ComboFix 08-06-12.2 - Jose 2008-06-15 15:12:07.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.257 [GMT -5:00]
Running from: C:\Users\Jose\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Common Files\racle~1
C:\Program Files\Spcron
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outerinfo
C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\KBL.LOG
C:\Windows\system32\sstem3~1
C:\Windows\system32\sstem3~1\s?stem32\
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-14 13:22 . 2008-06-14 13:22 <DIR> d-------- C:\Program Files\Safer Networking
2008-06-14 11:14 . 2008-06-14 11:14 <DIR> d-------- C:\Users\Jose\.housecall6.6
2008-06-14 11:05 . 2008-06-14 11:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-12 20:44 . 2008-06-12 20:44 179 --a------ C:\Windows\wininit.ini
2008-06-12 20:04 . 2008-06-12 20:44 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-12 20:04 . 2008-06-12 20:44 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-12 20:04 . 2008-06-12 20:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-10 18:18 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-10 18:18 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-10 18:18 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-10 18:18 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-07 12:03 . 2008-06-12 22:39 <DIR> d-------- C:\Program Files\commview 524
2008-06-03 19:44 . 2008-06-03 19:44 <DIR> d-------- C:\Program Files\Avira
2008-06-02 16:50 . 2008-06-08 21:55 <DIR> d-------- C:\Users\All Users\TamoSoft
2008-06-02 16:50 . 2008-06-08 21:55 <DIR> d-------- C:\ProgramData\TamoSoft
2008-06-02 16:49 . 2008-01-21 13:58 558,624 --a------ C:\Windows\System32\drivers\ar5211.sys
2008-06-02 15:53 . 2008-06-02 15:53 <DIR> d-------- C:\Program dk3
2008-06-02 13:06 . 2008-06-02 13:07 <DIR> d-------- C:\Program Files\Hotspot Shield
2008-06-02 12:52 . 2004-02-05 14:53 389,120 --------- C:\Windows\System32\actskn43.ocx
2008-06-02 12:52 . 2004-11-01 06:38 57,344 --------- C:\Windows\System32\XButton.ocx
2008-05-27 16:27 . 2008-03-07 21:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 16:27 . 2008-03-07 23:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 11:36 . 2008-05-26 11:37 <DIR> d-------- C:\Program Files\Microsoft Speech SDK 5.1
2008-05-26 11:33 . 2004-02-22 10:11 719,872 --a------ C:\Windows\System32\devil.dll
2008-05-26 11:33 . 2007-05-17 17:30 318,976 --a------ C:\Windows\System32\avisynth.dll
2008-05-26 11:33 . 2005-07-14 12:31 27,648 --a------ C:\Windows\System32\AVSredirect.dll
2008-05-26 11:32 . 2006-09-12 05:46 227,328 -r-hs---- C:\Windows\System32\ac3DX.ax
2008-05-26 11:32 . 2006-03-10 15:48 169,472 -r-hs---- C:\Windows\System32\MatroskaDX.ax
2008-05-26 11:32 . 2006-05-03 04:06 163,328 -r-hs---- C:\Windows\System32\flvDX.dll
2008-05-26 11:32 . 2005-11-25 14:46 161,792 -r-hs---- C:\Windows\System32\RealMediaDX.ax
2008-05-26 11:32 . 2006-01-12 17:23 123,904 -r-hs---- C:\Windows\System32\AVCDX.ax
2008-05-26 11:32 . 2003-11-20 17:00 54,784 -r-hs---- C:\Windows\System32\RLAPEDec.ax
2008-05-26 11:32 . 2004-04-26 17:00 37,888 -r-hs---- C:\Windows\System32\RLMPCDec.ax
2008-05-26 11:32 . 2007-02-21 05:47 31,232 -r-hs---- C:\Windows\System32\msfDX.dll
2008-05-26 11:32 . 2007-12-17 07:43 27,648 ---hs---- C:\Windows\System32\Smab0.dll
2008-05-26 10:33 . 2008-05-26 10:33 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-05-26 10:05 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-05-26 10:05 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-05-26 10:05 . 2008-05-26 10:05 0 --a------ C:\Windows\Irremote.ini
2008-05-24 20:20 . 2008-05-24 20:18 31,472 --a------ C:\Users\Jose\System gen.zip
2008-05-24 17:35 . 2008-05-24 17:35 406 --a------ C:\Windows\System32\ioloBootDefrag.cfg
2008-05-24 17:34 . 2008-05-06 16:36 428,904 --a------ C:\Windows\System32\Incinerator.dll
2008-05-24 17:34 . 2008-03-24 08:53 34,304 --a------ C:\Windows\System32\iolobtdfg.exe
2008-05-24 17:34 . 2008-03-24 08:53 22,528 --a------ C:\Windows\System32\smrgdf.exe
2008-05-24 17:34 . 2007-09-20 14:12 12,800 --a------ C:\Windows\System32\elrawdsk.sys
2008-05-24 17:34 . 2007-09-20 14:12 12,800 --a------ C:\Windows\System32\drivers\elrawdsk.sys
2008-05-24 17:33 . 2008-05-24 17:33 74,703 --a------ C:\Windows\System32\mfc45.dll
2008-05-24 17:21 . 2007-03-04 06:55 1,936,528 --a------ C:\Windows\System32\ltmm15.dll
2008-05-24 17:21 . 2007-03-04 06:55 135,168 --a------ C:\Windows\System32\DSKernel2.dll
2008-05-24 17:12 . 2008-05-24 17:16 <DIR> d-------- C:\Users\Jose\AppData\Roaming\GetRightToGo
2008-05-24 13:38 . 2008-06-15 13:01 <DIR> d-------- C:\Mozilla Firefox
2008-05-23 18:34 . 2008-05-23 23:16 <DIR> d-------- C:\Program Files\Common Files\wuzm
2008-05-23 18:23 . 2008-05-23 18:25 2 --a------ C:\697861687
2008-05-22 16:57 . 2008-05-22 16:57 <DIR> d-------- C:\Users\Jose\AppData\Roaming\Nero
2008-05-22 16:52 . 2008-05-26 10:06 <DIR> d-------- C:\Users\All Users\Nero
2008-05-22 16:52 . 2008-05-26 10:06 <DIR> d-------- C:\ProgramData\Nero
2008-05-22 16:52 . 2008-05-26 10:06 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-22 16:12 . 2008-05-26 10:13 <DIR> d-------- C:\Program Files\YouSendIt
2008-05-22 16:04 . 2008-05-24 09:38 <DIR> d-------- C:\Program Files\iolo
2008-05-22 15:48 . 2008-06-13 21:59 <DIR> d-------- C:\Users\Jose\AppData\Roaming\iolo
2008-05-22 15:48 . 2008-05-23 09:31 <DIR> d-------- C:\Users\All Users\iolo
2008-05-22 15:48 . 2008-05-23 09:31 <DIR> d-------- C:\ProgramData\iolo
2008-05-21 22:51 . 2008-05-24 12:54 <DIR> d-------- C:\Users\Jose\{f5ae927a-aa76-4fc8-b031-fb83b902d0d0}
2008-05-21 16:02 . 2008-05-21 16:02 <DIR> d-------- C:\Users\Jose\.thumbnails
2008-05-21 15:46 . 2008-06-07 20:36 <DIR> d-------- C:\Users\Jose\.gimp-2.2
2008-05-16 14:18 . 2008-05-24 12:56 <DIR> d-------- C:\Program Files\PhotomatixPro3
2008-05-15 08:53 . 2008-05-15 08:53 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-05-15 08:53 . 2008-05-15 08:53 <DIR> d-------- C:\ProgramData\WindowsSearch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 08:12 --------- d-----w C:\Program Files\Windows Mail
2008-06-08 01:46 --------- d-----w C:\Users\Jose\AppData\Roaming\uTorrent
2008-06-08 01:46 --------- d-----w C:\Program Files\Microsoft
2008-06-04 00:44 --------- d-----w C:\ProgramData\Avira
2008-06-02 17:55 --------- d-----w C:\ProgramData\WinZip
2008-05-26 15:33 --------- d-----w C:\Program Files\MSECACHE
2008-05-26 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 20:24 --------- d-----w C:\Program Files\CONEXANT
2008-05-24 18:58 --------- d-----w C:\Program Files\Microsoft Games
2008-05-24 17:54 --------- d-----w C:\Program Files\Blue Coat K9 Web Protection
2008-05-23 23:45 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 02:26 --------- d-----w C:\Users\Jose\AppData\Roaming\BitTorrent
2008-05-16 19:17 --------- d-----w C:\Users\Jose\AppData\Roaming\com.zipeg
2008-05-10 20:27 --------- d-----w C:\Program Files\NIV Audio Bible
2008-05-10 03:55 --------- d-----w C:\Program Files\uTorrent
2008-05-10 03:25 --------- d-----w C:\Program Files\Winamp
2008-05-08 04:26 --------- d-----w C:\Program Files\Common Files\NSV
2008-05-03 20:51 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-03 18:34 --------- d-----w C:\Program Files\KeyScrambler
2008-05-03 00:44 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 00:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-03 00:35 --------- d-----w C:\Program Files\Windows Defender
2008-05-03 00:35 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-03 00:35 --------- d-----w C:\Program Files\Windows Calendar
2008-05-02 23:31 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-02 23:31 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-02 22:29 --------- d-----w C:\Program Files\Microsoft Works
2008-05-02 22:24 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-02 22:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-02 15:26 --------- d-----w C:\ProgramData\Screaming Bee
2008-05-01 02:20 --------- d-----w C:\ProgramData\Apple Computer
2008-05-01 02:16 --------- d-----w C:\Users\Jose\AppData\Roaming\InstallShield
2008-05-01 02:14 --------- d-----w C:\Program Files\Azureus
2008-04-30 00:23 --------- d-----w C:\Program Files\Screaming Bee
2008-04-29 23:09 --------- d-----w C:\Users\Jose\AppData\Roaming\Screaming Bee
2008-04-26 15:18 --------- d-----w C:\Users\Jose\AppData\Roaming\Apple Computer
2008-04-25 16:28 0 ----a-w C:\Users\Jose\AppData\Roaming\wklnhst.dat
2008-04-25 14:18 --------- d-----w C:\ProgramData\Yahoo!
2008-04-25 14:10 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 19:52 817,664 ---h--w C:\Windows\System32\wodfamoh.dll
2008-04-23 19:52 1,645,320 ----a-w C:\Windows\System32\GdiPlus.dll
2008-04-20 20:18 --------- d-----w C:\Program Files\NetWaiting
2008-04-18 19:54 --------- d-----w C:\Users\Jose\AppData\Roaming\DivX
2008-04-18 14:41 --------- d-----w C:\Program Files\DivX
2008-04-18 14:41 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-18 02:49 --------- d-----w C:\Users\Jose\AppData\Roaming\Azureus
2008-04-15 20:38 70,082 ----a-w C:\Users\Jose\ffdshow.reg
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-15 14:44 286,720 ----a-w C:\Windows\iun506.exe
2008-02-28 23:03 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
2008-02-29 04:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022820080229\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E1D855-9232-48F7-80D9-1ADB65B7939C}]
C:\Windows\tokre.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-25 04:44 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 18:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 22:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 19:05 202032]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 19:31 80896]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 18:15 480560]
"VirusScannerPro"="C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe" [2007-06-14 15:04 62976]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [2008-05-06 08:58 307568]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}"= C:\Windows\system32\qoMghiih.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\Jose\AppData\Local\Temp\mljhe.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6373C97F-C151-4436-8BD2-7854F8172088}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0CC7E9A3-30DC-4E91-BE90-2B7DEB3E8C10}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6425FA3C-092F-4E2A-94C7-515A4BC05FC5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{30FDF5A9-B83E-4581-9A7F-D603AAFA2E65}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{85A85B3A-6231-4FED-B294-CFD91E14D749}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F8EC103-F4A5-492F-8F62-FA6A2870FA64}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{438C64FA-6CE6-4807-866D-6572B9F3F8BE}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B2CDC7F-B942-4B2D-A492-B8E1EE5C02D3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C6253C43-C8C8-4E01-A06A-B3D76F3BC66B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B6B416BF-2716-4314-9206-9A999C4DB9AE}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{09435138-CED0-47DD-BAB4-366CA6801E4A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A393906A-5A87-41A6-8741-601CDC49E69D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{689F1C0B-664C-4BE7-9A19-6C7E0171F3D5}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{CE614AA4-CEA8-43D3-AD18-B389BF166DDF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{6F271254-1D5E-41AE-A4E5-D15E1077570E}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{2E0A9292-D9C9-4812-A1E7-A71D13D46665}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{C1DBF4A7-0069-457B-A32B-47C8750CBF7B}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{3D3E68F5-409D-4923-AA67-259E9627DE00}C:\\users\\jose\\program files\\dna\\btdna.exe"= UDP:C:\users\jose\program files\dna\btdna.exe:btdna.exe
"UDP Query User{8D069FBC-2E55-415C-B01F-18CA3956A548}C:\\users\\jose\\program files\\dna\\btdna.exe"= TCP:C:\users\jose\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E51447E0-3B60-4E69-B55F-B46D57E1E10A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{982CABD5-0CE8-4ECA-AC19-CD716D21F021}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A670BED4-74A2-4ACF-A2EF-32E5A13A05A4}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DA4C32A3-D0ED-446B-8DE0-90ED750B3B3A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{FAA506DD-E18D-4E57-A1F7-6B28D8199EEF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{55E85059-F4BC-4389-B46D-42AFDBB1897F}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{8CBD6BCF-A36C-4DE3-8B39-F2660D3803B2}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D2585F57-A598-44FC-AD72-2141A2ACABC7}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FAAEC271-251C-4A01-BC70-DBD326664DD7}"= UDP:80:anonymous
"TCP Query User{7293C8C6-9FC9-4408-ADC1-4CB47153A2B5}C:\\program files\\azureus\\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AAC30296-55DB-4562-838D-56C186D7047B}C:\\program files\\azureus\\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{87EBC107-28AC-4D34-AB18-9747EED306B9}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{6264DA75-CB4E-414D-ADE3-5391058FACC6}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{79428B1F-28EA-4A8C-9A04-917898C53FE1}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{79CD42CA-2EF9-4943-9E71-38C4FA5BE3E4}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5F167EEC-53AE-4E0B-9EC0-BD061D2F59B2}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3543D2B4-1BB3-444A-926B-0E5B6A424A85}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{466DC7B4-77C0-43A4-A671-3BBC8AA4D1E2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F331C5A3-026C-4EE9-AD06-9F028F7BD0C0}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9A57824A-CA87-4BDB-AE7F-88CC0C19ECC1}C:\\mozilla firefox\\firefox.exe"= UDP:C:\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AF17BF7B-31F8-4885-9A3E-A103DCAA48E1}C:\\mozilla firefox\\firefox.exe"= TCP:C:\mozilla firefox\firefox.exe:Firefox
"TCP Query User{1C6904F0-7926-4340-9F53-58D832502BF5}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{0F4F632A-5046-4B55-9767-53775F0FF548}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 cwmtdi;cwmtdi;C:\Windows\system32\drivers\cwmtdi.sys [2007-05-14 18:04]
R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 06:26]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys [2008-03-22 16:37]
R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 16:25]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\APLMp50.sys [2006-11-29 00:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-15 15:14:29
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-15 15:15:59
ComboFix-quarantined-files.txt 2008-06-15 20:15:25
Pre-Run: 35,462,356,992 bytes free
Post-Run: 35,431,047,168 bytes free
292 --- E O F --- 2008-06-14 17:41:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:48 PM, on 6/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://music.yahoo.com/launchcast/stations/default.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C} - C:\Windows\tokre.dll (file missing)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9158 bytes