View Single Post

M0LD0V4N · 06-27-2008, 03:48 AM

ComboFix 08-06-20.4 - Arkadiy 2008-06-26 18:40:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.283 [GMT -7:00]
Running from: C:\Users\Arkadiy\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 17:27 . 2008-06-26 17:27 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Thinking Minds Budiling Bytes
2008-06-26 17:26 . 2008-06-26 17:26 <DIR> d-------- C:\Program Files\CubeDesktop
2008-06-26 15:58 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-06-26 15:11 . 2008-06-26 15:11 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Users\All Users\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\ProgramData\ESET
2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Program Files\ESET
2008-06-25 16:34 . 2008-06-25 16:34 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Gamelab
2008-06-24 23:12 . 2008-06-24 23:16 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Vso
2008-06-24 23:12 . 2008-06-24 23:12 <DIR> d-------- C:\Program Files\VSO
2008-06-23 00:48 . 2008-06-23 00:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-23 00:48 . 2006-10-07 17:43 502,784 --a------ C:\Windows\x2.64.exe
2008-06-23 00:48 . 2008-02-07 16:15 408,576 --a------ C:\Windows\System32\Smab.dll
2008-06-23 00:48 . 2005-02-28 13:16 240,128 --a------ C:\Windows\System32\x.264.exe
2008-06-23 00:48 . 2006-04-12 09:47 217,073 --a------ C:\Windows\meta4.exe
2008-06-23 00:48 . 2004-01-25 00:00 70,656 --a------ C:\Windows\System32\i420vfw.dll
2008-06-23 00:48 . 2006-04-05 08:09 66,560 --a------ C:\Windows\MOTA113.exe
2008-06-23 00:48 . 2005-07-14 12:31 27,648 --a------ C:\Windows\System32\AVSredirect.dll
2008-06-23 00:46 . 2008-06-23 00:46 <DIR> d-------- C:\Program Files\eRightSoft
2008-06-21 12:23 . 2008-03-21 13:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-06-21 12:23 . 2008-03-31 14:25 682,496 --a------ C:\Windows\System32\divx.dll
2008-06-21 12:23 . 2008-03-21 13:28 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-06-21 08:09 . 2008-04-24 17:33 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-21 08:09 . 2008-04-22 21:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-21 08:09 . 2008-04-22 21:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-21 08:09 . 2008-04-22 21:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-21 08:09 . 2008-04-22 21:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-21 08:09 . 2008-04-22 21:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-21 08:09 . 2008-04-22 21:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-21 08:09 . 2008-04-22 21:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-21 08:09 . 2008-04-24 21:23 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-06-21 08:09 . 2008-04-24 21:22 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-06-21 08:08 . 2008-04-26 01:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-21 08:08 . 2008-05-09 18:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-21 08:08 . 2008-05-09 20:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-20 18:34 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.original
2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\DivX
2008-06-20 17:39 . 2008-06-20 17:42 <DIR> d-------- C:\divx
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Program Files\QT Lite
2008-06-20 17:37 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-06-20 17:37 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-06-20 17:32 . 2008-06-21 12:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-20 17:20 . 2008-06-20 17:20 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-20 16:39 . 2008-06-20 16:50 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-06-20 16:39 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll
2008-06-20 16:39 . 2003-03-19 11:03 544,768 --a------ C:\Windows\System32\msvcr71d.dll
2008-06-20 16:39 . 2007-05-17 17:30 318,976 --a------ C:\Windows\System32\avisynth.dll
2008-06-19 18:33 . 2008-06-19 18:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-19 18:07 . 2008-06-19 18:07 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Avant Profiles
2008-06-18 15:12 . 2008-06-18 15:11 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-06-18 15:12 . 2008-06-18 15:12 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-06-18 15:11 . 2008-06-18 15:11 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-06-18 14:19 . 2008-06-18 17:52 <DIR> d-------- C:\Program Files\WarRock
2008-06-16 15:06 . 2008-06-16 15:06 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-16 11:25 . 2008-06-16 11:25 57,344 --a------ C:\Users\Arkadiy\iSNIML.dll
2008-06-15 22:12 . 2008-06-16 00:00 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\MiniDm
2008-06-12 10:34 . 2008-06-12 10:34 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-06-10 16:31 . 2008-06-12 10:36 <DIR> d-------- C:\upload
2008-06-05 17:37 . 2008-06-05 17:37 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-01 21:56 . 2008-06-01 21:56 <DIR> d-------- C:\Program Files\PowerISO
2008-05-30 18:51 . 2008-05-30 18:51 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-30 16:22 . 2008-05-30 16:22 593,920 --a------ C:\Windows\System32\dpuGUI11.dll
2008-05-30 16:22 . 2008-05-30 16:22 344,064 --a------ C:\Windows\System32\dpus11.dll
2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu11.dll
2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu10.dll
2008-05-30 16:22 . 2008-05-30 16:22 57,344 --a------ C:\Windows\System32\dpv11.dll
2008-05-30 16:22 . 2008-05-30 16:22 53,248 --a------ C:\Windows\System32\dpuGUI10.dll
2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\Users\All Users\Google Updater
2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\ProgramData\Google Updater
2008-05-29 23:43 . 2008-05-29 23:43 <DIR> d-------- C:\Program Files\IEPro
2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-29 17:46 . 2008-05-29 17:46 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-29 17:46 . 2008-05-29 17:46 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-29 17:45 . 2008-05-29 17:45 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-29 17:45 . 2008-05-29 17:45 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-29 17:43 . 2008-05-29 17:43 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-29 17:43 . 2008-05-29 17:43 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-29 17:43 . 2008-05-29 17:43 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-29 17:43 . 2008-05-29 17:43 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-29 17:43 . 2008-05-29 17:43 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-29 17:43 . 2008-05-29 17:43 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-29 17:43 . 2008-05-29 17:43 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-05-29 17:42 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-29 17:42 . 2008-05-29 17:42 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-29 17:42 . 2008-05-29 17:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-29 17:42 . 2008-05-29 17:42 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-29 17:42 . 2008-05-29 17:42 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-29 17:36 . 2008-05-29 17:36 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-29 17:35 . 2008-05-29 17:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-29 17:34 . 2008-05-29 17:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 17:34 . 2008-05-29 17:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-29 17:34 . 2008-05-29 17:34 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-29 17:34 . 2008-05-29 17:34 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-29 16:47 . 2008-05-29 16:47 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\TuneUp Software
2008-05-29 16:47 . 2008-05-29 16:47 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-29 16:47 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-29 16:47 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-29 16:45 . 2008-05-29 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 15:18 . 2008-05-29 15:18 <DIR> d-------- C:\Program Files\uTorrent
2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\support.com
2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-29 15:00 . 2008-05-29 15:00 966 --a------ C:\net_save.dna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-27 01:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\uTorrent
2008-06-26 00:40 --------- d---a-w C:\ProgramData\TEMP
2008-06-23 06:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 19:22 --------- d-----w C:\Program Files\DivX
2008-06-21 16:04 --------- d-----w C:\Program Files\Windows Mail
2008-06-20 23:27 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MxBoost
2008-06-20 21:29 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Move Networks
2008-06-20 01:13 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Maxthon2
2008-06-19 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 16:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-31 01:51 --------- d-----w C:\Program Files\Common Files\Real
2008-05-31 01:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-30 06:46 --------- d-----w C:\Program Files\Google
2008-05-30 01:21 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-30 01:01 --------- d-----w C:\Program Files\Cheat Engine
2008-05-30 00:36 --------- d-----w C:\Program Files\CONEXANT
2008-05-30 00:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 00:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 00:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 00:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 00:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-23 02:19 --------- d-----w C:\Program Files\JetAudio
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-04-28 06:52 2,121,235 ----a-w C:\Windows\System32\x264vfw.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 19:52 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-08-30 16:52 174 --sha-w C:\Program Files\desktop.ini
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

------- Sigcheck -------

2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\System32\drivers\tcpip.sys
2006-11-02 01:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e 0926e99e4\tcpip.sys
2008-01-08 15:14 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577c e925d75a7\tcpip.sys
2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b96 4923d030a\tcpip.sys
2008-01-08 15:14 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb755 5ab898001\tcpip.sys
2008-05-29 17:42 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f 9ab7777f4\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-29 15:18 219952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"CubeDesktop"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 20:11 4317184 C:\Windows\RtHDVCpl.exe]
"CHotkey"="zHotkey.exe" [2006-11-07 14:08 547840 C:\Windows\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2005-01-27 09:13 36864 C:\Windows\ShowWnd.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 14:34 53248 C:\Windows\ModPS2Key.exe]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 16:04 2348584]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-17 14:58 40072]

C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-12-04 16:22:45 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Users^Arkadiy^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Arkadiy\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-19 20:05 240640 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1197928652\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{FC655EF9-4CCC-458A-BDD1-535C284CDDAE}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{C1BCA28F-EBBC-4CE9-97DE-056D0F727C00}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"{94E30B97-BC0F-4D51-89F8-CACF23C5E6D1}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{6D71804A-AE92-41EE-A6F5-00C58E291526}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{399408DA-AC4C-4565-AD7E-52FD0B9C31AA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{2386DB38-2145-467F-966C-7F7111B46C23}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{CEF4EFDC-83AD-4763-90B6-C151CCCD3203}"= UDP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{748F8195-2700-49E5-AE85-437FE57E5FC7}"= TCP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL
"{E37E745A-CCEF-4E57-8C7F-0B7DBBBB8244}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{07B771ED-B073-405E-B5E1-79C69B584C9E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E2976706-C364-4E8B-BA19-80F92F3CBF34}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0E9C9B0F-5067-4E0D-A0A9-BAC8B6E6F27B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E1D28528-05C5-4827-B39F-17B97FE3D3D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E8B523A1-85E9-4FAD-A06D-94EB45E6F134}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{40815D6D-31CF-4DD2-9834-01AE02C80E13}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{1DD69F80-62C7-43A3-AE32-B677483D48ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A5ACE63E-C487-4B6D-A810-5DB91322A4CD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{C6417CB4-09ED-4831-AB63-C1ACA3D5EAE9}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe
"UDP Query User{8D0CF02C-1B53-4306-A276-5B17C2B78988}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-05-29 16:47]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]
S4 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e40ceabd-0371-11dd-aeeb-8aef0fdee4ce}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 01:00:02 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-26 21:46:49 C:\Windows\Tasks\User_Feed_Synchronization-{2E7D8B6D-B6CC-4B52-9712-AD7CB5A48BC9}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 18:44:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-26 18:44:53
ComboFix-quarantined-files.txt 2008-06-27 01:44:49

Pre-Run: 153,960,456,192 bytes free
Post-Run: 154,597,543,936 bytes free

286 --- E O F --- 2008-06-21 15:15:55

06-27-2008, 03:48 AM	#7 (permalink)
M0LD0V4N Gold Member Join Date: Oct 2007 Location: Like I'd tell you =\ Posts: 289	ComboFix 08-06-20.4 - Arkadiy 2008-06-26 18:40:09.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.283 [GMT -7:00] Running from: C:\Users\Arkadiy\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf C:\Windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-26 17:27 . 2008-06-26 17:27 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Thinking Minds Budiling Bytes 2008-06-26 17:26 . 2008-06-26 17:26 <DIR> d-------- C:\Program Files\CubeDesktop 2008-06-26 15:58 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg 2008-06-26 15:11 . 2008-06-26 15:11 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\ESET 2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Users\All Users\ESET 2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\ProgramData\ESET 2008-06-26 15:10 . 2008-06-26 15:10 <DIR> d-------- C:\Program Files\ESET 2008-06-25 16:34 . 2008-06-25 16:34 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Gamelab 2008-06-24 23:12 . 2008-06-24 23:16 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Vso 2008-06-24 23:12 . 2008-06-24 23:12 <DIR> d-------- C:\Program Files\VSO 2008-06-23 00:48 . 2008-06-23 00:48 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-06-23 00:48 . 2006-10-07 17:43 502,784 --a------ C:\Windows\x2.64.exe 2008-06-23 00:48 . 2008-02-07 16:15 408,576 --a------ C:\Windows\System32\Smab.dll 2008-06-23 00:48 . 2005-02-28 13:16 240,128 --a------ C:\Windows\System32\x.264.exe 2008-06-23 00:48 . 2006-04-12 09:47 217,073 --a------ C:\Windows\meta4.exe 2008-06-23 00:48 . 2004-01-25 00:00 70,656 --a------ C:\Windows\System32\i420vfw.dll 2008-06-23 00:48 . 2006-04-05 08:09 66,560 --a------ C:\Windows\MOTA113.exe 2008-06-23 00:48 . 2005-07-14 12:31 27,648 --a------ C:\Windows\System32\AVSredirect.dll 2008-06-23 00:46 . 2008-06-23 00:46 <DIR> d-------- C:\Program Files\eRightSoft 2008-06-21 12:23 . 2008-03-21 13:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll 2008-06-21 12:23 . 2008-03-31 14:25 682,496 --a------ C:\Windows\System32\divx.dll 2008-06-21 12:23 . 2008-03-21 13:28 81,920 --a------ C:\Windows\System32\dpl100.dll 2008-06-21 08:09 . 2008-04-24 17:33 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-21 08:09 . 2008-04-22 21:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-06-21 08:09 . 2008-04-22 21:27 428,032 --a------ C:\Windows\System32\EncDec.dll 2008-06-21 08:09 . 2008-04-22 21:27 292,352 --a------ C:\Windows\System32\psisdecd.dll 2008-06-21 08:09 . 2008-04-22 21:26 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-21 08:09 . 2008-04-22 21:26 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-21 08:09 . 2008-04-22 21:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-21 08:09 . 2008-04-22 21:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-21 08:09 . 2008-04-24 21:23 56,320 --a------ C:\Windows\System32\iesetup.dll 2008-06-21 08:09 . 2008-04-24 21:22 26,624 --a------ C:\Windows\System32\ieUnatt.exe 2008-06-21 08:08 . 2008-04-26 01:02 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-06-21 08:08 . 2008-05-09 18:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-21 08:08 . 2008-05-09 20:30 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-06-20 18:34 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.original 2008-06-20 17:40 . 2008-06-20 17:40 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\DivX 2008-06-20 17:39 . 2008-06-20 17:42 <DIR> d-------- C:\divx 2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\ProgramData\Apple Computer 2008-06-20 17:37 . 2008-06-20 17:37 <DIR> d-------- C:\Program Files\QT Lite 2008-06-20 17:37 . 2008-05-27 10:50 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-06-20 17:37 . 2008-05-27 10:50 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-06-20 17:32 . 2008-06-21 12:23 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-06-20 17:20 . 2008-06-20 17:20 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-06-20 16:39 . 2008-06-20 16:50 <DIR> d-------- C:\Program Files\Magic Video Converter 2008-06-20 16:39 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll 2008-06-20 16:39 . 2003-03-19 11:03 544,768 --a------ C:\Windows\System32\msvcr71d.dll 2008-06-20 16:39 . 2007-05-17 17:30 318,976 --a------ C:\Windows\System32\avisynth.dll 2008-06-19 18:33 . 2008-06-19 18:33 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-06-19 18:07 . 2008-06-19 18:07 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\Avant Profiles 2008-06-18 15:12 . 2008-06-18 15:11 107,832 --a------ C:\Windows\System32\PnkBstrB.exe 2008-06-18 15:12 . 2008-06-18 15:12 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2008-06-18 15:11 . 2008-06-18 15:11 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-06-18 14:19 . 2008-06-18 17:52 <DIR> d-------- C:\Program Files\WarRock 2008-06-16 15:06 . 2008-06-16 15:06 <DIR> d-------- C:\Program Files\PeerGuardian2 2008-06-16 11:25 . 2008-06-16 11:25 57,344 --a------ C:\Users\Arkadiy\iSNIML.dll 2008-06-15 22:12 . 2008-06-16 00:00 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\MiniDm 2008-06-12 10:34 . 2008-06-12 10:34 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter 2008-06-10 16:31 . 2008-06-12 10:36 <DIR> d-------- C:\upload 2008-06-05 17:37 . 2008-06-05 17:37 <DIR> d-------- C:\Program Files\Electronic Arts 2008-06-01 21:56 . 2008-06-01 21:56 <DIR> d-------- C:\Program Files\PowerISO 2008-05-30 18:51 . 2008-05-30 18:51 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-05-30 16:22 . 2008-05-30 16:22 593,920 --a------ C:\Windows\System32\dpuGUI11.dll 2008-05-30 16:22 . 2008-05-30 16:22 344,064 --a------ C:\Windows\System32\dpus11.dll 2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu11.dll 2008-05-30 16:22 . 2008-05-30 16:22 294,912 --a------ C:\Windows\System32\dpu10.dll 2008-05-30 16:22 . 2008-05-30 16:22 57,344 --a------ C:\Windows\System32\dpv11.dll 2008-05-30 16:22 . 2008-05-30 16:22 53,248 --a------ C:\Windows\System32\dpuGUI10.dll 2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\Users\All Users\Google Updater 2008-05-29 23:46 . 2008-06-26 08:23 <DIR> d-------- C:\ProgramData\Google Updater 2008-05-29 23:43 . 2008-05-29 23:43 <DIR> d-------- C:\Program Files\IEPro 2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-05-29 18:06 . 2008-05-29 18:06 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-29 17:46 . 2008-05-29 17:46 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-05-29 17:46 . 2008-05-29 17:46 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-05-29 17:45 . 2008-05-29 17:45 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-05-29 17:45 . 2008-05-29 17:45 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-05-29 17:43 . 2008-05-29 17:43 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-05-29 17:43 . 2008-05-29 17:43 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-05-29 17:43 . 2008-05-29 17:43 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-05-29 17:43 . 2008-05-29 17:43 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-05-29 17:43 . 2008-05-29 17:43 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-05-29 17:43 . 2008-05-29 17:43 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-05-29 17:43 . 2008-05-29 17:43 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-05-29 17:42 . 2007-04-09 09:27 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-05-29 17:42 . 2008-05-29 17:42 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-05-29 17:42 . 2008-05-29 17:42 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-05-29 17:42 . 2008-05-29 17:42 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-05-29 17:42 . 2008-05-29 17:42 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-05-29 17:36 . 2008-05-29 17:36 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-05-29 17:35 . 2008-05-29 17:35 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-05-29 17:34 . 2008-05-29 17:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-29 17:34 . 2008-05-29 17:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-05-29 17:34 . 2008-05-29 17:34 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-05-29 17:34 . 2008-05-29 17:34 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-05-29 16:47 . 2008-05-29 16:47 <DIR> d-------- C:\Users\Arkadiy\AppData\Roaming\TuneUp Software 2008-05-29 16:47 . 2008-05-29 16:47 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-05-29 16:47 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-05-29 16:47 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Users\All Users\TuneUp Software 2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-05-29 16:46 . 2008-05-29 16:46 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-05-29 16:45 . 2008-05-29 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 15:18 . 2008-05-29 15:18 <DIR> d-------- C:\Program Files\uTorrent 2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\support.com 2008-05-29 15:00 . 2008-05-29 15:00 <DIR> d-------- C:\Program Files\Common Files\SupportSoft 2008-05-29 15:00 . 2008-05-29 15:00 966 --a------ C:\net_save.dna . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-27 01:40 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\uTorrent 2008-06-26 00:40 --------- d---a-w C:\ProgramData\TEMP 2008-06-23 06:26 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-21 19:22 --------- d-----w C:\Program Files\DivX 2008-06-21 16:04 --------- d-----w C:\Program Files\Windows Mail 2008-06-20 23:27 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\MxBoost 2008-06-20 21:29 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Move Networks 2008-06-20 01:13 --------- d-----w C:\Users\Arkadiy\AppData\Roaming\Maxthon2 2008-06-19 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 16:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-31 01:51 --------- d-----w C:\Program Files\Common Files\Real 2008-05-31 01:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-05-30 06:46 --------- d-----w C:\Program Files\Google 2008-05-30 01:21 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-05-30 01:01 --------- d-----w C:\Program Files\Cheat Engine 2008-05-30 00:36 --------- d-----w C:\Program Files\CONEXANT 2008-05-30 00:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-30 00:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-05-30 00:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-05-30 00:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-05-30 00:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-05-23 02:19 --------- d-----w C:\Program Files\JetAudio 2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-04-28 06:52 2,121,235 ----a-w C:\Windows\System32\x264vfw.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-19 19:52 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2007-08-30 16:52 174 --sha-w C:\Program Files\desktop.ini 2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll . ------- Sigcheck ------- 2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\System32\drivers\tcpip.sys 2006-11-02 01:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e 0926e99e4\tcpip.sys 2008-01-08 15:14 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577c e925d75a7\tcpip.sys 2007-04-09 09:27 802816 8828315f2976c705d5a668de1aa58555 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b96 4923d030a\tcpip.sys 2008-01-08 15:14 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb755 5ab898001\tcpip.sys 2008-05-29 17:42 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f 9ab7777f4\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-29 15:18 219952] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440] "CubeDesktop"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 20:11 4317184 C:\Windows\RtHDVCpl.exe] "CHotkey"="zHotkey.exe" [2006-11-07 14:08 547840 C:\Windows\zHotkey.exe] "ShowWnd"="ShowWnd.exe" [2005-01-27 09:13 36864 C:\Windows\ShowWnd.exe] "ModPS2"="ModPS2Key.exe" [2006-11-07 14:34 53248 C:\Windows\ModPS2Key.exe] "BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 16:04 2348584] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-17 14:58 40072] C:\Users\Arkadiy\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2007-12-04 16:22:45 3656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKLM\~\startupfolder\C:^Users^Arkadiy^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Users\Arkadiy\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-05-19 20:05 240640 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1197928652\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] C:\Program Files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-02 05:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{FC655EF9-4CCC-458A-BDD1-535C284CDDAE}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{C1BCA28F-EBBC-4CE9-97DE-056D0F727C00}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{94E30B97-BC0F-4D51-89F8-CACF23C5E6D1}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{6D71804A-AE92-41EE-A6F5-00C58E291526}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer "{399408DA-AC4C-4565-AD7E-52FD0B9C31AA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{2386DB38-2145-467F-966C-7F7111B46C23}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service "{CEF4EFDC-83AD-4763-90B6-C151CCCD3203}"= UDP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL "{748F8195-2700-49E5-AE85-437FE57E5FC7}"= TCP:C:\Program Files\AOL 9.0\AOLSETUP.EXE:AOL "{E37E745A-CCEF-4E57-8C7F-0B7DBBBB8244}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{07B771ED-B073-405E-B5E1-79C69B584C9E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E2976706-C364-4E8B-BA19-80F92F3CBF34}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0E9C9B0F-5067-4E0D-A0A9-BAC8B6E6F27B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E1D28528-05C5-4827-B39F-17B97FE3D3D0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{E8B523A1-85E9-4FAD-A06D-94EB45E6F134}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{40815D6D-31CF-4DD2-9834-01AE02C80E13}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{1DD69F80-62C7-43A3-AE32-B677483D48ED}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{A5ACE63E-C487-4B6D-A810-5DB91322A4CD}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{C6417CB4-09ED-4831-AB63-C1ACA3D5EAE9}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= UDP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe "UDP Query User{8D0CF02C-1B53-4306-A276-5B17C2B78988}C:\\users\\arkadiy\\documents\\cs\\co unter-strike 1.6 + half-life\\hl.exe"= TCP:C:\users\arkadiy\documents\cs\counter-strike 1.6 + half-life\hl.exe:hl.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|S vc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe::Enabled:XChat IRC Client "C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe::Enabled:MiniDM R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 02:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 00:30] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-05-29 16:47] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51] S4 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e40ceabd-0371-11dd-aeeb-8aef0fdee4ce}] \shell\AutoRun\command - L:\LaunchU3.exe -a Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-27 01:00:02 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-06-26 21:46:49 C:\Windows\Tasks\User_Feed_Synchronization-{2E7D8B6D-B6CC-4B52-9712-AD7CB5A48BC9}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 18:44:02 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-06-26 18:44:53 ComboFix-quarantined-files.txt 2008-06-27 01:44:49 Pre-Run: 153,960,456,192 bytes free Post-Run: 154,597,543,936 bytes free 286 --- E O F --- 2008-06-21 15:15:55 __________________ .:.:M0LD0V4N:.:. .:-Just:Us3:LiNuX-:. :.:.:.:.:BOReD:.:.:.:..: Mac OS X, Is like Linux's Retarded little Brother.