows\IsUninst.exe
2008-03-26 14:39 . 2008-03-26 14:39 <DIR> d-------- C:\Program Files\Gabest
2008-03-26 04:00 . 2008-03-26 04:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-25 23:42 . 2008-03-25 23:42 <DIR> d-------- C:\Windows\PCHEALTH
2008-03-25 23:24 . 2008-03-25 23:42 <DIR> d-------- C:\Program Files\Windows Live
2008-03-25 23:24 . 2008-03-25 23:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-25 23:23 . 2008-03-25 23:23 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-03-25 23:23 . 2008-03-25 23:23 <DIR> d-------- C:\ProgramData\WLInstaller
2008-03-25 15:26 . 1999-10-10 18:00 41,984 --------- C:\Windows\Ctregrun.exe
2008-03-25 15:24 . 1999-12-12 18:01 44,032 --------- C:\Windows\System32\CTSVCCDA.EXE
2008-03-25 15:24 . 1999-11-17 18:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE
2008-03-25 15:23 . 2008-03-25 15:25 <DIR> d--h----- C:\Program Files\Creative Installation Information
2008-03-25 15:23 . 2008-03-25 15:23 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\Users\All Users\Creative
2008-03-25 15:22 . 2008-03-25 15:22 <DIR> d-------- C:\ProgramData\Creative
2008-03-25 15:21 . 2008-03-25 15:26 <DIR> d-------- C:\Program Files\Creative
2008-03-25 14:36 . 2008-03-25 14:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-25 13:40 . 2008-04-18 12:58 <DIR> d-------- C:\Users\Danny\AppData\Roaming\uTorrent
2008-03-25 13:40 . 2008-03-25 13:40 <DIR> d-------- C:\Program Files\uTorrent
2008-03-25 02:04 . 2008-03-25 02:18 <DIR> d-------- C:\Downloads
2008-03-25 00:46 . 2008-03-25 00:46 <DIR> d-------- C:\Program Files\Seagate
2008-03-25 00:11 . 2008-03-25 00:11 <DIR> d-------- C:\Program Files\Folder Lock
2008-03-25 00:11 . 2002-12-25 10:44 380,928 --a------ C:\Windows\System32\vaultskn.ocx
2008-03-25 00:11 . 2002-12-25 10:44 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-03-25 00:11 . 2005-04-11 17:40 73,728 --a------ C:\Windows\System32\FLKill.exe
2008-03-25 00:11 . 2008-03-25 00:11 53,248 --a------ C:\Windows\System32\suppdll.dll
2008-03-25 00:11 . 1999-04-23 23:22 20,992 --a------ C:\Windows\System32\hhopen.ocx
2008-03-25 00:11 . 2008-03-25 13:48 114 --a------ C:\sccfg.sys
2008-03-24 23:31 . 2008-03-24 23:31 <DIR> d-------- C:\Users\Danny\Incomplete
2008-03-24 23:30 . 2008-04-18 08:03 <DIR> d-------- C:\Users\Danny\AppData\Roaming\LimeWire
2008-03-24 23:30 . 2008-03-24 23:30 <DIR> d-------- C:\Program Files\LimeWire
2008-03-24 21:45 . 2008-03-24 21:45 <DIR> d-------- C:\Program Files\Acesoft
2008-03-24 21:45 . 2007-01-23 01:43 277,504 --a------ C:\Windows\System32\oestore.dll
2008-03-24 21:45 . 2004-03-09 01:00 224,016 --a------ C:\Windows\System32\TabCtl32.ocx
2008-03-24 21:45 . 2004-03-09 01:00 132,880 --a------ C:\Windows\System32\msinet.ocx
2008-03-24 21:11 . 2008-04-04 14:04 <DIR> d-------- C:\Program Files\DC++
2008-03-22 22:35 . 2008-03-22 22:35 <DIR> d-------- C:\Users\Desktop
2008-03-22 22:35 . 2008-03-22 22:35 <DIR> d-------- C:\Users\All Users\CyberLink
2008-03-22 22:35 . 2008-03-22 22:35 <DIR> d-------- C:\ProgramData\CyberLink
2008-03-22 22:34 . 2003-05-21 23:50 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-03-22 22:32 . 2008-03-22 22:32 34,308 --a------ C:\Windows\System32\Chip.dll
2008-03-22 14:11 . 2008-03-22 14:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-03-22 13:42 . 2008-03-22 13:42 <DIR> d-------- C:\Users\Danny\AppData\Roaming\Media Player Classic
2008-03-22 05:50 . 2008-03-22 05:50 <DIR> d-------- C:\Users\All Users\UDL
2008-03-22 05:50 . 2008-03-22 05:50 <DIR> d-------- C:\ProgramData\UDL
2008-03-22 05:48 . 2008-03-30 18:34 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-03-22 04:21 . 2008-03-22 04:21 <DIR> d-------- C:\Program Files\Easy Video Joiner
2008-03-22 03:07 . 2008-03-22 03:07 <DIR> d-------- C:\Windows\WinAVI Video Converter 9.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 02:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 16:39 --------- d-----w C:\Program Files\MSBuild
2008-04-15 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-04-11 19:13 --------- d-----w C:\ProgramData\Roxio
2008-04-10 22:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-09 07:51 --------- d-----w C:\Program Files\Windows Mail
2008-04-01 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 21:34 --------- d-----w C:\Program Files\CyberLink
2008-03-22 04:54 --------- d-----w C:\Program Files\Picasa2
2008-03-22 04:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-22 02:28 --------- d-----w C:\ProgramData\Templates
2008-03-22 02:28 --------- d-----w C:\ProgramData\Start Menu
2008-03-22 02:28 --------- d-----w C:\ProgramData\Favorites
2008-03-22 02:28 --------- d-----w C:\ProgramData\Documents
2008-03-22 02:28 --------- d-----w C:\ProgramData\Desktop
2008-03-22 02:28 --------- d-----w C:\ProgramData\Application Data
2008-03-21 20:49 --------- d-----w C:\ProgramData\Symantec
2008-03-21 20:49 --------- d-----w C:\Program Files\Google
2008-03-21 20:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-21 19:42 174 --sha-w C:\Program Files\desktop.ini
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Journal
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Defender
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-21 19:35 --------- d-----w C:\Program Files\Windows Calendar
2008-03-21 19:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-21 19:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-21 19:11 --------- d-----w C:\ProgramData\Sonic
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-28 17:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-26 16:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-18 16:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-01-18 23:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-18 23:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-18 23:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-18 23:43 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-18 23:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-18 23:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-18 23:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-18 23:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-18 23:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-18 23:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-18 23:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-18 23:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-18 23:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-18 23:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-18 23:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-18 23:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-18 23:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-18 23:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-18 23:36 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-18 23:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-18 23:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-18 23:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-18 23:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-18 23:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-18 23:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-18 23:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-18 23:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-18 23:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-18 23:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-18 23:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-18 23:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-18 23:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-18 23:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-18 23:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-18 22:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-18 22:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-18 22:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-18 21:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-18 21:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-18 21:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-18 21:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-18 21:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-18 21:49 2,048 ----a-w C:\Windows\System32\dmdskres2.dll
2008-01-18 21:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-18 21:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 21:09 700416]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-25 13:40 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2008-03-19 11:16 714192]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29 49152]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 13:51 25088]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2008-03-19 11:16 423376]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-03-05 10:55 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
backup=C:\Windows\pss\Photo Express Calendar Checker SE.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2005-12-07 23:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 12:40 232184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
--a------ 2008-03-19 11:16 423376 C:\Program Files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SD_Tips]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 00:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-05-07 17:51 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 17:20 28672 C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B4B2A650-EC61-4313-941C-C1F34B8510C1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{895E8291-6763-47C6-8A8C-9D3E2DAA83E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{44518A9E-D4CB-4E85-AD04-BA4628150DEB}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{00F59FF9-9729-43E8-B4BF-30A0F46ECF6E}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{27D6DEDD-A2D6-4BDB-967A-3E0E1EB487DD}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54341C63-01A5-4AB9-BBEC-09EAB5D077B6}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E64F00AD-3814-4DD2-9B41-5E3B025E8E27}"= UDP:C:\Program Files\SpywareDetector\SpywareDetector.exe:SpywareDetector
"{A077CD3A-CEC9-44CA-9F00-4E0232DD7F41}"= TCP:C:\Program Files\SpywareDetector\SpywareDetector.exe:SpywareDetector
"TCP Query User{BF4F9A4F-52D4-4319-8534-4F6560B15E79}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{A1A4803D-A757-47BC-8C4B-6413EA78DF6C}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"{5EBCD708-0242-4AC7-8F09-7C7AE3C064C6}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire PRO 4.14.0
"{7D93C336-4359-4805-A486-2F2A8A94CECD}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire PRO 4.14.0
"{850D2166-D938-472D-B40E-36F198DB719D}"= UDP:C:\Program Files\SpywareDetector\TrayPopUp.exe:TrayPopUp
"{5101D492-9053-4860-91A3-11057914AB13}"= TCP:C:\Program Files\SpywareDetector\TrayPopUp.exe:TrayPopUp
"{21283249-4F79-4644-8961-BE58750A97FE}"= UDP:C:\Program Files\SpywareDetector\UpdatePopUp.exe:UpdatePopUp
"{EFC52258-DFE4-4137-8A20-7A796E182790}"= TCP:C:\Program Files\SpywareDetector\UpdatePopUp.exe:UpdatePopUp
"{694BB850-354B-48F5-947D-325F00B42AC5}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
"{AE1CF9DB-0208-4BA0-AF58-D7F7F2FA392A}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
"{89085034-6A53-499D-924E-7E35288251C1}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{5922DB9A-AE70-4480-9FAC-B0674C7F55CC}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:Ad-Aware 2007
"{45367856-55BB-4638-A3E5-CEC8A9AD158B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4C5EB1B6-5A9C-4ECA-B29D-103727A23A88}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{080DE7E0-A825-464B-ACBA-AA9F9BC49DD3}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7DD04753-74F9-4F03-BE05-403B35F0F528}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6D92E28C-B5F8-4E8F-B7C4-A73DA36F137C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{3F9ED9D6-5BA2-48FB-A90F-98FDAA071EA8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{31276F59-E9F9-4767-9A13-6F287022C3DA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{086FE273-4E07-4AC9-95C9-B0CC35A4667D}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{CF5A0AFB-35B2-4ED4-8F89-5373F58EECF7}C:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{1903FB50-66F0-4A79-A61C-411CEAC55F2D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2CDEE036-AA1F-4109-9476-F694D03C947F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{292930B6-2835-4934-B619-16869F9E5DCF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C45C8B05-92E4-466D-98EC-BF88A27A28E9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B5C7BAAE-7063-4F28-9632-251F290659FD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a4993e-024b-11dd-82f2-001d7d25f7ef}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 16:44:11 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-28 22:57:09 C:\Windows\Tasks\HDReg.job"
- C:\Program Files\HDReg\HDRegRem.exe
"2008-04-18 11:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-04-18 10:45:25 C:\Windows\Tasks\User_Feed_Synchronization-{854282B5-16BE-4D1B-A1D7-45BAD54A7980}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 12:58:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 12:59:24
ComboFix-quarantined-files.txt 2008-04-18 11:59:17

Pre-Run: 251,961,278,464 bytes free
Post-Run: 251,918,233,600 bytes free
.
2008-04-16 02:03:48 --- E O F ---

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:26 AM

Posted 02 May 2008 - 11:27 AM

Hello redalert

Welcome to BleepingComputer :thumbsup:
========================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users