Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches redirecting to different website problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 shrinks

shrinks

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 November 2008 - 03:28 PM

Hi,
I am recently having the same google search redirecting to different websites. I read some of the forum about combofix and I want to try that too. I have zone alarm pro installed on my PC which is of no use. Can anyone help me regarding this pleaseee... I am frustrated ....
Thanks

BC AdBot (Login to Remove)

 


#2 shrinks

shrinks
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 November 2008 - 03:33 PM

Please somebody help me.. I have important work to do.. and I dont want to format my laptop :huh:

#3 shrinks

shrinks
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 20 November 2008 - 04:15 PM

here is my combofix report


ComboFix 08-11-19.08 - Shrinivas 2008-11-20 13:40:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.678 [GMT -6:00]
Running from: c:\shrinivas\ComboFix.exe
Command switches used :: c:\shrinivas\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\skinboxer43.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-20 02:20 . 2008-11-20 02:20 <DIR> d-------- c:\users\All Users\CheckPoint
2008-11-20 02:20 . 2008-11-20 02:20 <DIR> d-------- c:\programdata\CheckPoint
2008-11-20 02:20 . 2008-11-20 02:20 <DIR> d-------- c:\program files\Zone Labs
2008-11-20 02:20 . 2008-01-09 03:31 1,086,952 --a------ c:\windows\System32\zpeng24.dll
2008-11-20 02:20 . 2008-01-09 03:32 276,368 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2008-11-20 02:17 . 2008-11-20 13:43 351,783 --ah----- c:\windows\System32\drivers\vsconfig.xml
2008-11-20 02:17 . 2008-01-09 03:32 276,368 --------- c:\windows\System32\drivers\vsdatant.sys
2008-11-19 21:28 . 2008-11-19 21:28 4,212 ---h----- c:\windows\System32\zllictbl.dat
2008-11-19 21:27 . 2008-11-20 03:23 <DIR> d-------- c:\windows\System32\ZoneLabs
2008-11-19 21:25 . 2008-11-20 13:45 <DIR> d-------- c:\windows\Internet Logs
2008-11-18 02:59 . 2008-11-18 02:59 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-18 02:57 . 2008-11-18 02:57 <DIR> d-------- c:\program files\homeview
2008-11-16 00:03 . 2008-11-18 03:00 213,008,413 --a------ c:\windows\MEMORY.DMP
2008-11-11 22:41 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 22:41 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 22:40 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-10 13:53 . 2008-11-10 13:53 2,306,113 --a------ c:\windows\System32\GPhotos.scr
2008-11-02 18:22 . 2008-11-02 20:46 <DIR> d-------- c:\users\Shrinivas\AppData\Roaming\WordWeb
2008-10-31 19:02 . 2008-10-31 22:35 <DIR> d-------- c:\program files\MP3 Player Sync to PC Software
2008-10-31 17:58 . 2008-10-31 17:58 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-31 15:52 . 2008-10-31 16:43 <DIR> d-------- c:\users\Shrinivas\AppData\Roaming\Skype
2008-10-31 03:24 . 2008-04-26 02:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-10-30 22:59 . 2008-10-30 22:59 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-30 22:50 . 2008-10-30 22:50 <DIR> d-------- C:\PerfLogs
2008-10-28 16:06 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 16:06 . 2008-01-19 01:36 37,888 --a------ c:\windows\System32\printcom.dll
2008-10-25 00:54 . 2008-10-25 00:54 <DIR> d-------- c:\program files\SanDisk
2008-10-25 00:54 . 2008-10-25 00:54 524,288 --ahs---- C:\ntuser.dat{0111e72f-a256-11dd-a73f-001c23fe9da6}.TMContainer00000000000000000002.regtrans-ms
2008-10-25 00:54 . 2008-10-25 00:54 524,288 --ahs---- C:\ntuser.dat{0111e72f-a256-11dd-a73f-001c23fe9da6}.TMContainer00000000000000000001.regtrans-ms
2008-10-25 00:54 . 2008-10-25 00:54 262,144 --a------ C:\ntuser.dat
2008-10-25 00:54 . 2008-10-25 00:54 65,536 --ahs---- C:\ntuser.dat{0111e72f-a256-11dd-a73f-001c23fe9da6}.TM.blf
2008-10-25 00:54 . 2008-02-03 09:53 15,760 --a------ c:\windows\System32\iviaspi.sys
2008-10-25 00:54 . 2008-10-25 00:54 5,120 --ah----- C:\ntuser.dat.LOG1
2008-10-25 00:54 . 2008-10-25 00:54 0 --ah----- C:\ntuser.dat.LOG2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 19:46 --------- d-----w c:\users\Shrinivas\AppData\Roaming\DNA
2008-11-20 19:45 --------- d---a-w c:\programdata\TEMP
2008-11-20 10:13 --------- d-----w c:\users\Shrinivas\AppData\Roaming\BitTorrent
2008-11-20 09:53 --------- d-----w c:\program files\Bonjour
2008-11-20 07:53 --------- d-----w c:\programdata\Google Updater
2008-11-19 07:33 --------- d-----w c:\program files\live_india
2008-11-18 08:57 --------- d-----w c:\users\Shrinivas\AppData\Roaming\Yahoo!
2008-11-14 08:54 --------- d-----w c:\program files\SBP
2008-11-03 00:57 --------- d-----w c:\program files\WordWeb
2008-10-31 05:29 --------- d-----w c:\program files\Google
2008-10-31 05:04 174 --sha-w c:\program files\desktop.ini
2008-10-31 04:54 --------- d-----w c:\program files\Windows Sidebar
2008-10-31 04:54 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-31 04:54 --------- d-----w c:\program files\Windows Mail
2008-10-31 04:54 --------- d-----w c:\program files\Windows Defender
2008-10-31 04:54 --------- d-----w c:\program files\Windows Collaboration
2008-10-31 04:54 --------- d-----w c:\program files\Windows Calendar
2008-10-31 03:44 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-31 03:44 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-31 02:59 --------- d-----w c:\users\Shrinivas\AppData\Roaming\TAC Start Button
2008-10-25 06:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-14 19:40 --------- d-----w c:\program files\Common Files\xing shared
2008-10-14 19:39 --------- d-----w c:\program files\Common Files\Real
2008-10-11 03:11 1,293,504 ----a-w c:\windows\System32\wweb32.dll
2008-10-09 08:20 --------- d-----w c:\users\Shrinivas\AppData\Roaming\Apple Computer
2008-10-09 08:19 --------- d-----w c:\program files\Safari
2008-10-09 08:16 --------- d-----w c:\program files\QuickTime
2008-10-09 08:15 --------- d-----w c:\programdata\Apple Computer
2008-10-09 08:12 --------- d-----w c:\programdata\Apple
2008-10-09 08:12 --------- d-----w c:\program files\Apple Software Update
2008-10-09 00:19 --------- d-----w c:\program files\Free Vista Screensaver
2008-10-09 00:19 --------- d-----w c:\program files\Desktop XP
2008-10-04 20:49 --------- d-----w c:\program files\Ssss
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 17:28 --------- d-----w c:\programdata\Yahoo!
2008-10-01 05:05 --------- d-----w c:\users\Shrinivas\AppData\Roaming\Winamp
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-26 04:38 --------- d-----w c:\users\Shrinivas\AppData\Roaming\AVS4YOU
2008-09-26 04:38 --------- d-----w c:\programdata\AVS4YOU
2008-09-26 04:38 --------- d-----w c:\program files\Common Files\AVSMedia
2008-09-26 04:38 --------- d-----w c:\program files\AVS4YOU
2008-09-21 04:23 --------- d-----w c:\programdata\Yahoo! Companion
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-09 02:19 724,992 ----a-w c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cd06f21e-7176-408c-90d7-9e1d67f61bd5}"= "c:\program files\live_india\tbliv1.dll" [2008-11-19 1784856]

[HKEY_CLASSES_ROOT\clsid\{cd06f21e-7176-408c-90d7-9e1d67f61bd5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]
2008-07-04 09:04 1962496 --a------ c:\progra~1\SCOURT~1\SCOURT~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd06f21e-7176-408c-90d7-9e1d67f61bd5}]
2008-11-19 01:34 1784856 --a------ c:\program files\live_india\tbliv1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd06f21e-7176-408c-90d7-9e1d67f61bd5}"= "c:\program files\live_india\tbliv1.dll" [2008-11-19 1784856]
"{A057A204-BACC-4D26-9A9E-3AF287E2699B}"= "c:\progra~1\SCOURT~1\SCOURT~1.DLL" [2008-07-04 1962496]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD06F21E-7176-408C-90D7-9E1D67F61BD5}"= "c:\program files\live_india\tbliv1.dll" [2008-11-19 1784856]
"{A057A204-BACC-4D26-9A9E-3AF287E2699B}"= "c:\progra~1\SCOURT~1\SCOURT~1.DLL" [2008-07-04 1962496]

[HKEY_CLASSES_ROOT\clsid\{cd06f21e-7176-408c-90d7-9e1d67f61bd5}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9a9e-3af287e2699b}]
[HKEY_CLASSES_ROOT\scourtoolbar.SCOURTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-26 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\Shrinivas\Program Files\DNA\btdna.exe" [2008-11-19 342336]
"Google Update"="c:\users\Shrinivas\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-11 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-11 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSConfig"="c:\windows\system32\MSCONFIG.exe" [2008-01-19 227840]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"gidle"="c:\program files\gAlwaysIdle\gidle.exe" [2008-01-07 49152]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 959976]

c:\users\Shrinivas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\program files\Dell Network Assistant\ezi_hnm2.exe [2007-05-25 964144]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2008-02-12 42176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinKey.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinKey.lnk
backup=c:\windows\pss\WinKey.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2007-12-12 09:11 72192 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 14:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
--a------ 2006-01-24 22:07 61440 c:\windows\VM303_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R280 Series]
--a------ 2007-04-13 06:00 182272 c:\windows\System32\spool\drivers\w32x86\3\E_FATICKA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-04 01:01 133104 c:\users\Shrinivas\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-26 17:26 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAC Start Button]
--a------ 2008-06-08 15:56 1385288 c:\program files\TAC Start Button\TACStartButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-14 13:38 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A961D8CD-7ECF-42B5-9BA6-C7FB1D704106}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{DA952A53-308F-486E-BE58-B6BCF90C7A06}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C69B08F6-91B2-4078-9044-EB62D3F1E646}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{C9B15764-000A-4833-BA93-4620E95CFBB2}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{7C56C5D2-4FBF-4733-97AF-55DEB8A2DB09}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{3004E4C9-CD8B-4073-B930-4E94E7148191}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{08EAF5B4-2E28-41D7-987D-01E73628690A}"= TCP:10421:SingleClick Discovery Protocol
"{39E96E55-88AE-446B-8AB1-958B25B0604A}"= UDP:139:NetBIOS File/Printer Sharing
"{6E93945C-04B1-4234-A157-D4B52DB74E31}"= TCP:10426:SingleClick ICC
"{FE6BDD16-0295-4C25-A5E5-2B5D10C1894B}"= UDP:445:Microsoft Directory Services
"{80AAE937-B7DE-41AE-8E85-62836FAD375D}"= TCP:138:NetBIOS Datagram Service
"{B911BD99-71F0-4A3E-9080-83B07950ABDF}"= TCP:137:NetBIOS Name Service
"{B537B04C-7B9E-477C-B676-40C7B4FCCA1A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E82A76DF-558C-42C6-BDA9-4D94691EC8B6}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F1BEC3D3-11FC-4346-B2AD-003FE841BDEC}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5BB23C75-B3DF-4C06-9B4B-E30C117AB720}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CCF231D9-C652-41A5-8958-4B9C2323802D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DB9DB361-E684-495B-B0DD-91C80BD07D28}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{03B1C004-D33D-432D-9F20-FFCE4642CFFD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{09183E88-46B6-4463-9B4A-9AC4FA45A856}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D7EA9C7-AFA8-45EF-ABE2-5F5415A09D90}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{100CDD55-63E6-439C-8C63-6116E7A6DF3B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{343FB73B-24AB-4249-B418-C9686A61F49F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{413A4FF9-9B9B-4330-B31E-6A531D7CC612}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{74728360-F512-4425-B9FC-4543D446F808}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B5E52AC9-12B5-4473-95BC-0A5BA520E986}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{35E54238-34E7-4BC9-8694-FA64991BEB29}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{0B1F250D-B79C-450E-A9BB-4CC5E9A8FAA6}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{D4A95B2B-6850-48F5-8684-733480E66CDF}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{24589360-7D29-410F-8CAE-23D40EB3F333}\\\\laser\\apps\\silvaco\\lib\\sipc\\1.2.3.r\\x86-nt\\sipc_console.exe"= UDp:\\laser\apps\silvaco\lib\sipc\1.2.3.r\x86-nt\sipc_console.exe:sipc_console.exe
"UDP Query User{CE74C593-BE01-42BF-A42E-425A5BAE2D73}\\\\laser\\apps\\silvaco\\lib\\sipc\\1.2.3.r\\x86-nt\\sipc_console.exe"= TCp:\\laser\apps\silvaco\lib\sipc\1.2.3.r\x86-nt\sipc_console.exe:sipc_console.exe
"TCP Query User{C1A4D95A-A5F0-4FDE-81B5-79C97B0BED3B}c:\\program files\\dell network assistant\\ezi_hnm2.exe"= UDP:c:\program files\dell network assistant\ezi_hnm2.exe:Advanced Networking Application
"UDP Query User{0EEA9DF7-5C1A-4BB2-9E73-634867521DBE}c:\\program files\\dell network assistant\\ezi_hnm2.exe"= TCP:c:\program files\dell network assistant\ezi_hnm2.exe:Advanced Networking Application
"TCP Query User{21C10DF6-9048-4969-BB91-1CCF32684C92}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{E7480C39-FF2B-469B-A4E9-B29AA4B89B75}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{4B33C6E6-AD12-4CAF-8025-F534D50A01CB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1D5C86B7-622F-4632-AB94-31542C2DD419}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DE578C72-E3FF-4694-8F7B-004740158C00}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{E6A0E786-166F-4649-B33D-822E43B72369}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{618EFF4B-335C-401B-95C4-66B1FFFAC4CA}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{8069A8CF-573C-4725-97F4-925A3989D67A}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{CCD8FE59-E790-4DA9-8E59-057C39BECD54}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{37DE3C97-0989-4099-B221-A91E452106BD}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{77AADC6D-D74B-49C9-B354-073E71DF7A8A}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2DCA0EE2-F948-4565-8F97-A7FF2B79289B}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C9A52A70-B701-46FC-A903-DC37608D6BED}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A5DD9867-39A1-42F3-B60E-1985D06D59B4}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{78D3C620-3D94-4D52-9DCB-7C12F0CCC7E7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{DDB187A4-C319-4C45-8E39-3EC5FDDADAC7}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{A68B0D77-EA26-41E3-B62B-CFB493E34990}c:\\program files\\google\\google desktop search\\googledesktop.exe"= UDP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"UDP Query User{A4D00EE6-17D1-422F-8D36-FD3F3DAF5C0E}c:\\program files\\google\\google desktop search\\googledesktop.exe"= TCP:c:\program files\google\google desktop search\googledesktop.exe:Google Desktop
"TCP Query User{B7FE7799-04BB-484A-9EEE-8124104B94EC}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{47D8E31A-8C97-4F7D-9EBB-63C8317F5BC2}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{EF968183-84CF-45FD-9E8C-E9A2058808C1}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{6DD50882-7D9B-4640-AAF5-D161A4EE75E3}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{2F18D8E2-EF8E-4BBE-886B-5BCFC52F166B}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{F61C5597-06DD-44BF-A0B0-A96ACA43EADF}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1A855C63-4D8E-4A50-BBAC-D46CE7B2BB3B}c:\\matlab701\\bin\\win32\\matlab.exe"= UDP:c:\matlab701\bin\win32\matlab.exe:MATLAB
"UDP Query User{355D7B47-DD5A-4230-BCB3-B845F17E626D}c:\\matlab701\\bin\\win32\\matlab.exe"= TCP:c:\matlab701\bin\win32\matlab.exe:MATLAB
"TCP Query User{0EC394E2-DFBE-4B34-A59F-4B68D7A30D9A}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{1C6572E8-F80F-4D33-8A52-C5AFDA15F320}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{CEF1969A-A43F-4AC3-A591-800E0BD2EC57}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{18646547-4D0F-4343-9899-39A0CF573F57}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"TCP Query User{3D8D1493-B814-4B63-97BD-F55F65B7E35B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FB0E1A4D-0FC2-4283-9774-80964D162BEF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{FD1A7C4A-50DE-4050-85A9-1BA2EC332C2F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{076AF7DE-FB98-4A7D-AA02-1F5B7589149A}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{91E842D8-29DB-4C6C-8F75-0CDA48767E74}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{84C82489-5DE2-4EE6-BE64-E45CB4627E20}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B1527B71-C60A-4C07-8A08-5D0593B0F64C}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{FCC20A09-08D9-465C-A4E2-35F8C6F07FB2}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{387AD4D3-B322-4ABD-A012-6502E9A8CACC}c:\\users\\shrinivas\\program files\\dna\\btdna.exe"= UDP:c:\users\shrinivas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{D696E50E-2695-4D55-8F07-459E75390978}c:\\users\\shrinivas\\program files\\dna\\btdna.exe"= TCP:c:\users\shrinivas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{443C7DC1-B536-43B3-A905-7B0EAD8B14AC}c:\\users\\shrinivas\\desktop\\conquerors\\age2_x1.exe"= UDP:c:\users\shrinivas\desktop\conquerors\age2_x1.exe:age2_x1.exe
"UDP Query User{035F3B26-C397-4C67-934C-AC14C1537BFA}c:\\users\\shrinivas\\desktop\\conquerors\\age2_x1.exe"= TCP:c:\users\shrinivas\desktop\conquerors\age2_x1.exe:age2_x1.exe
"TCP Query User{B8929B5B-864B-4989-BA06-5323A920861B}c:\\users\\shrinivas\\program files\\dna\\btdna.exe"= UDP:c:\users\shrinivas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{067A8FF7-857D-4586-8B8A-C57BDF92E253}c:\\users\\shrinivas\\program files\\dna\\btdna.exe"= TCP:c:\users\shrinivas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{C039C1D5-9412-4953-B933-7377D9083A65}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{4848222B-96D9-415F-BBBF-A2F8ABEE6D01}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{7D9CD476-DDD3-4073-BBEA-FB7ADBE72F56}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{3DB16CDB-8811-4667-BE92-F4597893F128}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{766807E5-8503-46FF-B9BC-6EF29CE16E4B}c:\\users\\shrinivas\\desktop\\conquerors\\age2_x1.exe"= UDP:c:\users\shrinivas\desktop\conquerors\age2_x1.exe:age2_x1.exe
"UDP Query User{3B2393A6-A6C6-4D76-88AC-5A01574EAF8A}c:\\users\\shrinivas\\desktop\\conquerors\\age2_x1.exe"= TCP:c:\users\shrinivas\desktop\conquerors\age2_x1.exe:age2_x1.exe
"TCP Query User{48D7DCF0-1359-4598-8637-8D5D59AA80B8}c:\\users\\shrinivas\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\shrinivas\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{E7576227-BFD9-427D-93DD-533B3EDF7841}c:\\users\\shrinivas\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\shrinivas\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{E13E00F4-F754-4D8B-96C7-3DCCDFFA23A1}c:\\users\\shrinivas\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:c:\users\shrinivas\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4343501E-469E-4BBA-8AC9-78BBC26CAA75}c:\\users\\shrinivas\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:c:\users\shrinivas\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{2DB21362-DE9E-4DA0-BEEA-12C0B2D5FA0B}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{79445B19-AF5D-4BF8-B168-6AA1EA08CA81}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{2D72ED9F-A3DB-4AAF-A4F7-0A874CA5EF0D}c:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{9C63BFA1-25EF-4108-A42A-AE7A2689434D}c:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:c:\program files\sony ericsson\update service\update service.exe:Update Service
"{F1F2AF0C-5162-43FB-8955-A4BE19EB134F}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CB4171A6-B693-406D-B4B5-7ABF26865545}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{E6B09CA2-4DFB-4834-B718-32A5FB5DA91D}f:\\counter-strike 1.6\\czero.exe"= UDP:f:\counter-strike 1.6\czero.exe:Condition Zero Launcher
"UDP Query User{63C760D5-5385-4468-B322-3D7A3EDD3816}f:\\counter-strike 1.6\\czero.exe"= TCP:f:\counter-strike 1.6\czero.exe:Condition Zero Launcher
"TCP Query User{2CA07AC5-9A4A-4796-BCF5-221F970CD735}f:\\counter-strike 1.6\\czero.exe"= UDP:f:\counter-strike 1.6\czero.exe:Condition Zero Launcher
"UDP Query User{EE3F7863-10F9-4BBB-9A46-1FAC895F37A0}f:\\counter-strike 1.6\\czero.exe"= TCP:f:\counter-strike 1.6\czero.exe:Condition Zero Launcher
"TCP Query User{99710073-E50B-4FA5-A5E3-5E84F8127D02}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{5ACEB9FD-F2C7-45CA-92F9-6BD4EF1C922E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{19E96AFA-7B64-4638-9097-25FB1C349268}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D17DCBE8-3DF0-41BA-8B3A-56DE4C71A845}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D4AC88C6-5133-4A0C-B511-63515C7B0C41}c:\\users\\shrinivas\\desktop\\counter-strike 1.6\\hltv.exe"= UDP:c:\users\shrinivas\desktop\counter-strike 1.6\hltv.exe:hltv.exe
"UDP Query User{A3095C2E-674F-4297-B13C-2CE253308174}c:\\users\\shrinivas\\desktop\\counter-strike 1.6\\hltv.exe"= TCP:c:\users\shrinivas\desktop\counter-strike 1.6\hltv.exe:hltv.exe
"TCP Query User{D8F3AF8E-67A2-4900-808C-5CFFAB6770BC}c:\\users\\shrinivas\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\shrinivas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{8BEA6EC3-4282-4DD1-BEF6-E5B740FCA1DB}c:\\users\\shrinivas\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\shrinivas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"TCP Query User{7965821D-B2D2-4930-908D-5CFA7E6FF0EF}c:\\windows\\system32\\zonelabs\\vsmon.exe"= UDP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service
"UDP Query User{F426A52A-C316-49DD-A1E6-1A89EA9A3B7A}c:\\windows\\system32\\zonelabs\\vsmon.exe"= TCP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-27 179712]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-02-12 13352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-02-12 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-02-12 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-02-12 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-02-12 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-02-12 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{842df2a1-fa7f-11dc-80dd-001c23fe9da6}]
\shell\AutoRun\command - F:\1weicxa.com
\shell\explore\Command - F:\1weicxa.com
\shell\open\Command - F:\1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab8c7fd-4ea8-11dd-98dd-001c23fe9da6}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7fefb8-5046-11dd-8b8a-001c23fe9da6}]
\shell\AutoRun\command - rthrw.com
\shell\explore\Command - rthrw.com
\shell\open\Command - rthrw.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b00bcc95-e0f3-11dc-b953-001c23fe9da6}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Shrinivas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 01:01]

2008-11-20 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2007-09-26 08:53]

2008-11-20 c:\windows\Tasks\User_Feed_Synchronization-{05698465-C620-485F-A00A-27B450297219}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Microsoft Help - c:\recycler\lol.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 13:44:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\kdhod.exe 74752 bytes executable
c:\users\Shrinivas\AppData\Local\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\program files\gAlwaysIdle\gidle.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\matlab701\webserver\bin\win32\matlabserver.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\matlab701\bin\win32\MATLAB.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-11-20 13:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-20 19:57:57

Pre-Run: 2,174,214,144 bytes free
Post-Run: 2,194,108,416 bytes free

417 --- E O F --- 2008-11-14 07:47:48

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:00 AM

Posted 20 November 2008 - 04:42 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users