Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde/Vundo and some BHO


  • This topic is locked This topic is locked
8 replies to this topic

#1 Myrthin

Myrthin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 16 June 2009 - 02:12 PM

I've been battling Vundo for a while now and I have decided to go to someone who knows more than me. I've been using Malwarebytes' Anti-Malware, super anti-spyware, and spybot search and destroy. It seems like I clean everything up every time, and it comes back within 24 hours. Here is the things required before posting a HJT log.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Myrthin at 13:57:45.75 on Tue 06/16/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1242 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe -k podmena
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Myrthin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070626
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070626
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070626
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {247FA090-AF55-45B4-9863-A778AA151F30} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4EEAF7B5-7FB0-4ABD-9A4C-2A882F7C4178} - No File
BHO: {6f589ae8-7111-467f-9326-6ac42b101b2c} - c:\windows\system32\yayxwtrS.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {a4f298d0-b4e9-4352-a262-2cb0d5f12aab} - c:\windows\system32\vtUkiHwU.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DBF16C14-483B-4AFE-9432-2B62B445E81A} - No File
BHO: {dddd878f-152a-4d2c-bbf8-453303f11c70} - c:\windows\system32\hgGvwttU.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [MSServer] rundll32.exe c:\windows\system32\hgGvwttU.dll,#1
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\users\myrthin\appdata\roaming\micros~1\windows\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\users\myrthin\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {DFBA2700-1854-4BA2-BDE7-9A222792D028} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {dddd878f-152a-4d2c-bbf8-453303f11c70} - c:\windows\system32\hgGvwttU.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\myrthin\appdata\roaming\mozilla\firefox\profiles\r2oal8qs.default\
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 podmenadrv;podmenadrv;c:\program files\podmena\podmena.sys [2009-6-16 9472]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 podmena;podmena;c:\windows\system32\svchost.exe -k podmena [2008-5-20 21504]
R3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-6-26 5504]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2005-12-4 34944]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\MA111nd5.sys [2004-3-3 666624]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

=============== Created Last 30 ================

2009-06-16 13:46 <DIR> --d----- c:\program files\Trend Micro
2009-06-16 13:30 2 ----h--- c:\windows\zaponce52621.dat
2009-06-16 13:30 2 ----h--- c:\windows\zaponce52689.dat
2009-06-16 12:18 48,640 a------- c:\windows\system32\ohrterxg.dll
2009-06-16 00:16 <DIR> --d----- c:\program files\podmena
2009-06-16 00:16 2 ----h--- c:\windows\zaponce53584.dat
2009-06-16 00:16 2 ----h--- c:\windows\zaponce53652.dat
2009-06-16 00:15 159 a------- C:\d45.bat
2009-06-16 00:15 48,640 a------- c:\windows\system32\bhfypwmw.dll
2009-06-09 21:25 <DIR> --d----- c:\program files\Akram
2009-05-30 21:44 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-05-30 21:44 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-05-30 21:44 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-05-30 21:43 <DIR> --d----- c:\program files\common files\NSV
2009-05-28 14:07 <DIR> --d----- c:\users\myrthin\Mary_Stewart_-_[Merlin_01]_-_The_Crystal_Cave_[html,_jpg]
2009-05-28 09:20 155,648 a------- c:\windows\system32\myxijwlp.exe
2009-05-27 21:20 155,648 a------- c:\windows\system32\rorxavml.exe
2009-05-24 12:58 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-24 12:58 88 ---shr-- c:\windows\system32\597C784D5B.sys
2009-05-24 12:57 <DIR> --d----- c:\programdata\Corel
2009-05-24 12:57 <DIR> --d----- c:\progra~2\Corel
2009-05-24 12:54 <DIR> --d----- c:\program files\Corel
2009-05-24 12:54 <DIR> --d----- c:\program files\common files\Corel
2009-05-23 11:24 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-06-16 13:16 87,040 a--sh--- c:\windows\system32\dupegudi.dll
2009-06-16 01:16 87,040 a--sh--- c:\windows\system32\juzojeva.dll
2009-06-16 01:16 15,360 a--sh--- c:\windows\system32\vububuko.exe
2009-06-16 00:15 15,360 a--sh--- c:\windows\system32\litudiga.exe
2009-05-15 16:22 0 a------- C:\ntuser.dat
2009-05-13 23:50 8,366,880 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-13 23:50 113,132 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-30 23:43 32,463 a------- c:\windows\system32\ForceBindIP-Uninstaller.exe
2009-04-26 15:16 238,206,587 a------- c:\windows\DUMP3f6f.tmp
2009-04-26 13:56 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-10 13:57 86,016 a------- c:\windows\inf\infstor.dat
2009-04-10 13:57 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 13:57 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-29 23:52 22,328 a------- c:\users\myrthin\appdata\roaming\PnkBstrK.sys
2008-07-20 18:55 708,663 a------- c:\users\myrthin\pbsetup.zip
2008-06-11 04:10 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-20 22:56 174 a--sh--- c:\program files\desktop.ini
2008-02-20 06:29 32 a----r-- c:\programdata\hash.dat
2008-02-20 06:29 32 a----r-- c:\progra~2\hash.dat
2008-02-17 15:58 53,248 a------- c:\users\myrthin\AutoClick.exe
2008-01-25 05:04 325,168 a------- c:\users\myrthin\RealPlayer11GOLD.exe
2007-12-31 00:20 32 a------- c:\programdata\ezsid.dat
2007-12-31 00:20 32 a------- c:\progra~2\ezsid.dat
2007-02-01 18:02 313,344 a------- c:\users\myrthin\hjsplit.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2004-12-07 10:11 258,352 a------- c:\users\myrthin\unicows.dll
1999-07-06 19:00 6 ---shr-- c:\windows\@@desktop.dat
2008-07-21 18:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-21 18:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-21 18:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 13:58:13.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:01 PM

Posted 17 June 2009 - 05:52 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Myrthin

Myrthin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 17 June 2009 - 03:07 PM

I needed to use my computer last night and since the trojans were causing me problems, I did some work of my own on them. At the moment, everything seems clear. I said at the very top of my post that I use Malewarebytes already, so here is the log of that (though it didn't find anything). And here is that fresh hijackthis. Please take a look at that for me.

Malwarebytes' Anti-Malware 1.37
Database version: 2291
Windows 6.0.6001 Service Pack 1

6/17/2009 3:06:06 PM
mbam-log-2009-06-17 (15-06-06).txt

Scan type: Quick Scan
Objects scanned: 88099
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:57 PM, on 6/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {059200B6-6D5F-4ED6-9F88-3CE803FEE29B} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {247FA090-AF55-45B4-9863-A778AA151F30} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {4EEAF7B5-7FB0-4ABD-9A4C-2A882F7C4178} - (no file)
O2 - BHO: (no name) - {5101CDCE-A33B-4D34-9AB8-A062A3E184B4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F589AE8-7111-467F-9326-6AC42B101B2C} - C:\Windows\system32\yayxwtrS.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A4F298D0-B4E9-4352-A262-2CB0D5F12AAB} - C:\Windows\system32\vtUkiHwU.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DBF16C14-483B-4AFE-9432-2B62B445E81A} - (no file)
O2 - BHO: (no name) - {DDDD878F-152A-4D2C-BBF8-453303F11C70} - C:\Windows\system32\hgGvwttU.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1714620093-3741861214-3663906681-1000\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFBA2700-1854-4BA2-BDE7-9A222792D028}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13148 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:01 PM

Posted 17 June 2009 - 04:49 PM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Myrthin

Myrthin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 19 June 2009 - 10:35 AM

Thank you for your continued help. Here is the requested log.

ComboFix 09-06-18.02 - Myrthin 06/19/2009 9:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1201 [GMT -5:00]
Running from: c:\users\Myrthin\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1714620093-3741861214-3663906681-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500\desktop.ini
c:\$recycle.bin\S-1-5-21-1714620093-3741861214-3663906681-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\gfLllnpo.ini
c:\windows\system32\UwHikUtv.ini
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PODMENADRV


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 15:11 . 2009-06-19 15:11 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\Temp
2009-06-17 20:19 . 2009-03-03 04:40 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-06-17 03:12 . 2009-06-17 03:12 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 18:46 . 2009-06-16 18:46 -------- d-----w- c:\program files\Trend Micro
2009-06-12 05:08 . 2009-06-12 05:08 -------- d-----w- c:\users\Myrthin\AppData\Local\Blizzard Entertainment
2009-06-10 02:25 . 2009-06-10 02:44 -------- d-----w- c:\program files\Akram
2009-06-08 04:22 . 2009-06-08 04:22 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-31 03:01 . 2009-05-31 03:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-31 03:01 . 2009-05-31 03:01 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2009-05-31 02:44 . 2009-05-31 02:44 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-31 02:44 . 2009-05-31 02:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-05-31 02:44 . 2009-05-31 02:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-31 02:44 . 2009-05-31 02:44 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-05-31 02:43 . 2009-05-31 03:00 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-05-31 02:43 . 2009-05-31 02:43 -------- d-----w- c:\program files\Common Files\NSV
2009-05-31 02:41 . 2009-05-31 02:59 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-05-31 02:40 . 2009-05-31 02:40 -------- d-----w- c:\program files\Microsoft SDKs
2009-05-29 15:05 . 2009-05-29 15:05 390664 ----a-w- c:\users\Myrthin\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-28 19:07 . 2009-05-28 19:08 -------- d-----w- c:\users\Myrthin\Mary_Stewart_-_[Merlin_01]_-_The_Crystal_Cave_[html,_jpg]
2009-05-28 14:20 . 2009-05-28 14:20 155648 ----a-w- c:\windows\system32\myxijwlp.exe
2009-05-28 02:20 . 2009-05-28 02:20 155648 ----a-w- c:\windows\system32\rorxavml.exe
2009-05-24 17:58 . 2009-06-15 05:09 -------- d-----w- c:\users\Myrthin\AppData\Local\Corel
2009-05-24 17:58 . 2009-06-15 04:45 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-24 17:58 . 2009-05-24 17:58 88 --sh--r- c:\windows\system32\597C784D5B.sys
2009-05-24 17:57 . 2009-05-24 17:58 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Corel
2009-05-24 17:57 . 2009-05-24 17:57 -------- d-----w- c:\programdata\Corel
2009-05-24 17:54 . 2009-05-24 17:55 -------- d-----w- c:\program files\Common Files\Corel
2009-05-24 17:54 . 2009-05-24 17:54 -------- d-----w- c:\program files\Corel
2009-05-23 16:24 . 2009-06-17 01:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-23 00:26 . 2009-03-09 16:34 971776 ----a-w- c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 15:13 . 2007-08-12 23:26 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Skype
2009-06-19 15:12 . 2009-04-10 15:52 117760 ----a-w- c:\users\Myrthin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-19 15:12 . 2007-08-27 03:58 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Hamachi
2009-06-19 15:11 . 2007-08-12 23:45 -------- d-----w- c:\program files\Steam
2009-06-19 14:56 . 2007-12-31 05:20 -------- d-----w- c:\users\Myrthin\AppData\Roaming\skypePM
2009-06-19 14:53 . 2007-08-19 06:27 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Azureus
2009-06-18 23:09 . 2007-08-19 03:15 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Free Download Manager
2009-06-17 03:12 . 2009-05-16 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 01:13 . 2007-11-28 23:18 -------- d-----w- c:\program files\Sun
2009-06-17 01:13 . 2007-06-26 10:02 -------- d-----w- c:\program files\Java
2009-06-17 00:32 . 2009-01-30 01:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-16 18:46 . 2007-09-17 04:38 -------- d-----w- c:\program files\Common Files\Steam
2009-06-08 05:56 . 2008-02-04 03:32 -------- d-----w- c:\users\Myrthin\AppData\Roaming\mIRC
2009-06-08 05:52 . 2008-02-04 03:32 -------- d-----w- c:\program files\mIRC
2009-06-01 18:44 . 2008-09-10 20:05 -------- d-----w- c:\program files\Electronic Arts
2009-05-31 03:01 . 2009-04-27 05:29 -------- d-----w- c:\programdata\Microsoft Help
2009-05-26 18:20 . 2009-05-16 16:41 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-05-16 16:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 01:17 . 2007-11-28 23:23 -------- d-----w- c:\users\Myrthin\AppData\Roaming\StarOffice8
2009-05-25 01:17 . 2007-11-28 23:25 1 ----a-w- c:\users\Myrthin\AppData\Roaming\StarOffice8\user\uno_packages\cache\stamp.sys
2009-05-16 16:41 . 2009-05-16 16:41 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Malwarebytes
2009-05-16 16:41 . 2009-05-16 16:41 -------- d-----w- c:\programdata\Malwarebytes
2009-05-16 16:30 . 2008-08-13 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-05-16 16:23 . 2009-05-16 16:23 -------- d-----w- c:\users\Myrthin\AppData\Roaming\TrojanHunter
2009-05-16 15:40 . 2007-11-07 02:21 1356 ----a-w- c:\users\Myrthin\AppData\Local\d3d9caps.dat
2009-05-15 23:11 . 2009-05-15 23:11 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 21:22 . 2009-05-15 21:22 0 ----a-w- C:\ntuser.dat
2009-05-15 18:00 . 2008-01-07 00:08 -------- d-----w- c:\users\Myrthin\AppData\Roaming\DAEMON Tools
2009-05-15 18:00 . 2007-08-19 21:38 -------- d-----w- c:\users\Myrthin\AppData\Roaming\Winamp
2009-05-14 05:06 . 2009-05-10 16:30 -------- d-----w- c:\programdata\ParetoLogic
2009-05-14 05:06 . 2009-05-10 16:30 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-05-14 04:50 . 2009-05-10 16:46 8366880 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-14 04:50 . 2009-05-10 16:46 113132 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-10 18:02 . 2008-08-13 00:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-10 16:30 . 2009-05-10 16:30 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-05-07 11:22 . 2009-05-07 11:22 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter
2009-05-07 00:45 . 2009-05-07 00:45 -------- d-----w- c:\program files\YouTube Downloader
2009-05-01 18:51 . 2009-04-26 17:05 -------- d-----w- c:\program files\EA GAMES
2009-05-01 04:43 . 2009-05-01 04:43 32463 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe
2009-04-28 04:29 . 2007-10-02 08:38 -------- d-----w- c:\program files\DivX
2009-04-28 04:28 . 2009-04-28 04:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-27 05:40 . 2007-08-12 22:56 123840 ----a-w- c:\users\Myrthin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-27 05:36 . 2009-04-27 05:36 -------- d-----w- c:\program files\Microsoft Works
2009-04-27 05:34 . 2009-04-27 05:34 -------- d-----w- c:\program files\Microsoft.NET
2009-04-27 05:34 . 2009-04-10 18:29 -------- d-----w- c:\users\Myrthin\AppData\Roaming\GetRightToGo
2009-04-26 20:16 . 2009-04-07 19:40 238206587 ----a-w- c:\windows\DUMP3f6f.tmp
2009-04-26 18:56 . 2009-04-26 18:56 -------- d-----w- c:\program files\Hamachi
2009-04-26 18:56 . 2009-04-26 18:56 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-24 16:05 . 2009-06-17 20:20 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-17 20:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-17 20:20 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-17 20:19 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-17 20:20 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-17 20:20 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:31 . 2009-05-01 18:51 729088 ----a-w- c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-15 20:31 . 2009-05-01 18:51 1099128 ----a-w- c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 03:33 . 2007-09-28 03:54 7114736 ----a-w- c:\users\Myrthin\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe
2009-03-28 22:10 . 2009-03-28 22:10 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat
2007-06-26 17:51 . 2007-06-26 17:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 17:35 536576 ----a-w- c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-13 1217784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 110592]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-17 1830128]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 185896]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-13 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2006-11-28 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-11-28 28672]

c:\users\Myrthin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-4-26 625952]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-8-23 557568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-26 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTXFIREG"=CTxfiReg.exe
"CTxfiHlp"=CTXFIHLP.EXE
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"UpdReg"=c:\windows\UpdReg.EXE
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB9B0FFC-D1C7-4D9B-B9EA-FE9DABF208DA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{00CE5484-9C72-4A61-980E-1B56338FB62A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{4ECF86E7-DC69-4F48-B620-F5BB83AE38BE}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{AB31BF60-7CBA-4F8A-AAE0-8D7F705DD16C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{8A6AC5CD-A47A-4F7E-8F29-6806984EA76F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{809DFCAD-DAD2-478D-94C0-3B11A0464FC8}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{3A107B3E-3B3A-4918-BE98-52E8579A2BB3}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{9472CE2F-342B-45AB-864B-E087C9D43653}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{16B7C522-7196-45EF-AE1F-AE71FA3718D9}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A29091BE-E0FE-4859-B003-F60FF1345A50}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AADCB61A-F626-404C-8ED8-296297534079}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FEB31708-F6A4-427D-AABE-906A86494D4F}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{46F51DD5-FC7C-4854-AC47-28A2EA52AFF2}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{9127B659-0A38-4657-A744-4A916577D54E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{44B0C0B0-FC0E-4619-9DA9-8554ECD6BA9A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7D72D013-ADAC-4F4A-ACED-F7AB1FD40794}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{05920F05-6E0A-4DED-B808-F9158F444160}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{38F54778-A087-4410-9125-8EA2401DC6C5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{01A2C5F6-D716-4B3E-975C-D4FEE71C2C06}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{0F49C003-3FAA-455D-BB12-0FC84C51A502}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{D2D15FD8-9DB7-49E8-87AB-31CCF0C75699}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{E82F7B0A-63BB-40FA-8CC2-4E55E10FCF7F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{0BDEBE26-BBEF-4CB7-8E29-DE0353E246E2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0117CEF2-802C-4F37-BC0E-FD3846920D10}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{1BCE5913-C548-4923-8AFF-AF8E1611356B}c:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:c:\program files\thq\dawn of war\w40k.exe:W40k
"UDP Query User{261FCCAD-6400-4D80-8BD5-4E675688ABBD}c:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:c:\program files\thq\dawn of war\w40k.exe:W40k
"TCP Query User{7EAA5EE8-E8FD-4AAE-B752-2C7D07E45072}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe"= UDP:c:\program files\thq\darkcrusade\darkcrusade.exe:DarkCrusade
"UDP Query User{CE846DC6-899E-4F59-AEDD-48395E9D0B7A}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe"= TCP:c:\program files\thq\darkcrusade\darkcrusade.exe:DarkCrusade
"TCP Query User{EE3F1033-EED9-4D33-9274-A3FA9B2BCB90}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{D32BC3B7-3719-47E1-BB1A-068E2330DA59}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{98422E76-94E6-495D-9010-445616178617}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{9C4F140C-D300-4649-859B-81CBF66FC8D2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{8C6A926C-9934-4DF8-AB46-8A8B2FECC74E}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\garrysmod\hl2.exe:hl2
"UDP Query User{8A45D593-2383-4F4A-B056-2C5E07340C1F}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\garrysmod\hl2.exe:hl2
"TCP Query User{49E0E124-9439-4EC0-80CB-77720ACBC3D0}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{922439BC-2AD3-436C-8D7D-FF06AA6188DE}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{081A74AD-CE1B-46F3-B9E2-107AED31F7FC}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\garrysmod\hl2.exe:hl2
"UDP Query User{5E4BB15A-6A99-4B46-BA6B-6D575419035D}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\garrysmod\hl2.exe:hl2
"TCP Query User{03C6BB91-F3A5-43C6-8090-CCBDB12C73DA}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{2FBEC3D4-1590-4621-BDB4-00551BF6EC51}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\counter-strike source\hl2.exe:hl2
"TCP Query User{2AEC7965-EF3E-4313-A3A9-840713D01C71}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\team fortress 2\hl2.exe:hl2
"UDP Query User{7BBA4301-FB39-475A-876F-10009CA7250B}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\team fortress 2\hl2.exe:hl2
"TCP Query User{F0563BEF-D7FE-49DD-987E-6206F76FB5DC}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\team fortress 2\hl2.exe:hl2
"UDP Query User{FC2A4668-828F-4A93-BB61-5572DABA621F}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\team fortress 2\hl2.exe:hl2
"TCP Query User{B36B87CB-B2A3-4C83-AC88-09B28645B65D}c:\\program files\\steam\\steam.exe"= UDP:c:\program files\steam\steam.exe:Steam
"UDP Query User{658CACDB-52A6-4F36-AFFD-EAAA4C57DEA0}c:\\program files\\steam\\steam.exe"= TCP:c:\program files\steam\steam.exe:Steam
"TCP Query User{2611DFAC-92B6-4A5F-8F65-BA33D3F642C8}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{471BAF5D-005F-4CED-BA7A-4D89509F04C0}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{93FCB799-F201-4A9C-A23A-8136EB23A794}c:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:c:\program files\thq\dawn of war\w40k.exe:W40k
"UDP Query User{A15558F6-9978-4580-A7B3-79551067155E}c:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:c:\program files\thq\dawn of war\w40k.exe:W40k
"TCP Query User{125027F1-BD85-4343-AFCE-9661674ED43E}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe"= UDP:c:\program files\thq\darkcrusade\darkcrusade.exe:DarkCrusade
"UDP Query User{882ED094-2E84-4B5C-806E-C7776C90160A}c:\\program files\\thq\\darkcrusade\\darkcrusade.exe"= TCP:c:\program files\thq\darkcrusade\darkcrusade.exe:DarkCrusade
"TCP Query User{FEE4826B-3016-4758-AFCC-4AF8892EDAD6}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{1C74F981-F98D-4E39-85A1-E8329C26F470}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\counter-strike source\hl2.exe:hl2
"TCP Query User{C3B1C3FF-D144-4F46-8C44-1A6E4E26FC0F}c:\\program files\\ea games\\battlefield 2\\bf2voipserver.exe"= UDP:c:\program files\ea games\battlefield 2\bf2voipserver.exe:BF2VoipServer
"UDP Query User{A7402B59-11FC-4A06-9CE8-7B27CE4630EC}c:\\program files\\ea games\\battlefield 2\\bf2voipserver.exe"= TCP:c:\program files\ea games\battlefield 2\bf2voipserver.exe:BF2VoipServer
"TCP Query User{A6E7DFF5-8B88-49AF-9BC5-1794C8EB0962}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{017F8579-BB80-4AAE-8034-A03A19AF9CC5}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{112209B9-1BC2-4165-89B7-D49446C0328B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{84BD5AFC-B205-427F-AC19-5A1483A70BF4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3F2592B3-8BB2-4243-BBA5-75400207D0B2}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:war3
"UDP Query User{A70A06A5-A6C9-4BEA-882D-56D4087A6D96}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:war3
"{9E95F3EB-535C-4120-8D35-F48625EB248E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{5B8C87D4-4F4C-4FBB-A01C-4D5354FE8EB8}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{ED22ECF9-7405-466E-A955-423979A3EE45}"= UDP:c:\nexon\KartRider\NMService.exe:Nexon Messenger Core
"{9CC232C3-2EFC-4CD9-BFDD-5D2D687463FA}"= TCP:c:\nexon\KartRider\NMService.exe:Nexon Messenger Core
"TCP Query User{83C681F9-F5D0-4D17-ABE6-8850DB2FE26D}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0E46FF21-B5F7-4CB6-9EA9-96909494AC22}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{570593CF-5B66-4302-9279-BEEE2CD4C0B5}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{C0EE7D43-C0F8-4F1A-ACAB-B661E69B6585}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"TCP Query User{0B9F6264-BF95-4C05-9B99-59933DDC6CCE}c:\\program files\\missionrisk\\missionrisk.exe"= UDP:c:\program files\missionrisk\missionrisk.exe:Based on risk, the classic military strategy game.
"UDP Query User{39E1A5C8-936A-4747-BA2B-A799BDA94AEC}c:\\program files\\missionrisk\\missionrisk.exe"= TCP:c:\program files\missionrisk\missionrisk.exe:Based on risk, the classic military strategy game.
"TCP Query User{6C9D6A89-6033-48AF-B61E-571E98AEF091}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"UDP Query User{A1F13FC7-A6BE-4F23-9DC5-059A2C39048A}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"TCP Query User{3F360421-F8B1-4609-A9FF-64339CD5755B}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{C3189213-47A2-4BAC-9D41-9823FDF06DDB}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{6D1D7905-51EE-494C-8C01-586463D4DEF4}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java™ Platform SE binary
"UDP Query User{FA21B6CE-068C-4F85-8961-248374E2E065}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java™ Platform SE binary
"TCP Query User{81C62DE2-61EC-4256-BCF8-298189F94697}c:\\users\\myrthin\\desktop\\flwin\\flwin\\area\\clands.exe"= UDP:c:\users\myrthin\desktop\flwin\flwin\area\clands.exe:clands.exe
"UDP Query User{A8879E5D-0A96-4293-8821-F2762D4EC673}c:\\users\\myrthin\\desktop\\flwin\\flwin\\area\\clands.exe"= TCP:c:\users\myrthin\desktop\flwin\flwin\area\clands.exe:clands.exe
"TCP Query User{93BC1EEB-F507-4FE0-869B-C8226B767928}c:\\mysql\\bin\\mysqld-nt.exe"= UDP:c:\mysql\bin\mysqld-nt.exe:mysqld-nt
"UDP Query User{D388E4FD-44AD-4CD4-87BF-881D8E550141}c:\\mysql\\bin\\mysqld-nt.exe"= TCP:c:\mysql\bin\mysqld-nt.exe:mysqld-nt
"TCP Query User{2ADBB923-4BD6-41BC-A60C-8708D04A8BCB}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{DE923203-62A3-4B76-9764-9D699888C8C5}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{40FCB726-1E97-4B72-A4DC-769514AC10D6}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{9975D434-5735-4EA6-8B34-BA8D692A1953}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{94B4262F-C05D-4E3D-896F-10E401BC843C}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{4CBDF1E1-DBEF-4B41-B0C5-47D6A483591E}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"TCP Query User{0108EEB0-9C00-4D9C-B783-87E2F1158EB6}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\source sdk base\hl2.exe:hl2
"UDP Query User{D409F852-554E-4F31-AB87-9E238F4EEA8B}c:\\program files\\steam\\steamapps\\otherworldalien@hotmail.com\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\otherworldalien@hotmail.com\source sdk base\hl2.exe:hl2
"{13996DEB-93BD-477A-A067-3E25607F5B5C}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{DBE987B0-1464-4376-AAE2-48BBC01873AD}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{85A56726-7490-4D1C-9272-4485B4EBCC4B}c:\\program files\\pocket tanks deluxe\\pockettanks.exe"= UDP:c:\program files\pocket tanks deluxe\pockettanks.exe:Pocket Tanks
"UDP Query User{4199B6EA-3B8F-40AE-ABE4-355FAC58BB0F}c:\\program files\\pocket tanks deluxe\\pockettanks.exe"= TCP:c:\program files\pocket tanks deluxe\pockettanks.exe:Pocket Tanks
"{88754727-F18A-42CD-8BCB-55B9250DE319}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{080F05A6-522D-406D-8409-F6B2C88886BA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{32316C6F-F304-4859-9F38-F19B63D2E2A1}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{DB786D5C-B945-4FAC-A6B7-6FD05F85B368}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{FBC70939-5DF9-41D5-A2E9-F6E13B4FE899}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{7630DBA1-A8BF-40FE-B4D6-D521A2B7685C}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{455ED237-A329-4D36-9D9E-85460CBC4920}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{9F7E54AB-4684-44BC-AA35-ACCA8803D432}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{F56A6130-6FD3-4A9D-82B7-2CFF4AD245A0}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{755D4020-1290-4F3B-B691-AE4B7AEBD522}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{591DF944-35DA-4747-B91C-DF76CE32A5B0}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{17DA5D93-8759-48B1-80DC-A8AE30CECD0A}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C360FEED-21CD-4A6D-88B5-07E47FB00C9A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4BF785F4-4820-40B1-8E7E-2CF9ED1E287D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{DF7D1941-99D2-445C-A69C-65B30FBC3FAB}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{726BEDD4-B023-4E9A-AF6B-4CE8B14991C0}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{5F77F673-717B-41F5-B2BC-55B6F134483A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{242EB481-2053-4AA4-B766-CA853A0C452A}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EF378187-92A9-451A-B921-1FF2206CEDBF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A3DA8941-9A25-4A2F-AE86-7046139A5B00}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{64AE605A-4501-4BCC-8C29-741890E3B1CC}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{4DB5A940-9731-4D94-B64E-78CF8F03C49E}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{6F3C2B1C-393F-4E8C-8687-37F1FF3EA304}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{A4B4DD45-6CD2-4105-8A9F-BFEEC8DC5DEA}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"TCP Query User{D23464ED-FB41-4117-8C1C-F3E817215DD8}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{5BC39803-C981-443E-80ED-49B62E84BACE}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{217EE40B-02E6-41E3-BDA6-861F46510EE4}"= UDP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{7B26282A-E602-4A3B-B5DF-D4006254CCB2}"= TCP:c:\program files\Steam\steamapps\common\tom clancy's h.a.w.x - demo\HAWX.exe:Tom Clancy's H.A.W.X - Demo
"{44A9F3D6-6C91-4A9A-9173-A822F73AF345}"= UDP:c:\windows\explorer.exe:Explorer
"{7CB57693-D373-4F0B-A651-E6465762C34E}"= TCP:c:\windows\explorer.exe:Explorer
"{5C677416-884F-47AC-9ADF-98A57FB63587}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{8F09A7F4-6707-4638-9112-B40C933498B5}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{02204536-4D6C-4E53-AD9A-A8B083BE5F98}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{C86F2350-249B-438A-AF7A-05BF1E7AAB67}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{1C943F4F-DBAD-4806-A32B-FC9EEEF14DDF}"= UDP:c:\program files\Intel\IntelDH\CCU\AlertService.exe:AlertService
"{E51E19B8-BAD8-4967-A642-09CBAA62F07D}"= TCP:c:\program files\Intel\IntelDH\CCU\AlertService.exe:AlertService
"{0057C924-82C8-4A39-908E-CB2C8587418F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4A488D31-2CF2-4D52-B5AC-515D6DD3D121}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44C1BE8F-C4CD-4704-8ED0-F3107CC81CEC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CEE5E69A-A450-4F31-BF58-346BF92184AE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {80A10640-AFE7-4EA1-9C31-5F8DB9B7C72C}

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 4:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 3:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [6/26/2007 5:11 AM 5504]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\System32\drivers\Alpham.sys [12/4/2005 1:55 PM 34944]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\System32\drivers\MA111nd5.sys [3/3/2004 3:27 PM 666624]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 9:03 AM 208896]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{059200B6-6D5F-4ED6-9F88-3CE803FEE29B} - (no file)
BHO-{247FA090-AF55-45B4-9863-A778AA151F30} - (no file)
BHO-{4EEAF7B5-7FB0-4ABD-9A4C-2A882F7C4178} - (no file)
BHO-{5101CDCE-A33B-4D34-9AB8-A062A3E184B4} - (no file)
BHO-{6F589AE8-7111-467F-9326-6AC42B101B2C} - c:\windows\system32\yayxwtrS.dll
BHO-{A4F298D0-B4E9-4352-A262-2CB0D5F12AAB} - c:\windows\system32\vtUkiHwU.dll
BHO-{DBF16C14-483B-4AFE-9432-2B62B445E81A} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070626
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070626
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {DFBA2700-1854-4BA2-BDE7-9A222792D028} = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Myrthin\AppData\Roaming\Mozilla\Firefox\Profiles\r2oal8qs.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 10:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1714620093-3741861214-3663906681-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\’N*’R*[*’W*’& ]
"Order"=hex:08,00,00,00,02,00,00,00,8e,00,00,00,01,00,00,00,01,00,00,00,82,00,
00,00,00,00,00,00,74,00,00,00,41,75,67,4d,04,00,00,00,01,00,00,00,00,00,01,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1540)
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wscntfy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\windows\ehome\ehmsas.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\System32\CTxfispi.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-19 10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 15:24

Pre-Run: 1,595,154,432 bytes free
Post-Run: 1,427,607,552 bytes free

459 --- E O F --- 2009-06-19 09:00

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:01 PM

Posted 19 June 2009 - 10:40 AM

Hi,

Navigate to and delete the following files:

c:\windows\system32\myxijwlp.exe
c:\windows\system32\rorxavml.exe

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Myrthin

Myrthin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 19 June 2009 - 09:36 PM

Everything seems to be clear, thank you. I did the start > run thing and it said that ComboFix /u is not a valid command.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:01 PM

Posted 20 June 2009 - 03:14 AM

Just delete the Combofix program from your desktop and delete the C:\Qoobox folder.

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:01 PM

Posted 07 July 2009 - 07:23 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users