Options
Nexplore! Help! Logs included.
I am having a issue with Nexplore and a couple other popups in Firefox. Any help would be appreciated. I have included logs from Combox Fix and Hijack.
ComboFix:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\documents and settings\pretsam\Application Data\inst.exe
c:\documents and settings\pretsam\My Documents\Regback.reg
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\bmgac
c:\program files\Spyware Cease\dxddd
c:\program files\Spyware Cease\fp.fpl
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\idamx
c:\program files\Spyware Cease\iflee
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\mtools.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\QAreaDLL.dll
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\sctdll.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\tmp5
c:\program files\Spyware Cease\udefend.dll
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\update\uplist.up
c:\program files\Spyware Cease\ussafe.dll
c:\program files\Spyware Cease\vf
c:\program files\Spyware Cease\vsn.lst
c:\program files\Spyware Cease\wcfile.lst
c:\program files\Spyware Cease\wl.swl
c:\program files\Spyware Cease\xxcum
c:\program files\Spyware Cease\zlib1.dll
c:\windows\mplayerplgn.dll
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\fupipivo.dll
c:\windows\system32\jinuwayi.dll
c:\windows\system32\SKYNETurubhxep.da_
c:\windows\system32\tezepugi.dll
c:\windows\Tasks\gyrvqlqp.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_RKHIT
\Legacy_SKYNETklvdypyd
\Service_RkHit
\Service_SKYNETklvdypyd
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 19:58 . 2010-01-26 19:58
d
w- c:\windows\Sun
2010-01-26 19:58 . 2010-01-26 19:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 19:58 . 2010-01-26 19:58
d
w- c:\program files\Java
2010-01-26 19:57 . 2010-01-26 19:57 152576 ----a-w- c:\documents and settings\pretsam\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-26 19:56 . 2010-01-26 19:56 79488 ----a-w- c:\documents and settings\pretsam\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-26 19:56 . 2010-01-26 19:56
d-s---w- c:\documents and settings\pretsam\UserData
2010-01-26 19:25 . 2010-01-26 20:54
d
w- c:\program files\trend micro
2010-01-26 19:25 . 2010-01-26 19:25
d
w- C:\rsit
2010-01-26 19:17 . 2010-01-26 19:17
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-26 05:44 . 2010-01-26 05:44 8677824 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\tmp\AZU9194.tmp\Vuze_4.3.0.6b_win32.exe
2010-01-26 04:47 . 2010-01-26 04:47
d
w- c:\temp\mirc
2010-01-25 23:57 . 2010-01-25 23:58
d
w- c:\temp\298.PS3.Themes.IPT
2010-01-25 22:58 . 2010-01-26 05:47
d
w- c:\temp\The Book of Eli TS X264 720P - IMAGiNE
2010-01-25 04:27 . 2010-01-25 04:27 4141117 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-01-25 04:27 . 2010-01-25 04:27 6516755 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-01-17 18:00 . 2010-01-18 01:33
d
w- c:\temp\Couples.Retreat.2009.720p.BluRay.x264.DTS-WiKi
2010-01-16 06:17 . 2010-01-17 17:59
d
w- c:\temp\Extract.2009.720p.BluRay.x264.DTS-WiKi
2010-01-09 06:12 . 2010-01-09 06:12
d
w- c:\documents and settings\pretsam\Local Settings\Application Data\Move Networks
2010-01-09 06:11 . 2010-01-09 06:11 1795704 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 20:54 . 2009-03-06 06:02
d
w- c:\documents and settings\pretsam\Application Data\.purple
2010-01-26 20:28 . 2009-03-06 06:05
d
w- c:\program files\Mozilla Thunderbird
2010-01-26 19:56 . 2009-05-30 02:59
d
w- c:\program files\FlashFXP
2010-01-26 19:48 . 2009-03-07 12:11
d
w- c:\program files\Bonjour
2010-01-26 19:13 . 2009-03-17 14:00
d
w- c:\documents and settings\pretsam\Application Data\Azureus
2010-01-26 04:57 . 2009-10-30 00:57
d
w- c:\program files\mIRC
2010-01-26 01:15 . 2009-03-06 07:01
d
w- c:\documents and settings\pretsam\Application Data\Vso
2010-01-25 03:47 . 2009-07-07 14:50
d
w- c:\documents and settings\pretsam\Application Data\vlc
2010-01-09 06:12 . 2009-06-17 18:02 144160 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\uninstall.exe
2010-01-09 06:12 . 2009-06-17 18:02
d
w- c:\documents and settings\pretsam\Application Data\Move Networks
2010-01-09 06:12 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-04 04:05 . 2009-03-06 06:12
d
w- c:\documents and settings\pretsam\Application Data\gtk-2.0
2009-12-07 01:22 . 2009-12-07 01:22 97216 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-21 06:15 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-11-21 06:15 . 2009-11-21 06:14 1794456 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\duzirasa.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\fowanodi.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\hefakola.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\yagepodo.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\yobuwiji.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98fd29ec-b7fc-4acc-96c1-d5788a949196}]
1601-01-01 00:03 52224 --sha-w- c:\windows\system32\duzirasa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-08-22 1862144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-26 149280]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360
w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 15:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112
r- c:\windows\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\mirc\\mirc.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\FTPRush\\FTPRush.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9303:UDP"= 9303:UDP:Network USB Utility UDP Port
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/6/2009 7:14 PM 717296]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2009 11:00 PM 38976]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 5:24 PM 41456]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 1:20 PM 73600]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 1:20 PM 97408]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\pretsam\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\pretsam\LOCALS~1\Temp\slicedisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pretsam\Application Data\Mozilla\Firefox\Profiles\9b8zviug.default\
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - plugin: c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071705000014.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
HKLM-Run-puhikuboh - c:\windows\system32\tezepugi.dll
HKLM-Run-pabugekori - jinuwayi.dll
SharedTaskScheduler-{ee5ba5c0-7ac3-435c-80c3-7ebbbd24691c} - c:\windows\system32\tezepugi.dll
SSODL-kobaruped-{ee5ba5c0-7ac3-435c-80c3-7ebbbd24691c} - c:\windows\system32\tezepugi.dll
MSConfigStartUp-puhikuboh - c:\windows\system32\tezepugi.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 16:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73cfcb8
\Driver\atapi -> atapi.sys @ 0xf7364b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7256bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7263a21
SendHandler -> NDIS.sys @ 0xf724187b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="6C7FCD270AAAC883AA3B90737F69363D78D560AB48F2C52171FC24C2932319127CD671734904641B968DDCC3FEDD23B8F8E9A394C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC79331E418C0094FD9F6520E135F0F3F2910517CF067BDD8A5F9B2065C75490911C81744F14CBB49BCFC56E4A1EF8FE2E0978BE370D23DEAEFA3F1BEC6882BAAB3643086B8FD6C0EE66672BD649BE43E0A74DB8C356EDA9BFE6B3E1D2A530EDA4561B611F84B1A6D26FBF917A74A7AFE283600D77F8BA4F32615A6EC70FCBF7AB068E0EE89C8397D65D1A5D2181AE75C098634B4AB0F720318FE9C0EE59DBECA9AF791A38A283853E8419CD2876E3083CC3D905A75A273318F5ECD9E1DB75A4B7A58A1D728880AA021F2FA9627DE522C8489E4EEDF9E0E07A83BE42AB924638251A442C7164DA82CBC9233993E3EDBF104CDBC1EF37D0C89D041403CC1D8F0874287EE281EC084C7D8691C7F71DC5236D5A147CF55CB5CDF82EF02CB7C02438DAC9E1626301118C283A6AA6BD3C4A5171619B21B9D662943C97AECFD6636EADC5E0EFCDCCA0148C94AE712C847DEE9260329B546ABBBF87C7BBFB048513E71650B1F8CB66F041D63D92BD2FE43EB9F3B4048FC02C4147D5B2F8DA63127DA2DD4FE3A489CC39DE3C53F4BC8B6801C5C898F1499393C109F0C495A08E4278C1BAC8056D3592E8C5D139CB2C248B6940A26D796DFDAFBB278E7CB676A54EFA7FA27704A3833A1063EE8672A0DB42C3EADEC8FD7536FAD35BA80AE85C51E020A5CF4936682CBFE2B7AF87A4821DF07D1D96F1C32D75EBCFEF7F559A21B99AA91644E0D3B26A8DBAD973BA038C5273A6C02E65F736F9E71BC292F5A06C9010F945BF94794EFC8694735F5494CFED1677D4C8D4A78384CAC4482ABA303886C81ABACBEF2759A87E11BE5CBB42AE649B496BCF2444DFDB627E084F2466515241B492B1B042C6B53E7690158C58E12DBA992971EAA66748729F9B4FE7C159B0689A7E03C8915C6E052B4C7A950AF4461B0A4A1EF6070B193323353E6F2746DCA2BFC0116042B52381BD6B40DA6CC7305E621D0BC7050F1F4DA995F1595CE29B493B33F2D0E542275A5FFADE15F70D6E138981B193220CAF61731503F58D4C3427C94184A86E44D2A6E31D13AD0ACD8AC10FF04EC0C5F02503E81F514B4A7470FCCBEA652B375202754507DB46E4E512E2A4F3636D397B5CB614B27D1305211EFC4346F74E7AD692469F817D30AE0513E421A8B569AB41B7F92562EEB916EA90D1597963BB5812E98F33E801756E2E252B7CC14DB830AC1DBB6E574FE2B8419E965A4292545794EE39663132CE133ADD89D68577953B7975DC66CA0D618C65A35935"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-26 16:20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 21:20
Pre-Run: 13,176,913,920 bytes free
Post-Run: 13,177,106,432 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 561F6186E321AEE1DC73D94A6ACBA8E4
Hijack:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pretsam\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\pretsam.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe -mini
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://H:\components\hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://H:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://H:\components\wmvhdrating.ocx
O20 - AppInit_DLLs: fupipivo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 4545 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-26 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - &NetWorx Desk Band - C:\PROGRA~1\NetWorx\deskband.dll [2009-08-21 498176]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"D-Link Network USB Utility"=C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe [2008-08-19 1885952]
"NetWorx"=C:\Program Files\NetWorx\networx.exe [2009-08-21 1862144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-26 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="fupipivo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-03 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
jinuwayi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\mirc\mirc.exe"="C:\mirc\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe"="C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe"="C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\FTPRush\FTPRush.exe"="C:\Program Files\FTPRush\FTPRush.exe:*:Enabled:FTPRush FTP Client"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe"="C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe:*:Enabled:Network USB Utility"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yobuwiji.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yagepodo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hefakola.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fowanodi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duzirasa.dll
2010-01-26 16:20:31 ----A---- C:\ComboFix.txt
2010-01-26 16:14:42 ----A---- C:\Boot.bak
2010-01-26 16:14:39 ----RASHD---- C:\cmdcons
2010-01-26 16:14:06 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 16:14:06 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 16:14:06 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\zip.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\sed.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\grep.exe
2010-01-26 16:12:37 ----D---- C:\WINDOWS\ERDNT
2010-01-26 16:10:59 ----D---- C:\Qoobox
2010-01-26 14:58:46 ----D---- C:\WINDOWS\Sun
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\java.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-26 14:58:07 ----D---- C:\Program Files\Java
2010-01-26 14:56:50 ----D---- C:\Documents and Settings\pretsam\Application Data\Sun
2010-01-26 14:25:07 ----D---- C:\Program Files\trend micro
2010-01-26 14:25:06 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2010-01-26 16:33:45 ----D---- C:\WINDOWS\Prefetch
2010-01-26 16:31:50 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 16:31:36 ----D---- C:\Documents and Settings\pretsam\Application Data\.purple
2010-01-26 16:23:46 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 16:22:55 ----RD---- C:\Program Files
2010-01-26 16:20:18 ----D---- C:\WINDOWS\Temp
2010-01-26 16:19:47 ----SD---- C:\WINDOWS\Tasks
2010-01-26 16:19:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 16:18:51 ----D---- C:\WINDOWS
2010-01-26 16:18:51 ----A---- C:\WINDOWS\system.ini
2010-01-26 16:17:13 ----D---- C:\WINDOWS\system32\config
2010-01-26 16:16:54 ----D---- C:\WINDOWS\system32
2010-01-26 16:16:09 ----D---- C:\WINDOWS\AppPatch
2010-01-26 16:16:09 ----D---- C:\Program Files\Common Files
2010-01-26 16:14:42 ----RASH---- C:\boot.ini
2010-01-26 16:14:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 16:07:59 ----A---- C:\WINDOWS\win.ini
2010-01-26 15:28:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-26 14:58:19 ----SHD---- C:\WINDOWS\Installer
2010-01-26 14:56:06 ----D---- C:\Program Files\FlashFXP
2010-01-26 14:48:17 ----D---- C:\Program Files\Bonjour
2010-01-26 14:16:39 ----D---- C:\Documents and Settings
2010-01-26 14:13:32 ----D---- C:\Documents and Settings\pretsam\Application Data\Azureus
2010-01-26 00:56:47 ----D---- C:\Temp
2010-01-26 00:42:21 ----D---- C:\mirc
2010-01-26 00:39:57 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-26 00:37:23 ----D---- C:\WINDOWS\pss
2010-01-26 00:08:13 ----A---- C:\WINDOWS\oodcnt.INI
2010-01-25 23:57:21 ----D---- C:\Program Files\mIRC
2010-01-25 20:15:11 ----D---- C:\Documents and Settings\pretsam\Application Data\Vso
2010-01-25 19:53:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-25 19:48:27 ----A---- C:\WINDOWS\winamp.ini
2010-01-24 22:47:29 ----D---- C:\Documents and Settings\pretsam\Application Data\vlc
2010-01-09 01:12:01 ----D---- C:\Documents and Settings\pretsam\Application Data\Move Networks
2010-01-03 23:05:50 ----D---- C:\Documents and Settings\pretsam\Application Data\gtk-2.0
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 PSSDK42;PSSDK42; \??\C:\WINDOWS\system32\Drivers\pssdk42.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP; C:\WINDOWS\System32\Drivers\DlinkUDSMBus.sys [2008-08-18 73600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 a4we5kq9;a4we5kq9; C:\WINDOWS\system32\drivers\a4we5kq9.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus; C:\WINDOWS\System32\Drivers\DlinkUDSTcpBus.sys [2008-08-18 97408]
S3 mbr;mbr; \??\C:\DOCUME~1\pretsam\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-06 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SliceDisk5;SliceDisk5; \??\C:\DOCUME~1\pretsam\LOCALS~1\Temp\slicedisk.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-03 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-26 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2003-10-31 214528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe []
EOF
ComboFix:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\documents and settings\pretsam\Application Data\inst.exe
c:\documents and settings\pretsam\My Documents\Regback.reg
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\bmgac
c:\program files\Spyware Cease\dxddd
c:\program files\Spyware Cease\fp.fpl
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\idamx
c:\program files\Spyware Cease\iflee
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\mtools.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\QAreaDLL.dll
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\sctdll.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\tmp5
c:\program files\Spyware Cease\udefend.dll
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\update\uplist.up
c:\program files\Spyware Cease\ussafe.dll
c:\program files\Spyware Cease\vf
c:\program files\Spyware Cease\vsn.lst
c:\program files\Spyware Cease\wcfile.lst
c:\program files\Spyware Cease\wl.swl
c:\program files\Spyware Cease\xxcum
c:\program files\Spyware Cease\zlib1.dll
c:\windows\mplayerplgn.dll
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\fupipivo.dll
c:\windows\system32\jinuwayi.dll
c:\windows\system32\SKYNETurubhxep.da_
c:\windows\system32\tezepugi.dll
c:\windows\Tasks\gyrvqlqp.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_RKHIT
\Legacy_SKYNETklvdypyd
\Service_RkHit
\Service_SKYNETklvdypyd
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.
2010-01-26 19:58 . 2010-01-26 19:58
d
w- c:\windows\Sun
2010-01-26 19:58 . 2010-01-26 19:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 19:58 . 2010-01-26 19:58
d
w- c:\program files\Java
2010-01-26 19:57 . 2010-01-26 19:57 152576 ----a-w- c:\documents and settings\pretsam\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-26 19:56 . 2010-01-26 19:56 79488 ----a-w- c:\documents and settings\pretsam\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-26 19:56 . 2010-01-26 19:56
d-s---w- c:\documents and settings\pretsam\UserData
2010-01-26 19:25 . 2010-01-26 20:54
d
w- c:\program files\trend micro
2010-01-26 19:25 . 2010-01-26 19:25
d
w- C:\rsit
2010-01-26 19:17 . 2010-01-26 19:17
d
w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-26 05:44 . 2010-01-26 05:44 8677824 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\tmp\AZU9194.tmp\Vuze_4.3.0.6b_win32.exe
2010-01-26 04:47 . 2010-01-26 04:47
d
w- c:\temp\mirc
2010-01-25 23:57 . 2010-01-25 23:58
d
w- c:\temp\298.PS3.Themes.IPT
2010-01-25 22:58 . 2010-01-26 05:47
d
w- c:\temp\The Book of Eli TS X264 720P - IMAGiNE
2010-01-25 04:27 . 2010-01-25 04:27 4141117 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-01-25 04:27 . 2010-01-25 04:27 6516755 ----a-w- c:\documents and settings\pretsam\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-01-17 18:00 . 2010-01-18 01:33
d
w- c:\temp\Couples.Retreat.2009.720p.BluRay.x264.DTS-WiKi
2010-01-16 06:17 . 2010-01-17 17:59
d
w- c:\temp\Extract.2009.720p.BluRay.x264.DTS-WiKi
2010-01-09 06:12 . 2010-01-09 06:12
d
w- c:\documents and settings\pretsam\Local Settings\Application Data\Move Networks
2010-01-09 06:11 . 2010-01-09 06:11 1795704 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\MoveMediaPlayerWin_071705000014.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 20:54 . 2009-03-06 06:02
d
w- c:\documents and settings\pretsam\Application Data\.purple
2010-01-26 20:28 . 2009-03-06 06:05
d
w- c:\program files\Mozilla Thunderbird
2010-01-26 19:56 . 2009-05-30 02:59
d
w- c:\program files\FlashFXP
2010-01-26 19:48 . 2009-03-07 12:11
d
w- c:\program files\Bonjour
2010-01-26 19:13 . 2009-03-17 14:00
d
w- c:\documents and settings\pretsam\Application Data\Azureus
2010-01-26 04:57 . 2009-10-30 00:57
d
w- c:\program files\mIRC
2010-01-26 01:15 . 2009-03-06 07:01
d
w- c:\documents and settings\pretsam\Application Data\Vso
2010-01-25 03:47 . 2009-07-07 14:50
d
w- c:\documents and settings\pretsam\Application Data\vlc
2010-01-09 06:12 . 2009-06-17 18:02 144160 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\uninstall.exe
2010-01-09 06:12 . 2009-06-17 18:02
d
w- c:\documents and settings\pretsam\Application Data\Move Networks
2010-01-09 06:12 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-04 04:05 . 2009-03-06 06:12
d
w- c:\documents and settings\pretsam\Application Data\gtk-2.0
2009-12-07 01:22 . 2009-12-07 01:22 97216 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-21 06:15 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-11-21 06:15 . 2009-11-21 06:14 1794456 ----a-w- c:\documents and settings\pretsam\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\duzirasa.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\fowanodi.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\hefakola.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\yagepodo.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\system32\yobuwiji.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98fd29ec-b7fc-4acc-96c1-d5788a949196}]
1601-01-01 00:03 52224 --sha-w- c:\windows\system32\duzirasa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"D-Link Network USB Utility"="c:\program files\D-Link\Network USB Utility\Network USB Utility.exe" [2008-08-19 1885952]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-08-22 1862144]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-26 149280]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360
w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 15:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112
r- c:\windows\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\mirc\\mirc.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA SPORTS\\Madden NFL 08\\mainapp.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\FTPRush\\FTPRush.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\D-Link\\Network USB Utility\\Network USB Utility.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9303:UDP"= 9303:UDP:Network USB Utility UDP Port
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/6/2009 7:14 PM 717296]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [8/22/2009 11:00 PM 38976]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 5:24 PM 41456]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [8/18/2008 1:20 PM 73600]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [8/18/2008 1:20 PM 97408]
S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\pretsam\LOCALS~1\Temp\slicedisk.sys --> c:\docume~1\pretsam\LOCALS~1\Temp\slicedisk.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
Supplementary Scan
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pretsam\Application Data\Mozilla\Firefox\Profiles\9b8zviug.default\
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - plugin: c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\pretsam\Application Data\Move Networks\plugins\npqmp071705000014.dll
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
HKLM-Run-puhikuboh - c:\windows\system32\tezepugi.dll
HKLM-Run-pabugekori - jinuwayi.dll
SharedTaskScheduler-{ee5ba5c0-7ac3-435c-80c3-7ebbbd24691c} - c:\windows\system32\tezepugi.dll
SSODL-kobaruped-{ee5ba5c0-7ac3-435c-80c3-7ebbbd24691c} - c:\windows\system32\tezepugi.dll
MSConfigStartUp-puhikuboh - c:\windows\system32\tezepugi.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 16:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D71F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7674f28
\Driver\ACPI -> ACPI.sys @ 0xf73cfcb8
\Driver\atapi -> atapi.sys @ 0xf7364b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7256bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7263a21
SendHandler -> NDIS.sys @ 0xf724187b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="6C7FCD270AAAC883AA3B90737F69363D78D560AB48F2C52171FC24C2932319127CD671734904641B968DDCC3FEDD23B8F8E9A394C3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC79331E418C0094FD9F6520E135F0F3F2910517CF067BDD8A5F9B2065C75490911C81744F14CBB49BCFC56E4A1EF8FE2E0978BE370D23DEAEFA3F1BEC6882BAAB3643086B8FD6C0EE66672BD649BE43E0A74DB8C356EDA9BFE6B3E1D2A530EDA4561B611F84B1A6D26FBF917A74A7AFE283600D77F8BA4F32615A6EC70FCBF7AB068E0EE89C8397D65D1A5D2181AE75C098634B4AB0F720318FE9C0EE59DBECA9AF791A38A283853E8419CD2876E3083CC3D905A75A273318F5ECD9E1DB75A4B7A58A1D728880AA021F2FA9627DE522C8489E4EEDF9E0E07A83BE42AB924638251A442C7164DA82CBC9233993E3EDBF104CDBC1EF37D0C89D041403CC1D8F0874287EE281EC084C7D8691C7F71DC5236D5A147CF55CB5CDF82EF02CB7C02438DAC9E1626301118C283A6AA6BD3C4A5171619B21B9D662943C97AECFD6636EADC5E0EFCDCCA0148C94AE712C847DEE9260329B546ABBBF87C7BBFB048513E71650B1F8CB66F041D63D92BD2FE43EB9F3B4048FC02C4147D5B2F8DA63127DA2DD4FE3A489CC39DE3C53F4BC8B6801C5C898F1499393C109F0C495A08E4278C1BAC8056D3592E8C5D139CB2C248B6940A26D796DFDAFBB278E7CB676A54EFA7FA27704A3833A1063EE8672A0DB42C3EADEC8FD7536FAD35BA80AE85C51E020A5CF4936682CBFE2B7AF87A4821DF07D1D96F1C32D75EBCFEF7F559A21B99AA91644E0D3B26A8DBAD973BA038C5273A6C02E65F736F9E71BC292F5A06C9010F945BF94794EFC8694735F5494CFED1677D4C8D4A78384CAC4482ABA303886C81ABACBEF2759A87E11BE5CBB42AE649B496BCF2444DFDB627E084F2466515241B492B1B042C6B53E7690158C58E12DBA992971EAA66748729F9B4FE7C159B0689A7E03C8915C6E052B4C7A950AF4461B0A4A1EF6070B193323353E6F2746DCA2BFC0116042B52381BD6B40DA6CC7305E621D0BC7050F1F4DA995F1595CE29B493B33F2D0E542275A5FFADE15F70D6E138981B193220CAF61731503F58D4C3427C94184A86E44D2A6E31D13AD0ACD8AC10FF04EC0C5F02503E81F514B4A7470FCCBEA652B375202754507DB46E4E512E2A4F3636D397B5CB614B27D1305211EFC4346F74E7AD692469F817D30AE0513E421A8B569AB41B7F92562EEB916EA90D1597963BB5812E98F33E801756E2E252B7CC14DB830AC1DBB6E574FE2B8419E965A4292545794EE39663132CE133ADD89D68577953B7975DC66CA0D618C65A35935"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Other Running Processes
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-26 16:20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 21:20
Pre-Run: 13,176,913,920 bytes free
Post-Run: 13,177,106,432 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 561F6186E321AEE1DC73D94A6ACBA8E4
Hijack:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pretsam\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\pretsam.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe -mini
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://H:\components\hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://H:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://H:\components\wmvhdrating.ocx
O20 - AppInit_DLLs: fupipivo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 4545 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-26 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - &NetWorx Desk Band - C:\PROGRA~1\NetWorx\deskband.dll [2009-08-21 498176]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"D-Link Network USB Utility"=C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe [2008-08-19 1885952]
"NetWorx"=C:\Program Files\NetWorx\networx.exe [2009-08-21 1862144]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-26 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="fupipivo.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-03 155648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
jinuwayi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\mirc\mirc.exe"="C:\mirc\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe"="C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe"="C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\FTPRush\FTPRush.exe"="C:\Program Files\FTPRush\FTPRush.exe:*:Enabled:FTPRush FTP Client"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe"="C:\Program Files\D-Link\Network USB Utility\Network USB Utility.exe:*:Enabled:Network USB Utility"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
======List of files/folders created in the last 1 months======
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yobuwiji.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yagepodo.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\hefakola.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\fowanodi.dll
65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\duzirasa.dll
2010-01-26 16:20:31 ----A---- C:\ComboFix.txt
2010-01-26 16:14:42 ----A---- C:\Boot.bak
2010-01-26 16:14:39 ----RASHD---- C:\cmdcons
2010-01-26 16:14:06 ----A---- C:\WINDOWS\PEV.exe
2010-01-26 16:14:06 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-26 16:14:06 ----A---- C:\WINDOWS\MBR.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\zip.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWSC.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\SWREG.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\sed.exe
2010-01-26 16:14:05 ----A---- C:\WINDOWS\grep.exe
2010-01-26 16:12:37 ----D---- C:\WINDOWS\ERDNT
2010-01-26 16:10:59 ----D---- C:\Qoobox
2010-01-26 14:58:46 ----D---- C:\WINDOWS\Sun
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\java.exe
2010-01-26 14:58:16 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-26 14:58:07 ----D---- C:\Program Files\Java
2010-01-26 14:56:50 ----D---- C:\Documents and Settings\pretsam\Application Data\Sun
2010-01-26 14:25:07 ----D---- C:\Program Files\trend micro
2010-01-26 14:25:06 ----D---- C:\rsit
======List of files/folders modified in the last 1 months======
2010-01-26 16:33:45 ----D---- C:\WINDOWS\Prefetch
2010-01-26 16:31:50 ----D---- C:\Program Files\Mozilla Firefox
2010-01-26 16:31:36 ----D---- C:\Documents and Settings\pretsam\Application Data\.purple
2010-01-26 16:23:46 ----D---- C:\WINDOWS\system32\drivers
2010-01-26 16:22:55 ----RD---- C:\Program Files
2010-01-26 16:20:18 ----D---- C:\WINDOWS\Temp
2010-01-26 16:19:47 ----SD---- C:\WINDOWS\Tasks
2010-01-26 16:19:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 16:18:51 ----D---- C:\WINDOWS
2010-01-26 16:18:51 ----A---- C:\WINDOWS\system.ini
2010-01-26 16:17:13 ----D---- C:\WINDOWS\system32\config
2010-01-26 16:16:54 ----D---- C:\WINDOWS\system32
2010-01-26 16:16:09 ----D---- C:\WINDOWS\AppPatch
2010-01-26 16:16:09 ----D---- C:\Program Files\Common Files
2010-01-26 16:14:42 ----RASH---- C:\boot.ini
2010-01-26 16:14:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 16:07:59 ----A---- C:\WINDOWS\win.ini
2010-01-26 15:28:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-26 14:58:19 ----SHD---- C:\WINDOWS\Installer
2010-01-26 14:56:06 ----D---- C:\Program Files\FlashFXP
2010-01-26 14:48:17 ----D---- C:\Program Files\Bonjour
2010-01-26 14:16:39 ----D---- C:\Documents and Settings
2010-01-26 14:13:32 ----D---- C:\Documents and Settings\pretsam\Application Data\Azureus
2010-01-26 00:56:47 ----D---- C:\Temp
2010-01-26 00:42:21 ----D---- C:\mirc
2010-01-26 00:39:57 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-26 00:37:23 ----D---- C:\WINDOWS\pss
2010-01-26 00:08:13 ----A---- C:\WINDOWS\oodcnt.INI
2010-01-25 23:57:21 ----D---- C:\Program Files\mIRC
2010-01-25 20:15:11 ----D---- C:\Documents and Settings\pretsam\Application Data\Vso
2010-01-25 19:53:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-25 19:48:27 ----A---- C:\WINDOWS\winamp.ini
2010-01-24 22:47:29 ----D---- C:\Documents and Settings\pretsam\Application Data\vlc
2010-01-09 01:12:01 ----D---- C:\Documents and Settings\pretsam\Application Data\Move Networks
2010-01-03 23:05:50 ----D---- C:\Documents and Settings\pretsam\Application Data\gtk-2.0
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 PSSDK42;PSSDK42; \??\C:\WINDOWS\system32\Drivers\pssdk42.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP; C:\WINDOWS\System32\Drivers\DlinkUDSMBus.sys [2008-08-18 73600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 a4we5kq9;a4we5kq9; C:\WINDOWS\system32\drivers\a4we5kq9.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus; C:\WINDOWS\System32\Drivers\DlinkUDSTcpBus.sys [2008-08-18 97408]
S3 mbr;mbr; \??\C:\DOCUME~1\pretsam\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-06 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SliceDisk5;SliceDisk5; \??\C:\DOCUME~1\pretsam\LOCALS~1\Temp\slicedisk.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-03 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-26 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2003-10-31 214528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe []
EOF
0