Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Iownyoujk

Iownyoujk

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 22 February 2009 - 08:28 PM

I have some weird things coming up in the hijack this log,can anybody tell me if I am infected in some way?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:24 PM, on 2/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\GenevaLogic\Vision\XL\MeSuAx.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GenevaLogic\Vision\XL\MeUiHlp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mercnetstudios.com/temperedstor...hpBB3/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Surf-Lock 2 - {8D1BB7F3-F92A-40C1-93B9-15893C2FA4A4} - C:\Program Files\GenevaLogic\Vision\Plugins\Surf-Lock\sl2iebho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MeUiHelper] "C:\Program Files\GenevaLogic\Vision\XL\MeUiHlp.exe"
O4 - HKLM\..\Run: [POL Agent] "C:\Program Files\POL\POL.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Todo List.txt
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca0bb9d2a0) (gupdate1c95ca0bb9d2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Vision WTS Helper (MeSuWTS) - GenevaLogic AG - C:\Program Files\GenevaLogic\Vision\XL\mesuwts.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Newest Maplestory\npkcmsvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14734 bytes

BC AdBot (Login to Remove)

 


#2 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 26 February 2009 - 08:29 PM

Title was: Computer Running REALLY SLOW, My virtual computer internet works fast,but not my main ~ OB

I ran hijack this on my main computer and posted this from a virtual computer because my normal computer internet is slow, please help me with this.I think something is slowing down my connection on my main computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:08 PM, on 2/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GenevaLogic\Vision\XL\MeSuAx.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GenevaLogic\Vision\XL\MeUiHlp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
C:\Program Files\HyCam2\HyCam2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bleepingcomputer.com/admissions/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Surf-Lock 2 - {8D1BB7F3-F92A-40C1-93B9-15893C2FA4A4} - C:\Program Files\GenevaLogic\Vision\Plugins\Surf-Lock\sl2iebho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MeUiHelper] "C:\Program Files\GenevaLogic\Vision\XL\MeUiHlp.exe"
O4 - HKLM\..\Run: [POL Agent] "C:\Program Files\POL\POL.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Todo List.txt
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\glsphost.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A6FA18D-A133-4F0D-A48E-F7827E031C06}: NameServer = 68.87.72.130,68.87.77.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c95ca0bb9d2a0) (gupdate1c95ca0bb9d2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Vision WTS Helper (MeSuWTS) - GenevaLogic AG - C:\Program Files\GenevaLogic\Vision\XL\mesuwts.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Newest Maplestory\npkcmsvc.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14881 bytes

Edited by Orange Blossom, 27 February 2009 - 09:05 PM.
Merged topics. ~ OB


#3 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 28 February 2009 - 07:33 PM

I do not mean to bump but this still has not been fixed and combining two post times it has been over 5 days without any response.Do I post this somewhere else since it has been over that 5 days?

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:43 PM

Posted 01 March 2009 - 04:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 01 March 2009 - 06:33 PM

As you requested,the dds log,and the attach from dds attached!
I appriciate you are willing to use some of your time to help me out!
DDS (Ver_09-02-01.01) - NTFSx86
Run by Private Maple Server at 18:17:42.58 on Sun 03/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1490 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\GenevaLogic\Vision\XL\MeUiHlp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\GenevaLogic\Vision\XL\mesuwts.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Nexon\Newest Maplestory\npkcmsvc.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\GenevaLogic\Vision\XL\MeSuAx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Movie Maker\MOVIEMK.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Private Maple Server\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uStart Page = hxxp://www.bleepingcomputer.com/admissions/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Surf-Lock2 Internet Explorer Extension: {8d1bb7f3-f92a-40c1-93b9-15893c2fa4a4} - c:\program files\genevalogic\vision\plugins\surf-lock\sl2iebho.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [autochk] "rundll32.exe" c:\users\privat~1\protect.dll,_IWMPEvents@16
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MeUiHelper] "c:\program files\genevalogic\vision\xl\MeUiHlp.exe"
mRun: [POL Agent] "c:\program files\pol\POL.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
StartupFolder: c:\users\private maple server\appdata\roaming\microsoft\windows\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\users\privat~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\users\private maple server\appdata\roaming\microsoft\windows\start menu\programs\startup\Todo List.txt
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\private maple server\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\glsphost.dll
Trusted Zone: masterjakeonline.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
TCP: {1A6FA18D-A133-4F0D-A48E-F7827E031C06} = 68.87.72.130,68.87.77.130
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: PRODNAME_APPMGR: {f911591f-d659-40ed-b048-eb8f8e48ab00} - c:\windows\system32\MeAMHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\privat~1\appdata\roaming\mozilla\firefox\profiles\3pb5enhm.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

============= SERVICES / DRIVERS ===============

R1 MENET;MENET;c:\windows\system32\drivers\MeNet.sys [2008-9-15 47864]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-11-21 170640]
R2 MeSuWTS;Vision WTS Helper;c:\program files\genevalogic\vision\xl\mesuwts.exe [2008-9-15 169208]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-24 809296]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2008-12-15 185640]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-21 15504]
R3 meddmrr;meddmrr;c:\windows\system32\drivers\meddmrr.sys [2008-9-15 4608]
R3 mekbd;mekbd;c:\windows\system32\drivers\mekbd.sys [2008-9-28 11264]
R3 memice;memice;c:\windows\system32\drivers\memice.sys [2008-9-28 10240]
S2 gupdate1c95ca0bb9d2a0;Google Update Service (gupdate1c95ca0bb9d2a0);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-2-15 52240]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-5-17 648456]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 PowerManager;Power Manager; [x]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-03-01 15:56 268 a---h--- C:\sqmdata02.sqm
2009-03-01 15:56 244 a---h--- C:\sqmnoopt02.sqm
2009-03-01 10:40 268 a---h--- C:\sqmdata01.sqm
2009-03-01 10:40 244 a---h--- C:\sqmnoopt01.sqm
2009-02-28 20:50 22,016 a--sh--- c:\users\private maple server\protect.dll
2009-02-28 20:50 22,016 a--sh--- c:\windows\system32\autochk.dll
2009-02-28 20:48 <DIR> --d----- c:\windows\cfig
2009-02-23 16:55 355,141,591 a------- c:\windows\MEMORY.DMP
2009-02-20 21:51 <DIR> --d----- c:\users\privat~1\appdata\roaming\BitTorrent
2009-02-20 21:50 <DIR> --d----- c:\program files\DNA
2009-02-20 21:50 <DIR> --d----- c:\users\privat~1\appdata\roaming\DNA
2009-02-20 21:50 <DIR> --d----- c:\program files\BitTorrent
2009-02-18 18:57 3,854 a------- C:\rollback.ini
2009-02-18 18:12 31,833,120 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-18 18:12 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-18 17:49 <DIR> --d----- c:\programdata\MailFrontier
2009-02-18 17:47 72,592 a------- c:\windows\zllsputility.exe
2009-02-18 17:44 22,528 a------- c:\windows\system32\netiougc.exe
2009-02-18 17:44 170,496 a------- c:\windows\system32\tcpipcfg.dll
2009-02-18 17:44 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-02-18 17:44 <DIR> --d----- c:\program files\Zone Labs
2009-02-18 17:42 294,288 a------- c:\windows\system32\drivers\vsdatant.sys
2009-02-18 17:42 349,222 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-02-18 17:42 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-02-18 17:41 <DIR> --d----- c:\programdata\CheckPoint
2009-02-18 17:41 <DIR> --d----- c:\progra~2\CheckPoint
2009-02-18 17:41 <DIR> --d----- c:\windows\Internet Logs
2009-02-14 22:04 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 22:04 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 22:04 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 22:04 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 22:04 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-14 10:45 <DIR> --d----- c:\program files\AskBarDis
2009-02-11 15:44 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 15:44 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-10 16:54 <DIR> --d----- c:\program files\Microsoft Virtual PC
2009-02-07 10:40 <DIR> --d----- c:\program files\Hacker Evolution
2009-02-03 21:11 <DIR> --d----- c:\program files\AssaultCube_v1.0
2009-01-31 16:10 <DIR> --d----- c:\program files\OpenAL
2009-01-31 16:10 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-01-31 16:10 110,592 a------- c:\windows\system32\OpenAL32.dll

==================== Find3M ====================

2009-02-18 17:43 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-18 17:43 51,200 a------- c:\windows\inf\infpub.dat
2009-02-18 17:43 86,016 a------- c:\windows\inf\infstor.dat
2009-01-25 17:47 296,028 a------- C:\WTFMs.zip
2009-01-25 14:54 22,260,008 a------- C:\SkypeSetup.exe
2009-01-25 14:53 2,249,512 a------- C:\SkypeInstaller-Beta.exe
2009-01-24 16:45 15,083,520 a------- C:\spybotsd160.exe
2009-01-22 21:14 812,344 a------- C:\HJTInstall.exe
2009-01-18 22:32 4,989 a------- C:\Disorderly_Hax-thegaiacheater.zip
2009-01-18 22:08 40,960 a------- C:\Sonny_2_Trainer.exe
2009-01-17 22:15 785,029 a------- C:\freesmtp.zip
2009-01-16 22:14 51,659 a------- C:\HunterStory.zip
2009-01-16 10:05 376,832 a------- C:\Ter. War Online Trainer V1.5.exe
2009-01-15 11:36 368,643 a------- C:\ccsetup116.exe
2009-01-15 07:18 5,143,929 a------- C:\ophcrack-win32-installer-3.1.0.exe
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-09-28 14:37 1,410,497 a------- c:\program files\UnhSolutions.zip
2008-09-01 14:37 0 a------- c:\users\private maple server\jagex_runescape_preferences.dat
2008-07-20 18:05 13 ----h--- c:\programdata\1ĚŘ13.sys
2008-07-20 18:05 13 ----h--- c:\progra~2\1ĚŘ13.sys
2008-06-22 19:52 64,447,744 a------- c:\users\private maple server\AC Web Ultimate Repack.exe
2008-06-22 19:43 23,510,720 a------- c:\users\private maple server\dotnetfx.exe
2008-06-11 18:02 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-23 20:22 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-23 20:22 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-23 20:22 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:20:26.37 ===============

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:43 PM

Posted 02 March 2009 - 08:09 PM

Hello, Iownyoujk
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/205746/am-i-infected/
  • Where it says "Browse to the file you want to submit", browse to
    c:\windows\system32\glsphost.dll
  • Press the Posted Image button.
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 03 March 2009 - 05:46 PM

Hello Billy!
I submitted glsphost.ddl and ran the combofix program.Also it deleted autochk.ddl,is the the autorun feature? Well anyway here is the log,and thanks for your response!

ComboFix 09-03-02.03 - Private Maple Server 2009-03-03 16:46:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1792 [GMT -5:00]
Running from: c:\users\Private Maple Server\Downloads\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\setup.exe
c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll
c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\users\Private Maple Server\protect.dll
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll

----- BITS: Possible infected sites -----

hxxp://www.datingnoon.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 16:15 . 2009-03-03 16:15 <DIR> d-------- c:\program files\Panda Security
2009-03-03 16:15 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-03-01 15:56 . 2009-03-01 15:56 268 --ah----- C:\sqmdata02.sqm
2009-03-01 15:56 . 2009-03-01 15:56 244 --ah----- C:\sqmnoopt02.sqm
2009-03-01 10:40 . 2009-03-01 10:40 268 --ah----- C:\sqmdata01.sqm
2009-03-01 10:40 . 2009-03-01 10:40 244 --ah----- C:\sqmnoopt01.sqm
2009-02-28 20:48 . 2009-02-28 20:49 <DIR> d-------- c:\windows\cfig
2009-02-28 11:10 . 2009-02-28 11:10 <DIR> d-------- c:\users\Patrick\AppData\Roaming\Subversion
2009-02-23 16:55 . 2009-02-23 16:56 355,141,591 --a------ c:\windows\MEMORY.DMP
2009-02-21 03:10 . 2009-02-21 03:11 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-20 21:51 . 2009-02-20 21:52 <DIR> d-------- c:\users\Private Maple Server\AppData\Roaming\BitTorrent
2009-02-20 21:50 . 2009-02-22 16:38 <DIR> d-------- c:\users\Private Maple Server\AppData\Roaming\DNA
2009-02-20 21:50 . 2009-02-21 14:29 <DIR> d-------- c:\program files\DNA
2009-02-20 21:50 . 2009-02-20 21:50 <DIR> d-------- c:\program files\BitTorrent
2009-02-18 18:57 . 2009-02-26 16:25 3,854 --a------ C:\rollback.ini
2009-02-18 18:12 . 2009-03-03 17:11 31,833,120 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-18 18:12 . 2009-03-03 17:11 64,772 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-18 17:49 . 2009-02-18 17:49 <DIR> d-------- c:\users\All Users\MailFrontier
2009-02-18 17:49 . 2009-02-18 17:49 <DIR> d-------- c:\programdata\MailFrontier
2009-02-18 17:47 . 2008-08-21 20:41 72,592 --a------ c:\windows\zllsputility.exe
2009-02-18 17:44 . 2009-02-18 17:44 <DIR> d-------- c:\program files\Zone Labs
2009-02-18 17:44 . 2008-08-21 20:41 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-02-18 17:44 . 2008-02-22 23:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-02-18 17:44 . 2008-02-22 21:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-02-18 17:42 . 2009-02-26 16:27 <DIR> d-------- c:\windows\System32\ZoneLabs
2009-02-18 17:42 . 2009-03-03 17:13 349,222 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-02-18 17:42 . 2008-08-21 20:42 294,288 --a------ c:\windows\System32\drivers\vsdatant.sys
2009-02-18 17:41 . 2009-03-03 17:29 <DIR> d-------- c:\windows\Internet Logs
2009-02-18 17:41 . 2009-02-18 17:41 <DIR> d-------- c:\users\All Users\CheckPoint
2009-02-18 17:41 . 2009-02-18 17:41 <DIR> d-------- c:\programdata\CheckPoint
2009-02-14 22:04 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-14 22:04 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-14 22:04 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-14 22:04 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-14 22:04 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-14 10:45 . 2009-02-14 10:45 <DIR> d-------- c:\program files\AskBarDis
2009-02-11 15:44 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 15:44 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 16:54 . 2009-02-10 16:54 <DIR> d-------- c:\program files\Microsoft Virtual PC
2009-02-07 10:40 . 2009-02-07 10:42 <DIR> d-------- c:\program files\Hacker Evolution
2009-02-03 21:11 . 2009-02-03 21:12 <DIR> d-------- c:\program files\AssaultCube_v1.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 22:30 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\Skype
2009-03-03 22:29 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\skypePM
2009-03-02 21:34 --------- d-----w c:\programdata\Google Updater
2009-03-02 21:20 477,696 ----a-w c:\windows\Internet Logs\xDB9021.tmp
2009-03-02 21:20 2,178,048 ----a-w c:\windows\Internet Logs\xDB9630.tmp
2009-03-01 20:54 2,190,336 ----a-w c:\windows\Internet Logs\xDB8F3F.tmp
2009-03-01 20:36 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\uTorrent
2009-03-01 15:17 2,167,296 ----a-w c:\windows\Internet Logs\xDB96BD.tmp
2009-02-28 18:37 62,831 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_02_28_11_24_13_small.dmp.zip
2009-02-28 16:22 58,987 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_02_28_10_43_39_small.dmp.zip
2009-02-28 03:02 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 19:36 --------- d---a-w c:\programdata\TEMP
2009-02-22 23:02 54,656 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_02_22_16_20_42_small.dmp.zip
2009-02-21 19:27 1,530,368 ----a-w c:\windows\Internet Logs\xDB9F7B.tmp
2009-02-21 07:50 53,716 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_02_20_18_15_00_small.dmp.zip
2009-02-21 02:45 --------- d-----w c:\program files\BitComet
2009-02-19 20:50 --------- d-----w c:\program files\POL
2009-02-19 01:54 --------- d-----w c:\program files\HTV
2009-02-17 22:11 --------- d-----w c:\program files\Cheat Engine
2009-02-14 16:29 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\FrostWire
2009-02-14 15:45 --------- d-----w c:\program files\FrostWire
2009-02-13 08:32 --------- d-----w c:\program files\Google
2009-02-13 08:01 --------- d-----w c:\program files\Windows Mail
2009-02-07 17:19 --------- d-----w c:\program files\Pando Networks
2009-02-04 02:12 413,696 ----a-w c:\windows\System32\wrap_oal.dll
2009-02-04 02:12 110,592 ----a-w c:\windows\System32\OpenAL32.dll
2009-01-31 21:36 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\MySQL
2009-01-31 21:10 --------- d-----w c:\program files\OpenAL
2009-01-28 15:29 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\Hamachi
2009-01-25 22:47 296,028 ----a-w C:\WTFMs.zip
2009-01-25 19:55 --------- d-----w c:\programdata\Skype
2009-01-25 19:55 --------- d-----w c:\program files\Skype
2009-01-25 19:55 --------- d-----w c:\program files\Common Files\Skype
2009-01-25 19:54 22,260,008 ----a-w C:\SkypeSetup.exe
2009-01-25 19:53 2,249,512 ----a-w C:\SkypeInstaller-Beta.exe
2009-01-24 21:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-24 21:51 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-24 21:45 15,083,520 ----a-w C:\spybotsd160.exe
2009-01-23 04:52 --------- d-----w c:\program files\Inspiration 8
2009-01-23 04:52 --------- d-----w c:\program files\Game_Maker7
2009-01-23 04:52 --------- d-----w c:\program files\FPSC_BRG
2009-01-23 04:52 --------- d-----w c:\program files\Cain
2009-01-23 02:14 812,344 ----a-w C:\HJTInstall.exe
2009-01-23 02:14 --------- d-----w c:\program files\Trend Micro
2009-01-22 02:23 --------- d-----w c:\users\CleanAccount\AppData\Roaming\Webroot
2009-01-20 21:43 --------- d-----w c:\program files\Steam
2009-01-19 03:32 4,989 ----a-w C:\Disorderly_Hax-thegaiacheater.zip
2009-01-19 03:08 40,960 ----a-w C:\Sonny_2_Trainer.exe
2009-01-18 03:16 --------- d-----w c:\program files\Free SMTP Server
2009-01-18 03:15 785,029 ----a-w C:\freesmtp.zip
2009-01-17 03:14 51,659 ----a-w C:\HunterStory.zip
2009-01-16 15:05 376,832 ----a-w C:\Ter. War Online Trainer V1.5.exe
2009-01-16 14:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-15 16:39 --------- d-----w c:\program files\CCleaner
2009-01-15 16:36 368,643 ----a-w C:\ccsetup116.exe
2009-01-15 12:49 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 12:49 --------- d-----w c:\program files\Common Files\Futuremark Shared
2009-01-15 12:21 --------- d-----w c:\program files\ophcrack
2009-01-15 12:18 5,143,929 ----a-w C:\ophcrack-win32-installer-3.1.0.exe
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 18:43 --------- d-----w c:\program files\SystemRequirementsLab
2009-01-14 17:53 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-14 02:44 --------- d-----w c:\program files\Bethesda Softworks
2009-01-11 20:16 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\WinBatch
2009-01-11 20:16 --------- d-----w c:\program files\Motorola
2009-01-10 23:59 --------- d-----w c:\users\Private Maple Server\AppData\Roaming\DAEMON Tools
2009-01-10 23:59 --------- d-----w c:\programdata\acccore
2009-01-10 23:59 --------- d-----w c:\program files\YoutubeGet
2009-01-10 23:59 --------- d-----w c:\program files\Network Stumbler
2009-01-10 23:59 --------- d-----w c:\program files\Image-Line
2009-01-10 23:59 --------- d-----w c:\program files\Common Files\AOL
2009-01-10 23:59 --------- d-----w c:\program files\AIM6
2009-01-10 23:20 --------- d-----w c:\users\Patrick\AppData\Roaming\Malwarebytes
2008-09-28 19:37 1,410,497 ----a-w c:\program files\UnhSolutions.zip
2008-09-01 19:37 0 ----a-w c:\users\Private Maple Server\jagex_runescape_preferences.dat
2008-07-20 23:05 13 ---h--w c:\users\All Users\1ĚŘ13.sys
2008-07-20 23:05 13 ---h--w c:\programdata\1ĚŘ13.sys
2008-06-23 00:52 64,447,744 ----a-w c:\users\Private Maple Server\AC Web Ultimate Repack.exe
2008-06-23 00:43 23,510,720 ----a-w c:\users\Private Maple Server\dotnetfx.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-08-24 01:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-08-24 01:22 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-08-24 01:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-06-26 19:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008062620080627\index.dat
2008-05-17 18:47 13 --sh--r c:\windows\System32\drivers\fbd.sys
2008-05-17 18:47 4 --sh--r c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 22:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-02 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-07-02 136600]
"MeUiHelper"="c:\program files\GenevaLogic\Vision\XL\MeUiHlp.exe" [2008-09-15 214264]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 c:\windows\RtHDVCpl.exe]

c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Todo List.txt [2009-02-16 76]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F911591F-D659-40ed-B048-EB8F8E48AB00}"= "c:\windows\system32\MeAMHook.dll" [2008-09-15 140536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Users^Private Maple Server^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Private Maple Server^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Private Maple Server^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AbyssWebServer]
--a------ 2008-07-07 13:26 506425 c:\abyss web server\abyssws.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-01-11 20:32 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 12:09 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-02-20 21:50 321344 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
--a------ 2007-10-25 19:41 413696 c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 07:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2007-11-01 00:01 54608 c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-01-14 16:11 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-06-15 23:01 448080 c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 14:11 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-08-21 20:41 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{AF8EE775-91AB-4F1A-B2F9-1551C3EF567D}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{060FF1B2-3985-413F-940C-5E4E9FE1C736}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{189FEB68-B6DE-49E6-8AEC-E8E92A85C688}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{F295584D-A0DE-403A-9377-B72A2DAAC688}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{4EAB34D5-82B8-4B95-821B-C113D3DC6C92}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{6E768639-2ECC-4D3F-93DA-2779AE47177B}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{F2DEB1D8-5F95-4AEE-9452-C1CFC597B129}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{55F16B0C-B5B6-49A2-9DB9-E9007756FE57}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"{9C31DD69-C1A6-4C02-B9FE-2EFE357559C7}"= UDP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"{975AF31F-1D43-4446-9D64-1AF2C2C0F9DD}"= TCP:c:\program files\Microsoft Games\Age of Mythology\aomx.exe:Age of Mythology - The Titans Expansion
"TCP Query User{D76CF7EA-45A9-4DCA-8BE1-CC10F495BB47}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{72753404-1E54-4879-8ED9-51DA22534042}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{678CBB0B-A987-46A7-A017-730AF84A9CFE}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{BAAE6EBE-1EEB-4885-9350-5CEF5768380C}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"TCP Query User{78F3198E-B389-48C2-81D7-2AF30BA6675E}c:\\users\\private maple server\\desktop\\maplestoryserver\\debug\\maplestoryserver.exe"= UDP:c:\users\private maple server\desktop\maplestoryserver\debug\maplestoryserver.exe:maplestoryserver.exe
"UDP Query User{6763D0F6-43EB-4F99-BE3A-BD85B2826A65}c:\\users\\private maple server\\desktop\\maplestoryserver\\debug\\maplestoryserver.exe"= TCP:c:\users\private maple server\desktop\maplestoryserver\debug\maplestoryserver.exe:maplestoryserver.exe
"TCP Query User{959772C8-18C9-4BA8-BA74-31DD05A96B2F}c:\\users\\private maple server\\desktop\\maplestoryserver\\debug\\maplestoryserver.exe"= UDP:c:\users\private maple server\desktop\maplestoryserver\debug\maplestoryserver.exe:maplestoryserver.exe
"UDP Query User{25E08A12-BC8F-4D65-B8F7-E8544544FA82}c:\\users\\private maple server\\desktop\\maplestoryserver\\debug\\maplestoryserver.exe"= TCP:c:\users\private maple server\desktop\maplestoryserver\debug\maplestoryserver.exe:maplestoryserver.exe
"TCP Query User{00FCAC32-52F3-4166-A136-CD3EB12E2E30}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{107E494E-9B23-4756-AA1B-D0BAFDE2673B}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"{09B7B55E-04FA-42AA-BEE0-F744C71BCF1E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{F913FAAE-7501-4B20-B62A-6FF0B29CB624}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{3F013C17-F86D-49E3-BD9B-4C961851837C}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{91483DEE-14B6-4687-8DA3-B57D2A5ACC65}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{C4831EBA-70CA-4F23-9008-D2DA9996AB54}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C5626042-1031-4BAB-89F7-EB31463D0434}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{B8AD92C5-9EAD-430E-8906-757EFF906C19}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{17CF33B6-7AFF-4A63-A942-B2C586B1E41C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A5241339-C4A4-48AC-B007-4EC4770F6B7D}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EC827B33-8DCF-43CD-9E5E-94F1523000CB}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2913F39B-0738-419F-B2BB-18E88892C1AD}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{94E108CA-BC34-42FA-BDB7-EA131BF64F16}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{44E00344-4F76-4982-B8E1-AF1A06AB6B06}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{58A85E7F-4876-42B3-8FB4-D6295A4E726D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5C3D1BC9-8FFB-40DC-B652-7FB1DEAD3C7D}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{CAEE2354-3155-4DDB-AD29-99C204F74E40}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{62F2FC89-2F2D-4DE0-AA37-46FCD0230DB9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{57DE3F85-4326-49E3-81D9-AEEC284ED6A0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B2CC93A5-46AA-445D-815D-F278046F6E97}c:\\abyss web server\\abyssws.exe"= UDP:c:\abyss web server\abyssws.exe:Abyss Web Server X1
"UDP Query User{F87C0877-FEB2-4F9F-A766-2BDAB73AB521}c:\\abyss web server\\abyssws.exe"= TCP:c:\abyss web server\abyssws.exe:Abyss Web Server X1
"{FE114104-41D0-472E-8F85-EEBE2961AF8F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{804074D8-8E2E-4FA8-8818-56BB5D46B61D}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{6C49AC5A-42AF-47DC-AB8F-3C6D131E7907}c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"{293F042E-1D9D-4B32-82F0-FE17AB072F3E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5DDEBAA0-ED81-41AD-B09C-35E63EB2E55D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{DDF6A767-141D-401C-AFA8-92718989932A}c:\\abyss web server\\abyssws.exe"= UDP:c:\abyss web server\abyssws.exe:Abyss Web Server X1
"UDP Query User{04CD674F-683C-4EE6-8617-5D8BEED3C4C4}c:\\abyss web server\\abyssws.exe"= TCP:c:\abyss web server\abyssws.exe:Abyss Web Server X1
"TCP Query User{12A95F29-CAB4-4D4A-9CD1-BDF1E7152579}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{175D1D07-2B99-46E3-9E38-F72B26E4B86E}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{6B6A546F-5F97-4E43-8C14-1B13A0846231}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{6DEB7A26-AC94-400C-A392-7A14AF99468E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{34C79F4D-32C8-476E-AA63-C51AECA84F14}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{DDD3B943-FDBD-47A4-B7C5-A9E2E491981A}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{214977E8-8607-4FBF-8849-9E7F05C7DBD2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{9F3C379E-672F-4369-966D-C8519B54D996}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{5AFF8B2C-B049-4611-95D8-9BACA8F78DFB}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{449FECF0-B2B2-444C-99CE-44FF38D3FC93}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{1A61E386-3391-4CD1-ADCD-275E85A5A0D0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9B2C33BA-5275-4D3E-AC73-FBC429541903}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E733DFA4-A68B-44A0-98A5-49AC9DF9093A}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{9ABCA1CD-45CD-4B14-876F-3C9DDD06CDF6}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{25A78650-5742-470B-8418-80B930833551}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{8C113979-28DC-43EE-BAF8-57D9931A38A5}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{88B1E238-02A6-4BD6-8574-C5D9DD66B88C}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{73DD2339-B82F-4286-B287-4DC2A10D42C0}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2
"{27082032-7228-4245-981D-356E39C0ABA5}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{9F863C63-E530-4686-922A-7E736CE211B8}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{6B4AF3CD-520D-4BDA-BAC5-DD25EBCC51AB}"= UDP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (TCP-In)
"{49166D5B-A7D1-45C8-BB94-A4FD2466236E}"= TCP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (UDP-In)
"{7DC7A88C-A46F-490A-8425-0CCB13C9587C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{05916A91-A3D3-4B05-ADBD-FA41FAA27297}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{9F36CFDE-0369-406E-9293-3D8D87E22885}c:\\program files\\gamehouse games collection\\wheel of fortune\\wheel of fortune.exe"= UDP:c:\program files\gamehouse games collection\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"UDP Query User{FD6E598E-C6A8-4EDA-8FB5-F7E7B755D2D8}c:\\program files\\gamehouse games collection\\wheel of fortune\\wheel of fortune.exe"= TCP:c:\program files\gamehouse games collection\wheel of fortune\wheel of fortune.exe:Wheel of Fortune
"TCP Query User{9B665DF7-5E59-48E4-A175-B19BA1AE9C09}c:\\westwood\\ra2\\game.exe"= UDP:c:\westwood\ra2\game.exe:Main executable for Red Alert 2
"UDP Query User{720C3067-F8AE-420D-88E8-A97A8B1580C7}c:\\westwood\\ra2\\game.exe"= TCP:c:\westwood\ra2\game.exe:Main executable for Red Alert 2
"TCP Query User{8645B152-EE47-46EF-8367-90930AC45584}c:\\westwood\\ra2\\mph.exe"= UDP:c:\westwood\ra2\mph.exe:mph
"UDP Query User{9023E4B0-1D68-4256-8161-1F459D689FAB}c:\\westwood\\ra2\\mph.exe"= TCP:c:\westwood\ra2\mph.exe:mph
"TCP Query User{01B21C53-C443-4537-8E8C-38BE3ABBA584}c:\\westwood\\ra2\\mph.exe"= UDP:c:\westwood\ra2\mph.exe:mph
"UDP Query User{00B9CAEB-1BEB-4359-A1A3-D640AA166594}c:\\westwood\\ra2\\mph.exe"= TCP:c:\westwood\ra2\mph.exe:mph
"{A45411F7-4637-4F30-A455-65ED6B857E95}"= UDP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (TCP-In)
"{A929D930-E921-4E00-A6F9-585788FD4589}"= TCP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (UDP-In)
"{5808DE84-503A-4EED-94EF-361DE30F989E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B9B851D8-312F-4561-973D-F0E3A94AF5C7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{9293F6FC-CF7B-4354-A97D-3890CD2EE105}"= UDP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (TCP-In)
"{303F6726-4899-46C2-862B-9EE3F70CC49D}"= TCP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (UDP-In)
"{F71ADED4-B151-4223-8B89-B63A92B49270}"= TCP:60003:LocalSubnet:LocalSubnet:Vision ThinShare Multipoint Connection
"{362AFF62-2E01-46C0-BBCB-DCC91A4DC5A1}"= UDP:60003:LocalSubnet:LocalSubnet:Vision ThinShare Peer-to-peer Connection
"{9E92BF7E-D7A9-4B66-AC93-FB023BE2EE32}"= UDP:c:\program files\GenevaLogic\Vision\Plugins\Chat\MChat.exe:PRODNAME_CHAT
"{CC384D59-4BCD-4896-B9A1-67D782C7DED1}"= TCP:c:\program files\GenevaLogic\Vision\Plugins\Chat\MChat.exe:PRODNAME_CHAT
"{6910C0B7-4C25-4017-8E1E-EEF1D4CBBE37}"= UDP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\SSView.exe:Gallery Viewer
"{8EA38DA4-4A2C-4954-94D5-23DC44A2A6B3}"= TCP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\SSView.exe:Gallery Viewer
"TCP Query User{41EB089C-1593-4137-8B34-8A8B6243C894}c:\\program files\\nc99\\maple messenger\\messengerclient.exe"= UDP:c:\program files\nc99\maple messenger\messengerclient.exe:Messenger Software
"UDP Query User{4940370D-0C63-4A7A-B6CC-DF901A978A8C}c:\\program files\\nc99\\maple messenger\\messengerclient.exe"= TCP:c:\program files\nc99\maple messenger\messengerclient.exe:Messenger Software
"{19C8895A-8BC1-425B-A387-A131EB548E6D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{8C73D151-A041-4343-A2E8-843AC6E4F307}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1B1CA229-DC6B-4088-ABCE-861E747454FF}"= UDP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (TCP-In)
"{171E8249-CD00-4751-9917-9368266F1A7A}"= TCP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (UDP-In)
"{F689CCF2-372E-4544-8346-FA81092C1D01}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{2E566600-112B-4A8E-A15C-A64B5BD4A429}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{6240463C-D207-4842-B71B-49FA62BEC102}c:\\program files\\the game creators\\fps creator x10\\fpscreator.exe"= UDP:c:\program files\the game creators\fps creator x10\fpscreator.exe:Editor
"UDP Query User{E2126125-DCDF-4A3A-B202-7EC2568F8D3C}c:\\program files\\the game creators\\fps creator x10\\fpscreator.exe"= TCP:c:\program files\the game creators\fps creator x10\fpscreator.exe:Editor
"TCP Query User{D6A68B1D-D869-4960-9059-FDC1AD149DB6}c:\\program files\\the game creators\\fps creator x10\\fpscreator.exe"= UDP:c:\program files\the game creators\fps creator x10\fpscreator.exe:FPS Creator X10
"UDP Query User{52774409-90A4-4FB3-AD0E-32624D969E21}c:\\program files\\the game creators\\fps creator x10\\fpscreator.exe"= TCP:c:\program files\the game creators\fps creator x10\fpscreator.exe:FPS Creator X10
"{A212E9B8-5622-498E-9E03-46355AF7DD1D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{112F6573-D157-424E-905E-2428C7BBA207}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD978977-1723-4A7E-B9FB-721A6F7E2A10}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{B4809453-8C03-492A-8DB9-07D2587C9E11}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{FE895E0D-6DCE-4362-83B6-A6BBE1AD5B0D}c:\\program files\\tencent\\qq games\\qqgames.exe"= UDP:c:\program files\tencent\qq games\qqgames.exe:QQ Games
"UDP Query User{19D7364A-A3D1-4AEB-B58E-D7C418542145}c:\\program files\\tencent\\qq games\\qqgames.exe"= TCP:c:\program files\tencent\qq games\qqgames.exe:QQ Games
"{8726FC37-2FE8-4643-9933-844BC4593EF4}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{25822B74-21F2-4CE5-8C07-480A670F44D2}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{2C123A52-D2E9-45F7-A573-173D20951960}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{2BEC8BB9-BE01-4376-AEFC-9ADB23D95F47}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{60D10066-00FA-4FEF-97B2-1A034CBE450B}c:\\users\\public\\downloads\\aoe2\\age2_x1.exe"= UDP:c:\users\public\downloads\aoe2\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{1389BA97-450D-4AE5-96AC-2470C067EF2B}c:\\users\\public\\downloads\\aoe2\\age2_x1.exe"= TCP:c:\users\public\downloads\aoe2\age2_x1.exe:Age of Empires II Expansion
"TCP Query User{FEDCEC9A-CDAC-48B6-8C97-30B3513A5B39}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{8ECDBCD3-E1EF-4F8F-AC81-782B2EEEC45E}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{00A77582-591F-448E-B9B1-8883F44F4AD7}"= UDP:27221:BitComet 27221 TCP
"{B7434DE3-906D-433D-ABD7-F0D8BBC2B4F0}"= TCP:27221:BitComet 27221 UDP
"TCP Query User{7186D5F0-3FC6-4EC0-90D3-969625EAEC15}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{5AB372D7-BCA6-4C27-A4EA-C517273DEE5D}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{8755E577-B272-4751-B762-FB9C33754E50}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{AC4B65BF-68E3-4618-B57F-5804AFF2C63D}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"{74ADDEC3-22C0-4B6A-9ACA-AB14E6629D14}"= UDP:27221:BitComet 27221 TCP
"{BFB1F02C-DAFC-499A-B29C-6F9F21E84856}"= TCP:27221:BitComet 27221 UDP
"TCP Query User{C390C0B0-F36F-4B2B-9AFC-D63B8D3C06E1}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{884C1458-56D2-4674-86A6-43B3245F7EC3}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{06F0496C-5043-469C-A0AC-A67F9E68303F}c:\\program files\\free smtp server\\localsrv.exe"= UDP:c:\program files\free smtp server\localsrv.exe:localsrv
"UDP Query User{F2D411B0-E94E-44AF-B02B-4D72A69957B0}c:\\program files\\free smtp server\\localsrv.exe"= TCP:c:\program files\free smtp server\localsrv.exe:localsrv
"TCP Query User{7CA35D7C-3CB3-41D8-A181-4429149B6764}c:\\windows\\services.exe"= UDP:c:\windows\services.exe:services
"UDP Query User{249C826B-381E-4543-8AF6-DA381C922D26}c:\\windows\\services.exe"= TCP:c:\windows\services.exe:services
"{38E30668-78C9-4800-B5A9-0C2B7C8D5FF9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BD292EA9-3B47-4406-98BC-54C1005A7C62}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6C37AEA5-B367-4113-AB8F-8444052288D7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{E2440494-67C6-4D79-8DA9-22AE956FE6B5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{39C7963F-3BD8-48FA-B217-08D6924E491A}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{0D0F4B0E-EA22-42C4-BE92-34174244A175}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FA4A756F-4E66-47D7-A7CE-49ACE9A5FB62}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{76C17C02-2004-4B87-A5ED-0C1FF844A28F}"= UDP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (TCP-In)
"{CED011F0-6171-4FA9-BC41-5CF9118C3D6B}"= TCP:c:\users\Private Maple Server\Desktop\utorrent.exe:µTorrent (UDP-In)
"{4C4AC8B7-7FDC-4F60-8CDD-DFAC6B3ABF64}"= TCP:60003:Vision ThinShare Multipoint Connection
"{228605EC-55F8-4CFD-B2DA-36519CEA187F}"= UDP:60003:Vision ThinShare Peer-to-peer Connection
"{7505F04C-9915-43ED-8AEA-C78E63802C9F}"= UDP:c:\program files\GenevaLogic\Vision\Plugins\Chat\MChat.exe:PRODNAME_CHAT
"{E54111A2-DE09-476D-9E6F-B7C4A11E71D6}"= TCP:c:\program files\GenevaLogic\Vision\Plugins\Chat\MChat.exe:PRODNAME_CHAT
"{770EB0E7-D56C-471D-8A52-7C01446F8E25}"= UDP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\SSView.exe:Gallery Viewer
"{53D48EAB-DE7C-4C5E-9365-052295A2E4E5}"= TCP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\SSView.exe:Gallery Viewer
"{43507191-0E1F-41C7-B386-B117D1F957E4}"= UDP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\MPointer.exe:PRODNAME_POINTER
"{BCCFC10E-EA98-4CC3-8131-D764A30A22ED}"= TCP:c:\program files\GenevaLogic\Vision\Plugins\Pointer\MPointer.exe:PRODNAME_POINTER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-03-03 28544]
R1 MENET;MENET;c:\windows\System32\drivers\MeNet.sys [2008-09-15 47864]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-21 170640]
R2 MeSuWTS;Vision WTS Helper;c:\program files\GenevaLogic\Vision\XL\mesuwts.exe [2008-09-15 169208]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-24 809296]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-15 185640]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-02-15 36368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2008-02-13 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2008-11-21 15504]
R3 meddmrr;meddmrr;c:\windows\System32\drivers\meddmrr.sys [2008-09-15 4608]
R3 mekbd;mekbd;c:\windows\System32\drivers\mekbd.sys [2008-09-28 11264]
R3 memice;memice;c:\windows\System32\drivers\memice.sys [2008-09-28 10240]
S2 gupdate1c95ca0bb9d2a0;Google Update Service (gupdate1c95ca0bb9d2a0);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2008-02-15 52240]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-05-17 648456]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PAVBOOT
*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d706ac-786e-11dd-97de-001e3334ebfc}]
\shell\AutoRun\command - F:\autorun.exe
\shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef6555d9-7716-11dd-9a2f-001e3334ebfc}]
\shell\AutoRun\command - E:\FalloutLauncher.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 03:32]

2009-03-02 c:\windows\Tasks\wrSpySweeper_LCBA29C988EC0480DACAB1FA1609904F1.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 19:56]

2009-03-02 c:\windows\Tasks\wrSpySweeper_LCBA29C988EC0480DACAB1FA1609904F1.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 19:56]

2009-03-02 c:\windows\Tasks\wrSpySweeper_LCBA29C988EC0480DACAB1FA1609904F1.job
- C:\ [2009-03-03 17:10]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-POL Agent - c:\program files\POL\POL.exe
HKLM-Run-autochk - c:\windows\system32\autochk.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/admissions/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Private Maple Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\glsphost.dll
Trusted Zone: masterjakeonline.com\www
TCP: {1A6FA18D-A133-4F0D-A48E-F7827E031C06} = 68.87.72.130,68.87.77.130
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\users\Private Maple Server\AppData\Roaming\Mozilla\Firefox\Profiles\3pb5enhm.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
1 file(s) moved.
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 17:30:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\PRIVAT~1\AppData\Local\Temp\~DFCF14.tmp
c:\users\PRIVAT~1\AppData\Local\Temp\~DFD011.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4720)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\MeAMHook.dll
c:\progra~1\MICROS~2\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\nexon\Newest Maplestory\npkcmsvc.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\GenevaLogic\Vision\XL\MeSuAx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows NT\Accessories\wordpad.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\taskmgr.exe
c:\program files\Windows Defender\MpCmdRun.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-03-03 17:42:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 22:41:42

Pre-Run: 6,632,402,944 bytes free
Post-Run: 6,647,373,824 bytes free

589 --- E O F --- 2009-03-03 00:02:40

Edited by Billy O'Neal, 03 March 2009 - 05:54 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:43 PM

Posted 03 March 2009 - 06:09 PM

Hello, Iownyoujk

Also it deleted autochk.ddl,is the the autorun feature

That file is not part of windows, and has nothing to do with autorun. The legitimate C:\Windows\System32\Autochk.exe is part of chkdsk.

You have several NEXON components installed on this machine. See here-> http://www.systemlookup.com/CLSID/56418-tb...tbNex1_dll.html

Would you like me to remove those? Note -- Nexon is the maker of Maple Story.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 03 March 2009 - 06:56 PM

I don't want to remove them,unless it will effect my computer speed.Anyway, does my computer seem clean now?

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:43 PM

Posted 04 March 2009 - 11:56 PM

Hello, Iownyoujk
Can you please explain what exactly you are doing with Cain and Ophcrack?

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/205746/am-i-infected/
    suspect::
    c:\windows\system32\glsphost.dll
    folder::
    c:\program files\AskBarDis
    DDS::
    Trusted Zone: masterjakeonline.com\www
    TCP: {1A6FA18D-A133-4F0D-A48E-F7827E031C06} = 68.87.72.130,68.87.77.130
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{34C79F4D-32C8-476E-AA63-C51AECA84F14}c:\\program files\\cain\\cain.exe"=-
    "UDP Query User{DDD3B943-FDBD-47A4-B7C5-A9E2E491981A}c:\\program files\\cain\\cain.exe"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"=-
    "DoNotAllowExceptions"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"=-
    "DoNotAllowExceptions"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 05 March 2009 - 01:58 PM

Billy,

I used it once for the legal purpose of recovering my password that I forgot.I went on vacation for awhile and then when I came back I couldn't remember my password. I was suggested to use cain, so I did. I first tried ophcrack which didn't work for me so then I was suggested to use cain. I have forgot to remove them.

I uploaded the combofix.txt

Thanks for your help so far! :thumbup2:

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:43 PM

Posted 06 March 2009 - 05:20 PM

Hello :)

I uploaded the combofix.txt


Err.. nope I don't see it :thumbup2:
You're welcome :D

Billy3

Edited by Billy O'Neal, 06 March 2009 - 05:20 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 07 March 2009 - 06:20 PM

oops sorry :step1: , thought I uploaded it. :step4:

Uh,here it is.. :)

Hope everythings cleared! :thumbup2:

Attached Files



#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:43 PM

Posted 08 March 2009 - 03:13 PM

Hello, Iownyoujk

Hope everythings cleared!

Not quite :thumbup2:

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Iownyoujk

Iownyoujk
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 08 March 2009 - 05:43 PM

Thats weird, I didn't get an extra.txt, but I got the OTListIt2.txt

So hows it look?

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users