Rooter as of May 4Microsoft Windows Vista Professional (6.0.6001) Service Pack 1
C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:1424 Mo)
D:\ [Fixed] - NTFS - (Total:238472 Mo/Free:2122 Mo)
E:\ [Fixed] - NTFS - (Total:49999 Mo/Free:948 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:980 Mo/Free:31 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Removable] (Total:0 Mo/Free:0 Mo)
N:\ [Fixed] - NTFS - (Total:200937 Mo/Free:4061 Mo)
O:\ [Fixed] - NTFS - (Total:275999 Mo/Free:3481 Mo)
Mon 05/04/2009|11:06
----------------------\\ Processes..
--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- vsmon.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
--Locked-- ScanningProcess.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\taskeng.exe
--Locked-- ScanningProcess.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\WUDFHost.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
---------- C:\Windows\System32\mobsync.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
---------- C:\Windows\System32\rundll32.exe
--Locked-- zlclient.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
--Locked-- mantispm.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
---------- C:\Windows\servicing\TrustedInstaller.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/04/2009|11:41
----------------------\\ Scan completed at 11:41
==============================================================RSIT as of May 4Logfile of random's system information tool 1.06 (written by random/random)
Run by AJ at 2009-05-04 11:43:42
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 2045 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:11 AM, on 5/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\mobsync.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AJ\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AJ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7892 bytes
======Scheduled tasks folder======
C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\Uniblue SpyEraser Nag.job
C:\Windows\tasks\Uniblue SpyEraser.job
C:\Windows\tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09628AAA-66AD-4FA2-82E2-698185B66463}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll [2008-12-11 2305456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-02-03 258134]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-12-12 1588224]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-09-26 233888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
shell\AutoRun\command - Q:\InstallSeagateManager.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2009-05-04 11:41:36 ----A---- C:\Rooter.txt
2009-05-04 11:06:24 ----D---- C:\Rooter$
2009-05-04 07:45:18 ----D---- C:\Windows\system32\ErrorLogs
2009-05-03 17:56:09 ----D---- C:\rsit
2009-05-03 09:58:34 ----D---- C:\Program Files\AVG
2009-05-03 09:16:56 ----D---- C:\MGtools
2009-04-27 20:15:53 ----D---- C:\ProgramData\SecTaskMan
2009-04-25 18:58:07 ----D---- C:\Program Files\Trend Micro
2009-04-21 13:16:08 ----D---- C:\TMRBLog
2009-04-21 13:15:56 ----A---- C:\RootkitBuster.exe
2009-04-21 13:15:08 ----D---- C:\log
2009-04-21 12:49:32 ----A---- C:\ComboFix.txt
2009-04-21 12:34:47 ----D---- C:\Windows\temp
2009-04-21 12:29:50 ----A---- C:\Windows\zip.exe
2009-04-21 12:29:50 ----A---- C:\Windows\vFind.exe
2009-04-21 12:29:50 ----A---- C:\Windows\SWREG.exe
2009-04-21 12:29:50 ----A---- C:\Windows\grep.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWXCACLS.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWSC.exe
2009-04-21 12:29:49 ----A---- C:\Windows\sed.exe
2009-04-21 12:29:39 ----D---- C:\ComboFix
2009-04-21 12:29:39 ----A---- C:\Windows\system32\CF3468.exe
2009-04-21 12:28:13 ----A---- C:\Windows\system32\swsc.exe
2009-04-21 12:28:12 ----D---- C:\Qoobox
2009-04-21 07:26:10 ----D---- C:\Users\AJ\AppData\Roaming\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\ProgramData\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-21 07:23:07 ----A---- C:\MGtools.exe
2009-04-20 23:38:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-20 08:41:29 ----A---- C:\Windows\ntbtlog.txt
2009-04-19 22:33:15 ----A---- C:\Windows\system32\rpcss.dll
2009-04-19 22:33:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-19 22:33:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iashost.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasads.dll
2009-04-19 22:32:39 ----A---- C:\Windows\system32\winhttp.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\kernel32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\secur32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\apilogen.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\amxread.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-18 21:05:36 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-04-18 21:03:40 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-04-13 00:44:15 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 23:03:27 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\msls31.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieui.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\corpol.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\admparse.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\webcheck.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\occache.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msrating.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\inseng.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\imgutil.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\iepeers.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\wextract.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\mstime.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\iesetup.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\ieakui.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\advpack.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\vbscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\url.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\jscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-12 23:03:21 ----A---- C:\Windows\system32\mshta.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iexpress.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\iertutil.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-12 23:03:19 ----A---- C:\Windows\system32\wininet.dll
2009-04-12 23:03:19 ----A---- C:\Windows\system32\urlmon.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\mshtml.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\ieframe.dll
2009-04-08 20:41:07 ----D---- C:\Users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 09:17:47 ----D---- C:\Users\AJ\AppData\Roaming\Copernic
2009-03-30 14:28:50 ----D---- C:\Program Files\SonicWallES
2009-03-29 21:19:58 ----D---- C:\ProgramData\NCH Swift Sound
2009-03-29 21:19:57 ----D---- C:\Program Files\NCH Software
2009-03-29 21:19:52 ----D---- C:\Users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 13:27:25 ----D---- C:\ProgramData\Google
2009-03-17 22:45:48 ----D---- C:\Users\AJ\AppData\Roaming\MailFrontier
2009-03-17 22:43:54 ----D---- C:\ProgramData\Kaspersky SDK
2009-03-14 10:42:20 ----A---- C:\Windows\system32\schannel.dll
2009-03-02 11:41:21 ----D---- C:\Program Files\Common Files\iZotope
2009-02-25 07:55:41 ----A---- C:\Windows\system32\wmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-25 07:55:39 ----A---- C:\Windows\system32\spwmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-14 07:09:41 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 07:09:37 ----A---- C:\Windows\system32\psisdecd.dll
======List of files/folders modified in the last 3 months======
2009-05-04 11:42:44 ----D---- C:\Windows\Internet Logs
2009-05-04 11:02:27 ----D---- C:\Windows\System32
2009-05-04 11:02:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-04 10:58:22 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-05-04 10:58:22 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2009-05-04 10:58:21 ----A---- C:\Windows\system32\bscs.ini
2009-05-04 10:53:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-04 10:47:03 ----HD---- C:\ProgramData
2009-05-04 10:43:32 ----RD---- C:\Program Files
2009-05-04 10:42:41 ----SHD---- C:\Windows\Installer
2009-05-04 10:42:41 ----D---- C:\Config.Msi
2009-05-04 10:38:36 ----A---- C:\rollback.ini
2009-05-04 10:23:43 ----SHD---- C:\System Volume Information
2009-05-04 10:23:33 ----D---- C:\Windows\system32\drivers
2009-05-04 10:23:33 ----D---- C:\Windows
2009-05-03 09:23:44 ----D---- C:\Windows\winsxs
2009-05-01 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot2
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot
2009-05-01 10:07:02 ----D---- C:\Windows\Prefetch
2009-05-01 10:05:49 ----D---- C:\T
2009-05-01 00:10:43 ----D---- C:\Windows\system32\ZoneLabs
2009-04-29 06:59:56 ----A---- C:\Windows\NeroDigital.ini
2009-04-27 09:36:55 ----D---- C:\ProgramData\Media Center Programs
2009-04-25 22:54:10 ----D---- C:\Program Files\Java
2009-04-22 00:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-21 12:39:24 ----A---- C:\Windows\system.ini
2009-04-21 12:35:56 ----D---- C:\Windows\system32\config
2009-04-21 12:34:55 ----D---- C:\Windows\erdnt
2009-04-21 12:33:41 ----D---- C:\Windows\AppPatch
2009-04-21 12:33:39 ----D---- C:\Program Files\Common Files
2009-04-21 12:29:38 ----D---- C:\Windows\system32\en-US
2009-04-21 08:17:54 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2009-04-20 20:53:28 ----D---- C:\Windows\Debug
2009-04-20 09:45:20 ----SD---- C:\Users\AJ\AppData\Roaming\Microsoft
2009-04-20 09:41:26 ----D---- C:\Users\AJ\AppData\Roaming\Uniblue
2009-04-20 01:52:22 ----D---- C:\Windows\system32\LogFiles
2009-04-20 01:30:31 ----D---- C:\Windows\system32\wbem
2009-04-20 01:30:31 ----D---- C:\Program Files\Windows Mail
2009-04-20 01:30:29 ----D---- C:\Windows\system32\manifeststore
2009-04-20 01:29:24 ----D---- C:\Windows\inf
2009-04-19 11:43:21 ----D---- C:\Windows\Tasks
2009-04-19 11:43:21 ----D---- C:\Windows\system32\Tasks
2009-04-15 08:34:04 ----D---- C:\Program Files\Adobe
2009-04-13 00:44:26 ----D---- C:\Users\AJ\AppData\Roaming\Mozilla
2009-04-13 00:21:04 ----D---- C:\Windows\rescache
2009-04-12 23:06:51 ----D---- C:\Windows\system32\migration
2009-04-12 23:06:51 ----D---- C:\Windows\PolicyDefinitions
2009-04-12 23:06:51 ----D---- C:\Program Files\Internet Explorer
2009-04-12 22:41:09 ----RSD---- C:\Windows\Fonts
2009-04-08 23:40:03 ----D---- C:\Users\AJ\AppData\Roaming\FrostWire
2009-04-07 09:36:05 ----D---- C:\Program Files\Copernic Desktop Search - Home
2009-04-06 15:01:13 ----D---- C:\Users\AJ\AppData\Roaming\Adobe
2009-04-06 15:01:13 ----D---- C:\ProgramData\Adobe
2009-04-06 07:57:26 ----A---- C:\Windows\system32\mrt.exe
2009-03-31 19:20:50 ----A---- C:\Windows\zllsputility.exe
2009-03-31 19:20:42 ----A---- C:\Windows\system32\zpeng25.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcommdb.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcomm.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vsxml.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vswmi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsutil.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vspubapi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsmonapi.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsinit.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsdata.dll
2009-03-29 13:28:16 ----D---- C:\Users\AJ\AppData\Roaming\Google
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
2009-02-25 10:59:39 ----D---- C:\Program Files\Windows Media Player
2009-02-14 08:18:53 ----D---- C:\Windows\Microsoft.NET
2009-02-14 08:17:27 ----RSD---- C:\Windows\assembly
2009-02-14 07:12:04 ----D---- C:\Windows\ehome
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2002-03-20 14165]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-03-31 293528]
R3 ASAPIW2k;ASAPIW2K; C:\Windows\system32\drivers\ASAPIW2k.sys [2004-03-11 11264]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-23 1761376]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2004-06-22 78976]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 APLMp60;APLMp60 NDIS Protocol Driver; C:\Windows\system32\drivers\APLMp60.sys []
S3 auejysfo;auejysfo; C:\Windows\system32\drivers\auejysfo.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2009-03-31 150544]
S3 TTIUSB;Mako DT3500 SmartCard Reader; C:\Windows\system32\DRIVERS\2800.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BlueSoleilCS;BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-02-03 1155180]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
R3 BsHelpCS;BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-31 69632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-14 138680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; D:\Nero 7\Nero BackItUp\NBService.exe [2006-11-11 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
-----------------EOF-----------------
======================================================
Combofix.txtComboFix 09-04-21.07 - AJ 04/21/2009 12:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2045.1000 [GMT 8:00]
Running from: c:\t\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\users\AJ\AppData\Roaming\Malwarebytes
2009-04-20 23:26 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 23:26 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\programdata\Malwarebytes
2009-04-20 23:23 . 2009-04-20 23:23 1340797 ----a-w C:\MGtools.exe
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 01:08 . 2009-04-20 01:41 -------- dc-h--w c:\users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-20 01:08 . 2009-04-20 01:41 -------- dc-h--w c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-20 01:07 . 2009-04-20 01:45 -------- dc-h--w c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-20 01:07 . 2009-04-20 01:45 -------- dc-h--w c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-19 17:29 . 2009-04-19 17:29 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-04-19 14:33 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-19 14:33 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-19 14:33 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-19 14:33 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-19 14:33 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-19 14:33 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-19 14:33 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-19 14:33 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-19 14:33 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-19 14:33 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-19 14:32 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-19 14:32 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-19 14:32 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-19 14:32 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-19 14:32 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-19 14:32 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-19 14:32 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-08 12:41 . 2009-04-08 12:41 -------- d-----w c:\users\AJ\AppData\Local\Bump Technologies, Inc
2009-04-08 12:41 . 2009-04-08 12:41 -------- d-----w c:\users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 01:17 . 2009-04-07 01:21 -------- d-----w c:\users\AJ\AppData\Roaming\Copernic
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\users\All Users\NCH Swift Sound
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\programdata\NCH Swift Sound
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 05:27 . 2009-03-29 05:27 -------- d-----w c:\users\All Users\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 04:39 . 2008-02-16 15:30 351221 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-04-21 04:36 . 2008-02-16 15:37 159446816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 23:37 . 2009-04-20 23:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 23:19 . 2008-02-16 16:24 2538 ----a-w C:\rollback.ini
2009-04-20 23:14 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-20 23:14 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-20 23:11 . 2008-02-16 15:37 2065964 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 15:37 . 2007-07-22 23:28 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 03:45 . 2009-04-20 03:47 8192 ----a-w c:\windows\Internet Logs\xDB45A7.tmp
2009-04-20 03:45 . 2009-04-20 03:47 3296768 ----a-w c:\windows\Internet Logs\xDB46D5.tmp
2009-04-20 03:42 . 2009-04-20 03:45 3296256 ----a-w c:\windows\Internet Logs\xDB9919.tmp
2009-04-20 03:42 . 2009-04-20 03:45 3052032 ----a-w c:\windows\Internet Logs\xDB8DED.tmp
2009-04-20 01:41 . 2008-04-04 16:24 -------- d-----w c:\users\AJ\AppData\Roaming\Uniblue
2009-04-20 00:39 . 2009-04-20 00:42 3269632 ----a-w c:\windows\Internet Logs\xDB1421.tmp
2009-04-20 00:39 . 2009-04-20 00:42 2652160 ----a-w c:\windows\Internet Logs\xDB251.tmp
2009-04-20 00:17 . 2007-06-19 15:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 17:55 . 2008-02-28 02:15 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-19 17:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-19 17:29 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-04-19 15:07 . 2007-06-19 06:45 1356 ----a-w c:\users\AJ\AppData\Local\d3d9caps.dat
2009-04-18 13:15 . 2009-04-18 13:05 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-04-18 13:03 . 2009-04-18 13:03 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-04-12 16:26 . 2009-03-17 14:45 -------- d-----w c:\users\AJ\AppData\Roaming\MailFrontier
2009-04-12 14:54 . 2007-06-19 06:46 117136 ----a-w c:\users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 15:40 . 2007-06-22 16:49 -------- d-----w c:\users\AJ\AppData\Roaming\FrostWire
2009-04-07 01:36 . 2008-10-12 03:43 -------- d-----w c:\program files\Copernic Desktop Search - Home
2009-03-31 11:22 . 2008-02-16 15:30 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-03-31 11:20 . 2008-02-16 15:31 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 11:20 . 2008-12-03 23:39 1221512 ----a-w c:\windows\System32\zpeng25.dll
2009-03-30 06:28 . 2009-03-30 06:28 -------- d-----w c:\program files\SonicWallES
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\program files\NCH Software
2009-03-25 13:35 . 2007-06-22 16:44 -------- d-----w c:\program files\Java
2009-03-19 15:03 . 2008-04-09 01:49 21777776 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-19 02:42 . 2009-03-19 02:42 1052 ----a-w C:\Sabine flash sample.html
2009-03-19 02:42 . 2009-03-19 02:42 14338250 ----a-w C:\Sabine flash sample.swf
2009-03-17 14:43 . 2009-03-17 14:43 -------- d-----w c:\programdata\Kaspersky SDK
2009-03-17 03:38 . 2009-04-19 14:32 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-16 13:27 . 2009-03-16 13:27 160065 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_16_21_27_05_small.dmp.zip
2009-03-15 23:58 . 2009-03-15 23:58 147735 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_16_01_00_15_small.dmp.zip
2009-03-08 21:19 . 2009-02-04 00:21 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-04-12 15:03 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-12 15:03 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-12 15:03 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-12 15:03 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-12 15:03 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-12 15:03 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-12 15:03 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-12 15:03 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-12 15:03 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-12 15:03 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-12 15:03 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-12 15:03 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-12 15:03 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-12 15:03 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-12 15:03 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-12 15:03 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-12 15:03 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-12 15:03 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-02 03:41 . 2009-03-02 03:41 -------- d-----w c:\program files\Common Files\iZotope
2009-02-17 07:27 . 2009-02-17 07:27 143133 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_17_15_27_37_small.dmp.zip
2009-02-17 00:22 . 2007-09-17 01:39 185200 ---ha-w c:\windows\System32\mlfcache.dat
2009-02-09 03:10 . 2009-03-14 02:42 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-05 13:54 . 2009-02-05 13:54 147554 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_05_21_06_22_small.dmp.zip
2008-03-19 14:05 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-09-13 17:35 . 2008-02-03 12:53 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-13 17:35 . 2008-02-03 12:53 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-13 17:35 . 2008-02-03 12:53 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w c:\windows\System32\AVSredirect.dll
2008-03-17 01:55 . 2008-02-16 15:37 16515104 --sha-w c:\windows\System32\drivers\fidbox(104).dat
2008-03-31 07:44 . 2008-02-16 15:37 20238880 --sha-w c:\windows\System32\drivers\fidbox(162).dat
2008-01-09 11:29 . 2007-10-03 11:48 33417248 --sha-w c:\windows\System32\drivers\fidbox(43).dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2008-12-11 1588224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="d:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-02-03 258134]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-31 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9640D0FA-0C01-461C-98BF-1A34775E4CAB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0ABEC93B-58CD-4D75-8F6C-F067ADB8F42E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E6A5B8CA-CEE9-433D-844D-79074CF13211}"= UDP:17516:BitComet 17516 TCP
"{FE9A00A6-1935-45F9-B9A1-05C2F6DCFA79}"= TCP:17516:BitComet 17516 UDP
"TCP Query User{40134235-C546-4AAF-B851-DDF3044A788F}d:\\program files\\bitcomet\\bitcomet.exe"= UDP:d:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{71FEB94F-C7AF-4AFF-B1C4-F184CE3D23C8}d:\\program files\\bitcomet\\bitcomet.exe"= TCP:d:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{326237F0-5324-4E36-A5BC-111F25FF0F7F}"= UDP:7947:BitComet 7947 TCP
"{9F080FC0-B448-4CF8-B718-F48546D4CB5F}"= TCP:7947:BitComet 7947 UDP
"{F8555FFE-862C-40DA-9C3C-565D33726D73}"= TCP:50000:Bitcomet
"{D8EA42A7-32E6-4F2E-AC11-C2F00518A452}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{B0C2087B-C02F-4D0B-B313-ED86542332F3}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{E1830443-338C-4248-9FA6-8C1DD33E4FAC}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{CA364BC8-1DE1-4AED-9C98-B2489BC21EC5}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"TCP Query User{16D36C18-0D3D-4C82-BC69-12FC6E0E1C70}d:\\program files\\thq\\company of heroes\\archive.exe"= Disabled:UDP:d:\program files\thq\company of heroes\archive.exe:Archive
"UDP Query User{558C4CC1-0037-4E43-B04A-F34A3C04B66B}d:\\program files\\thq\\company of heroes\\archive.exe"= Disabled:TCP:d:\program files\thq\company of heroes\archive.exe:Archive
"{BE627DCC-C039-4B8D-92F2-E928A5136308}"= UDP:e:\limewire\Programs\utorrent.exe:µTorrent
"{650EA54E-4C07-4414-A45F-E4DB609D85CB}"= TCP:e:\limewire\Programs\utorrent.exe:µTorrent
"{8E25D0B2-6CB7-4A4A-929A-4A2103B1D8C4}"= UDP:50000:BitComet 50000 TCP
"{A14CCE12-B986-4C7E-A0D1-ECEF5DFCC0AE}"= UDP:54000:utorrent TCP
"{C4162E86-015C-419E-ACCD-7894A334E5F5}"= TCP:54000:utorrent UDP
"{C1AEBEBB-8DF0-411B-9879-C7869C1497B6}"= UDP:3411:utorrent announce TCP
"{787D699D-1131-4AB0-A815-5AD231226AE0}"= TCP:3411:utorrent announce UDP
"TCP Query User{5C9CF629-BEE9-4F9B-8A7E-58428CC0BC0A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E29625E4-E361-409E-AAD7-E326F30F5139}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{9052CAA8-A374-44F1-9491-94DBB00C21FD}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{BECA662A-58ED-4576-8030-A4F3928025F5}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{5AF8CF2D-C38C-4484-8096-B1CF33EB0890}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E6CDA4E1-7465-4F9C-B6C1-8B9A12F3CEC5}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{16A67228-F020-4DD3-884C-5A39418C0A08}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{E0CEA693-3AD8-42D1-BF9E-C4494C93C53D}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{089C9DDC-4AAD-485C-821D-97CC6C33486A}"= UDP:d:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{BCEE6952-43C2-4D7C-8FFD-4C0C97986816}"= TCP:d:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{19623D13-E3FB-43B8-A40A-60AF29D6FAB2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{08C7C422-ABE4-421B-9E36-69360922E9BE}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5567193A-8B60-4D63-8F48-80459965AB83}"= UDP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{3B4B3B69-8D5E-4651-8E14-37F874795DC7}"= TCP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{D4CAFF78-C9FE-4DDD-B375-F02199C11EEE}"= UDP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5312DC4F-C8C7-4E54-B009-B749EB5D5785}"= TCP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{50B0E552-8804-445D-9A67-BABD89F06263}"= UDP:d:\program files\FrostWire\FrostWire.exe:FrostWire 4.13.1.7 BETA
"{10494D54-A319-475C-822B-387CC5D9F893}"= TCP:d:\program files\FrostWire\FrostWire.exe:FrostWire 4.13.1.7 BETA
"{15D8917E-A31F-48A8-98C5-3916A7B38C74}"= UDP:d:\program files\BitComet\BitComet.exe:BitComet
"{FBDFCA79-7FBF-4436-8CDA-5485098CD724}"= TCP:d:\program files\BitComet\BitComet.exe:BitComet
"{B662E17B-5EF8-4BE5-8D43-F484F07AC20E}"= UDP:d:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{86F08843-3E86-431B-AF6A-8C81EC1A46F2}"= TCP:d:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{85CCA87B-FB48-44FA-B3D6-43CE8C19111D}"= UDP:d:\program files\Red Kawa\Video Converter\RKVideoConverter.exe:RKVideoConverter
"{34B0B01B-534D-48D3-8887-B130564C1B31}"= TCP:d:\program files\Red Kawa\Video Converter\RKVideoConverter.exe:RKVideoConverter
"{4130A2BE-2EC4-4DDC-ACD3-87240BF9531D}"= Disabled:UDP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{CCDD6DD2-50E3-435F-9312-F5E2C584863E}"= Disabled:TCP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{FF15E1E7-FFD5-4B41-834F-74B453CF735A}"= UDP:d:\program files\FrostWire\FrostWire.exe:LimeWire
"{BF63D725-B5CB-4ECE-947A-571AC3887ACD}"= TCP:d:\program files\FrostWire\FrostWire.exe:LimeWire
"{30B9EC7F-C165-4112-BE30-902F10D4D18D}"= TCP:6004|d:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AD94A6DC-2CCC-4A2B-9E21-5C6DBDFB0083}"= UDP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7E8B3818-50CA-4572-B17C-A2864206ACBC}"= TCP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B448A258-A6E7-4BBF-B44D-3303B8D3C88C}"= UDP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52DD2B24-0E15-464D-BD0D-CA897E9FB1A3}"= TCP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F05C4CBD-5048-4520-91E7-C057A1DF814F}"= Disabled:UDP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{8424A0C8-BCF2-4DB3-97DC-33091042963A}"= Disabled:TCP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{5723ED4E-6F6F-4656-BB73-A06EE3597F5B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B36E0907-C8B3-4CD4-B5A5-5EB3E66D9FED}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8062F432-45B8-4F0B-AEFC-8854BD70CC2B}"= UDP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{B0996092-5D78-4234-B5C3-C806333EFC46}"= TCP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{53B4E093-645B-4074-A67F-E61477F993B3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56538FA4-9D70-4171-96AC-940163A6459E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09FB4633-BC88-4C2D-B6A4-8578070EEB55}"= UDP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service
"{DBA96475-6C07-48B1-B90C-49077B1DA808}"= TCP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
R2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
R3 APLMp60;APLMp60 NDIS Protocol Driver; [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 TTIUSB;Mako DT3500 SmartCard Reader; [x]
R4 Sibd_s;Sibd_s; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ca051c2-1221-11de-9446-806e6f6e6963}]
\shell\AutoRun\command - G:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
\shell\AutoRun\command - Q:\InstallSeagateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
- c:\users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:18]
2009-03-30 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- d:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-19 01:14]
2009-04-19 c:\windows\Tasks\Uniblue SpyEraser.job
- d:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-19 01:14]
2009-04-20 c:\windows\Tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job
- c:\windows\system32\msfeedssync.exe [2009-04-12 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\ovdobw4c.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\program files\Copernic Desktop Search - Home\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\AJ\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-21 12:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{0b829ece-d929-4794-a07d-c28f26bf0721}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{0fb7fd7c-a749-4b38-a9b4-f746aabda0b7}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{17c05c8d-c233-402c-9c3c-ec1c28d8a13f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{55fe3bb5-e7aa-4887-ba90-c8ffbb61ffe6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{5c5db8ed-f396-47bb-ac62-ca50b25a8e5f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{933c838a-9330-45af-b15f-a47a19eb9423}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{975b6761-fa59-4ad3-9013-81d5ac85ef36}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{9776eb35-b93e-4ed2-9eb9-1a46c7d14e1e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00030d
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ac038f1b-9d62-41ef-8049-cc1cc4ddeea9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1400030d
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{b244f70e-7153-4f04-ada6-e56b990e6851}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001bfc
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ddc05053-8bba-4c31-a814-3a289f327302}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000a94
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{f6ccf408-2bbc-4dd7-a621-3ebf33b11d0c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(172)
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\program files\Copernic Desktop Search - Home\DeskbandIntegration301000049.dll
c:\program files\Copernic Desktop Search - Home\SearchPlatform-s.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Copernic Desktop Search - Home\DesktopSearchSystem301000049.dll
d:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\ASUS\AASP\1.00.32\aaCenter.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\rundll32.exe
d:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2009-04-21 12:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 04:49
ComboFix2.txt 2008-03-13 16:57
Pre-Run: 32,728,760,320 bytes free
Post-Run: 32,237,441,024 bytes free
410 --- E O F --- 2009-04-19 17:29