Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Conhook.B Infection [CLOSED]

Started by Sungkoo , May 03 2008 06:30 PM

  • This topic is locked This topic is locked

#1
Sungkoo
Posted 03 May 2008 - 06:30 PM

Sungkoo

    New Member

  • Member
  • Pip
  • 2 posts
Hello, running a vista computer here. Windows Defender detected Conhook.b earlier and i couldnt seem to figure out how to get rid of it. I ran a variety of programs and now Defender isn't picking it up anymore. Thought I'd be safe and ask you guys to have a look at my logfile for me. Any help is much appreciated!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:06 PM, on 5/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Jeremy\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Jeremy\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Jeremy\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Jeremy\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11269 bytes
  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 07:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Looks good so far. Let's have a deeper scan to see if anything is found.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Sungkoo
Posted 03 May 2008 - 08:23 PM

Sungkoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for the reply and the welcome! Here is the ComboFix log:


ComboFix 08-05-01.3 - Jeremy 2008-05-03 18:41:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.217 [GMT -7:00]
Running from: C:\Users\Jeremy\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 18:36 . 2008-04-23 21:20 <DIR> d-------- C:\327882R2FWJFW
2008-05-03 18:28 . 2008-05-03 18:28 <DIR> d-------- C:\sUBs
2008-05-03 16:26 . 2008-05-03 16:26 <DIR> d-------- C:\!KillBox
2008-05-03 16:25 . 2008-05-03 16:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 13:56 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-03 13:56 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-03 13:56 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-03 13:56 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-03 13:55 . 2008-05-03 13:55 <DIR> d-------- C:\Users\Jeremy\AppData\Roaming\PC Tools
2008-05-03 13:55 . 2008-05-03 14:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-02 12:33 . 2008-05-02 12:36 1,063,313,408 --ah----- C:\hiberfil.sys.szcpf
2008-05-02 11:58 . 2008-05-02 11:58 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-05-02 11:58 . 2008-05-02 11:58 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-05-01 19:45 . 2008-05-02 12:47 155,760 --a------ C:\Windows\System32\drivers\kgpfr2.cfg
2008-05-01 06:52 . 2008-05-01 06:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-30 12:32 . 2008-05-02 10:30 <DIR> d-------- C:\Users\All Users\SITEguard
2008-04-30 12:32 . 2008-05-02 10:30 <DIR> d-------- C:\ProgramData\SITEguard
2008-04-30 12:28 . 2008-05-02 13:48 <DIR> d-------- C:\Users\All Users\STOPzilla!
2008-04-30 12:28 . 2008-05-02 13:48 <DIR> d-------- C:\ProgramData\STOPzilla!
2008-04-30 12:28 . 2008-05-02 13:48 <DIR> d-------- C:\Program Files\STOPzilla!
2008-04-30 12:28 . 2008-04-30 12:28 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-30 12:23 . 2008-04-30 22:06 <DIR> d-------- C:\Users\Jeremy\AppData\Roaming\GetRightToGo
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-04-30 00:25 . 2008-04-30 00:25 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-28 13:23 . 2008-05-03 19:01 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-28 13:23 . 2008-05-03 19:01 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-21 21:28 . 2004-03-29 16:23 90,112 --a------ C:\Windows\unvise32.exe
2008-04-21 21:25 . 2008-04-21 21:28 <DIR> d-------- C:\Program Files\The Logo Creator v5
2008-04-14 12:49 . 1995-04-19 00:00 188,960 --a------ C:\Windows\system\WINGDE.DLL
2008-04-14 12:49 . 1995-04-19 00:00 92,208 --a------ C:\Windows\system\WING.DLL
2008-04-14 12:49 . 1995-04-19 00:00 27,136 --a------ C:\Windows\system\WAVMIX16.DLL
2008-04-14 12:49 . 1995-04-19 00:00 12,800 --a------ C:\Windows\system\WING32.DLL
2008-04-14 12:49 . 1995-04-19 00:00 6,736 --a------ C:\Windows\system\WINGDIB.DRV
2008-04-14 12:49 . 1995-04-19 00:00 5,024 --a------ C:\Windows\system\WINGPAL.WND
2008-04-14 12:49 . 1995-04-19 00:00 2,554 --a------ C:\Windows\WAVEMIX.INI
2008-04-14 12:49 . 1995-04-19 00:00 1,966 --a------ C:\Windows\system\DVA.386
2008-04-11 18:40 . 2008-04-11 18:40 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 09:01 . 2008-04-09 09:01 524,288 --ahs---- C:\Users\Public\ntuser.dat{fbee02b1-064b-11dd-9abc-001b24027402}.TMContainer00000000000000000002.regtrans-ms
2008-04-09 09:01 . 2008-05-03 18:41 524,288 --ahs---- C:\Users\Public\ntuser.dat{fbee02b1-064b-11dd-9abc-001b24027402}.TMContainer00000000000000000001.regtrans-ms
2008-04-09 09:01 . 2008-05-03 18:41 65,536 --ahs---- C:\Users\Public\ntuser.dat{fbee02b1-064b-11dd-9abc-001b24027402}.TM.blf
2008-04-08 13:58 . 2008-02-29 00:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-08 13:58 . 2008-02-29 00:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-08 13:58 . 2008-02-21 22:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-08 13:58 . 2008-02-29 00:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-05 14:11 . 2008-05-02 13:52 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0
2008-04-05 14:10 . 2008-04-05 14:10 <DIR> d-------- C:\Users\Jeremy\AppData\Roaming\Intuit
2008-04-05 14:10 . 2007-07-26 17:13 3,518,464 --a------ C:\Windows\System32\cdintf300.dll
2008-04-05 14:10 . 2007-07-26 17:13 1,843,200 --a------ C:\Windows\System32\acXMLParser.dll
2008-04-05 14:09 . 2008-04-05 14:09 <DIR> d-------- C:\Users\All Users\Intuit
2008-04-05 14:09 . 2008-04-05 14:09 <DIR> d-------- C:\ProgramData\Intuit
2008-04-05 14:09 . 2008-05-02 13:53 <DIR> d-------- C:\Program Files\Quicken
2008-04-05 14:09 . 2008-05-02 13:53 76 --a------ C:\Windows\QUICKEN.INI
2008-04-05 14:04 . 2008-04-05 14:05 <DIR> d-------- C:\Program Files\iTunes
2008-04-05 14:04 . 2008-04-05 14:04 <DIR> d-------- C:\Program Files\iPod
2008-04-05 14:01 . 2008-04-05 14:02 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 13:11 . 2008-04-04 13:11 <DIR> d-------- C:\Windows\WinRAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 19:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-01 06:47 --------- d-----w C:\Program Files\DivX
2008-05-01 06:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 06:10 --------- d-----w C:\ProgramData\HP Product Assistant
2008-05-01 06:10 --------- d-----w C:\ProgramData\FLEXnet
2008-05-01 06:10 --------- d-----w C:\Program Files\Real
2008-05-01 06:10 --------- d-----w C:\Program Files\Logitech
2008-05-01 06:10 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-01 06:10 --------- d-----w C:\Program Files\Atari
2008-05-01 06:10 --------- d-----w C:\Program Files\ACD Systems
2008-04-22 03:25 --------- d-----w C:\Program Files\McAfee
2008-04-12 01:40 --------- d-----w C:\Program Files\Common Files\Real
2008-04-08 23:36 --------- d-----w C:\Program Files\Windows Mail
2008-04-05 21:14 --------- d-----w C:\Users\Jeremy\AppData\Roaming\Apple Computer
2008-04-02 17:00 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-02 07:18 174 --sha-w C:\Program Files\desktop.ini
2008-04-02 07:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-02 07:05 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-02 07:05 --------- d-----w C:\Program Files\Windows Journal
2008-04-02 07:05 --------- d-----w C:\Program Files\Windows Defender
2008-04-02 07:05 --------- d-----w C:\Program Files\Windows Calendar
2008-04-02 06:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-02 06:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-02 05:28 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-24 00:45 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-03 12:40 599,552 ------w C:\Windows\System32\CnxtAp32.dll
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-12 03:13 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-02-12 03:13 539,160 ----a-w C:\Windows\System32\igfxcfg.exe
2008-02-12 03:13 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-02-12 03:13 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-02-12 03:13 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-02-12 03:13 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-02-12 03:13 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-02-12 03:13 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-02-12 02:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll
2008-02-12 02:36 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll
2008-02-12 02:01 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll
2008-02-12 02:01 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll
2008-02-12 01:48 245,760 ----a-w C:\Windows\System32\igfxTMM.dll
2008-02-12 01:47 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-02-12 01:47 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-02-12 01:47 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-02-12 01:47 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-02-12 01:46 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-02-12 01:46 204,800 ----a-w C:\Windows\System32\igfxdev.dll
2008-02-12 01:46 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-02-12 01:46 106,496 ----a-w C:\Windows\System32\hccutils.dll
2007-12-27 05:50 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-28 07:45 268 ----a-w C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
2007-09-21 01:34 129,024 ----a-w C:\Program Files\RarExt.dll
2007-05-25 23:59 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 16:33 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-11 18:39 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"combofix"="C:\Windows\system32\CF6478.exe" [2008-01-19 00:33 318976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [2007-01-17 18:02 95784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-17 22:07:26 34520]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Logitech Harmony Remote.lnk - C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe [2005-07-26 12:35:56 91672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-11 18:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"= C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{08353BCA-095B-4C7E-97E6-38B436306156}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{76E2CDFA-CC47-44B4-9120-F3214297AC38}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FF410DC1-9B89-450A-9149-56091397F842}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{1527A20A-9856-4DE3-852A-10E73B707B3C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F68661BE-C072-4C3F-8437-B845A302674C}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C1729459-FF53-4016-955F-F16A89461BFD}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{1F01BF90-4230-48B1-A759-7E8251A1C816}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{0D26767E-1200-4714-8D7B-5D0C17D364BA}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{344114AA-9FB4-48B5-84B2-7994E04D8AC4}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E76B4AC4-ED29-487A-AE3B-AD101B503B38}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{209DD644-EE5B-41B3-9983-74E3DBF635F0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F5FAE2A8-D534-43B4-8A75-DFB5F4F8B543}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5D752E3B-9435-4FE8-88BA-783E9B4F4ED7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{97C35DD8-5A0B-4BB2-8E8D-46F3ADD03644}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{85E113F6-2BAD-472B-BF41-FECD2C1E6B22}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5D4E537E-DEF2-4B74-B555-EF473F2CC5F4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B17EC73B-1618-45E6-AD05-98C0B7404A56}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0A111EC3-528C-4C0F-96B0-7271FA870762}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA6F7074-F086-4783-903E-C204675BEADE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{79334C48-6637-4D44-85E7-783B04F6C92C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5781BDD7-60F1-4597-B571-3F4CD376056C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E77C30D8-5BB5-467C-B104-8199733F9E30}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"TCP Query User{C59EEDFB-AF7B-4BE2-B231-2091905DDFAA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E7AAD44E-9126-4196-BF22-C972A34B4792}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{C6F03535-AAD5-466C-BE68-98A76FB8086D}"= UDP:25525:BitComet 25525 TCP
"{60BF260A-7C91-479E-8D0D-BE5DA84A78ED}"= TCP:25525:BitComet 25525 UDP
"{FD8FF32F-F73A-40F1-899C-610D723FF6D4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{88DC7D67-3291-4E22-AAA7-7A07E8DE7C95}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{76BFB5BE-C756-45F5-93CE-3150DA9055C9}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{8416C648-8A41-4FD7-9F70-57259EEE4C98}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{0ED7CA3D-F8C5-4711-9836-1CFAD9129F9F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{5A00450E-A128-4D65-8E83-B374E373E851}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{4B3F5230-9481-4AB1-9745-040629C7350B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{0913E89B-8D9B-4F71-A39F-05F4CDB62F6E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{33DD1811-255B-41DA-A120-157A460D6F96}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{66D1AA1E-3022-4324-BEDF-73686AA332A7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8CD86BE8-A69A-410C-854C-BDEA7F4CF3F9}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{78910D4D-CB29-4A8C-BA4F-B85D1F2B9E97}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{724D4B5D-706C-465A-8405-770026A33FE6}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{3707FF84-688C-447E-8266-8CB908F4522D}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{25AA13BC-9122-40F0-AEE8-D492BE6CCBC3}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{E93A4D54-E082-4DA6-99B2-928F5FFEB47C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{8F0E1044-3753-4412-A7A1-015650B00F71}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{30E7B2A4-4CB3-4FDA-B69B-0816C102B1A0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C1568180-6EC1-4010-8F08-159E1116DC6A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{9FA65600-DABC-4A6C-86F3-148EAE270E9D}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{3EA3D0F7-DBE2-4B3C-BDEF-467C46FEC6BE}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{FCDBD7A4-55D6-4E72-91D7-F132A28EF51E}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{FD2757FA-80E5-4C09-BD2E-2439609971EB}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A297FDE9-70BA-46FF-9DCD-5FDD1657A3D6}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{C4FCB3EF-8A88-44A4-B42B-4BD5CAD656F3}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{DB1102AD-557F-4730-ADB3-B016A40DE2D2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5002BFD3-6AD9-4A3D-AD89-7C4389AB86A3}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{3D92D9A6-848A-4039-9774-FF3D8DB4C874}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{38BC7FD1-C5D1-4B57-BF9A-338776EF8B30}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F23C5666-0B7C-462E-8973-B25B2C992093}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F5663DD1-679A-4C44-8A51-AB5174D11D5D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{91AFBFD5-D18C-4183-97CA-EDB7EECF8EDE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient"= C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software
"C:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbee02ee-064b-11dd-9abc-001b24027402}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 21:48:16 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-01 08:00:20 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-03 19:55:09 C:\Windows\Tasks\User_Feed_Synchronization-{AC837C56-541D-43C7-8EDB-DBC9CE36F579}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 18:59:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\TMP000000448FC6D35AC2ABA772 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-05-03 19:06:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 02:06:30

Pre-Run: 62,769,598,464 bytes free
Post-Run: 62,342,742,016 bytes free

354 --- E O F --- 2008-05-03 02:29:16
  • 0

#4
greyknight17
Posted 04 May 2008 - 12:07 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Disable Hibernation from your Control Panel Power Options. You may enable it back once we are done. I just want to take a look at something there.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Folder::
C:\327882R2FWJFW
C:\Users\All Users\TEMP
C:\ProgramData\TEMP

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far? Anything still detected?
  • 0

#5
greyknight17
Posted 10 May 2008 - 02:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP