Sign in to follow this  
indy666

Mod. Edit. User has been waiting for a week, please help. Casey

Recommended Posts

indy666

 

Please download Combofix and save to your desktop:

    Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.

Share this post


Link to post
Share on other sites

ComboFix 08-09-16.05 - Inderpal 2008-09-18 22:48:14.1 - NTFSx86

Running from: C:\Documents and Settings\Inderpal\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Inderpal\Cookies\[email protected][2].txt

C:\Program Files\Common Files\WinSoftware

C:\WINDOWS\Downloaded Program Files\hotbar.inf

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\smdat32a.sys

C:\WINDOWS\system32\846888

C:\WINDOWS\system32\846888\846888.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))

.

 

2008-09-16 15:02 . 2008-09-16 22:31 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-16 14:14 . 2008-09-18 21:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-16 14:14 . 2008-09-16 14:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-16 14:14 . 2008-09-16 14:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-16 14:14 . 2008-09-16 14:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Program Files\AVG

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-09-16 13:57 . 2008-09-16 15:02 <DIR> d-------- C:\!KillBox

2008-09-15 12:19 . 2008-09-15 12:19 <DIR> d-------- C:\Program Files\ProtectService

2008-09-15 12:18 . 2008-09-15 12:18 1 --a------ C:\WINDOWS\fmark2.dat

2008-09-15 12:18 . 2008-09-16 13:52 1 --a------ C:\WINDOWS\f49f4daa.dat

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\en

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-10 20:00 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-09-10 19:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-09-10 19:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-09-10 19:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-09-10 19:59 . 2008-04-14 01:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-09-10 19:59 . 2008-04-14 01:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-09-10 19:58 . 2008-04-14 01:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-09-10 19:58 . 2008-04-14 01:12 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-09-10 19:58 . 2008-04-14 01:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-09-10 19:58 . 2008-04-14 01:12 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-09-10 19:58 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-09-10 19:56 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-09-10 19:56 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-09-10 19:55 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-09-10 19:55 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-09-10 19:55 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-09-10 19:55 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-09-10 19:54 . 2008-04-14 01:11 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll

2008-09-10 19:54 . 2008-04-14 01:11 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll

2008-09-10 19:54 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-09-10 19:54 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-09-10 19:54 . 2007-09-17 09:48 1,261 --------- C:\WINDOWS\system32\pid.inf

2008-09-10 19:52 . 2008-04-14 01:11 233,472 --------- C:\WINDOWS\system32\azroles.dll

2008-09-10 19:52 . 2008-04-14 01:11 12,800 --------- C:\WINDOWS\system32\credssp.dll

2008-09-10 19:52 . 2008-04-14 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-09-10 19:51 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\Inderpal\Application Data\Malwarebytes

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-08-20 19:27 . 2004-08-04 08:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-20 19:27 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 11:15 --------- d-----w C:\Program Files\MSN Messenger

2008-08-16 19:12 --------- d-----w C:\Program Files\HP

2008-08-11 23:02 --------- d-----w C:\Program Files\Apple Software Update

2008-08-11 23:00 --------- d-----w C:\Program Files\iTunes

2008-08-11 23:00 --------- d-----w C:\Program Files\iPod

2008-08-11 22:57 --------- d-----w C:\Program Files\QuickTime

2008-07-30 12:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-30 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-29 14:02 --------- d-----w C:\Program Files\Trend Micro

2008-07-25 12:06 --------- d-----w C:\Program Files\Java

2008-07-23 16:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-07-23 16:21 --------- d-----w C:\Program Files\Common Files\HP

2008-07-22 19:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2006-03-03 23:16 0 ----a-w C:\Documents and Settings\Inderpal\iphist.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]

"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-01-02 249856]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-16 1235736]

"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"vidc.adv1"= VdmCodec.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34095:TCP"= 34095:TCP:PORT_34095

"29306:TCP"= 29306:TCP:PORT_29306

"61806:TCP"= 61806:TCP:PORT_61806

"55325:TCP"= 55325:TCP:PORT_55325

"63434:TCP"= 63434:TCP:PORT_63434

"47203:TCP"= 47203:TCP:PORT_47203

"19478:TCP"= 19478:TCP:PORT_19478

"46826:TCP"= 46826:TCP:PORT_46826

"22563:TCP"= 22563:TCP:PORT_22563

"45529:TCP"= 45529:TCP:PORT_45529

"13447:TCP"= 13447:TCP:PORT_13447

"51376:TCP"= 51376:TCP:PORT_51376

"44046:TCP"= 44046:TCP:PORT_44046

"29064:TCP"= 29064:TCP:PORT_29064

"33181:TCP"= 33181:TCP:PORT_33181

"37115:TCP"= 37115:TCP:PORT_37115

"15891:TCP"= 15891:TCP:PORT_15891

"57989:TCP"= 57989:TCP:PORT_57989

"24594:TCP"= 24594:TCP:PORT_24594

"11692:TCP"= 11692:TCP:PORT_11692

"49946:TCP"= 49946:TCP:PORT_49946

"27581:TCP"= 27581:TCP:PORT_27581

"51762:TCP"= 51762:TCP:PORT_51762

"31193:TCP"= 31193:TCP:PORT_31193

"38837:TCP"= 38837:TCP:PORT_38837

"45467:TCP"= 45467:TCP:PORT_45467

"51255:TCP"= 51255:TCP:PORT_51255

"51383:TCP"= 51383:TCP:PORT_51383

"48435:TCP"= 48435:TCP:PORT_48435

"47223:TCP"= 47223:TCP:PORT_47223

"14904:TCP"= 14904:TCP:PORT_14904

"31318:TCP"= 31318:TCP:PORT_31318

"53863:TCP"= 53863:TCP:PORT_53863

"31712:TCP"= 31712:TCP:PORT_31712

"12559:TCP"= 12559:TCP:PORT_12559

"11498:TCP"= 11498:TCP:PORT_11498

"62388:TCP"= 62388:TCP:PORT_62388

"47610:TCP"= 47610:TCP:PORT_47610

"13056:TCP"= 13056:TCP:PORT_13056

"62760:TCP"= 62760:TCP:PORT_62760

"62301:TCP"= 62301:TCP:PORT_62301

"52216:TCP"= 52216:TCP:PORT_52216

"20010:TCP"= 20010:TCP:PORT_20010

"38976:TCP"= 38976:TCP:PORT_38976

"37568:TCP"= 37568:TCP:PORT_37568

"29980:TCP"= 29980:TCP:PORT_29980

"40557:TCP"= 40557:TCP:PORT_40557

"17151:TCP"= 17151:TCP:PORT_17151

"36480:TCP"= 36480:TCP:PORT_36480

"25743:TCP"= 25743:TCP:PORT_25743

"60320:TCP"= 60320:TCP:PORT_60320

"54403:TCP"= 54403:TCP:PORT_54403

"15916:TCP"= 15916:TCP:PORT_15916

"27915:TCP"= 27915:TCP:PORT_27915

"63820:TCP"= 63820:TCP:PORT_63820

"42190:TCP"= 42190:TCP:PORT_42190

"63935:TCP"= 63935:TCP:PORT_63935

"28129:TCP"= 28129:TCP:PORT_28129

"31598:TCP"= 31598:TCP:PORT_31598

"58729:TCP"= 58729:TCP:PORT_58729

"57813:TCP"= 57813:TCP:PORT_57813

"15468:TCP"= 15468:TCP:PORT_15468

"56271:TCP"= 56271:TCP:PORT_56271

"36790:TCP"= 36790:TCP:PORT_36790

"62740:TCP"= 62740:TCP:PORT_62740

"15831:TCP"= 15831:TCP:PORT_15831

"27458:TCP"= 27458:TCP:PORT_27458

"19976:TCP"= 19976:TCP:PORT_19976

"43541:TCP"= 43541:TCP:PORT_43541

"20453:TCP"= 20453:TCP:PORT_20453

"32303:TCP"= 32303:TCP:PORT_32303

"42540:TCP"= 42540:TCP:PORT_42540

"54759:TCP"= 54759:TCP:PORT_54759

"7161:TCP"= 7161:TCP:PORT_7161

"30910:TCP"= 30910:TCP:PORT_30910

"29205:TCP"= 29205:TCP:PORT_29205

"42927:TCP"= 42927:TCP:PORT_42927

"30665:TCP"= 30665:TCP:PORT_30665

"15686:TCP"= 15686:TCP:PORT_15686

"27056:TCP"= 27056:TCP:PORT_27056

"31238:TCP"= 31238:TCP:PORT_31238

"54766:TCP"= 54766:TCP:PORT_54766

"10556:TCP"= 10556:TCP:PORT_10556

"8175:TCP"= 8175:TCP:PORT_8175

"64971:TCP"= 64971:TCP:PORT_64971

"5903:TCP"= 5903:TCP:PORT_5903

"36250:TCP"= 36250:TCP:PORT_36250

"29055:TCP"= 29055:TCP:PORT_29055

"5716:TCP"= 5716:TCP:PORT_5716

"17213:TCP"= 17213:TCP:PORT_17213

"19615:TCP"= 19615:TCP:PORT_19615

"13302:TCP"= 13302:TCP:PORT_13302

"7021:TCP"= 7021:TCP:PORT_7021

"58372:TCP"= 58372:TCP:PORT_58372

"5243:TCP"= 5243:TCP:PORT_5243

"18961:TCP"= 18961:TCP:PORT_18961

"48086:TCP"= 48086:TCP:PORT_48086

"62340:TCP"= 62340:TCP:PORT_62340

"41533:TCP"= 41533:TCP:PORT_41533

"61243:TCP"= 61243:TCP:PORT_61243

"17079:TCP"= 17079:TCP:PORT_17079

"38703:TCP"= 38703:TCP:PORT_38703

"48685:TCP"= 48685:TCP:PORT_48685

"54068:TCP"= 54068:TCP:PORT_54068

"24713:TCP"= 24713:TCP:PORT_24713

"61055:TCP"= 61055:TCP:PORT_61055

"48739:TCP"= 48739:TCP:PORT_48739

"36544:TCP"= 36544:TCP:PORT_36544

"6666:TCP"= 6666:TCP:PORT_6666

"21431:TCP"= 21431:TCP:PORT_21431

"46924:TCP"= 46924:TCP:PORT_46924

"63685:TCP"= 63685:TCP:PORT_63685

"46721:TCP"= 46721:TCP:PORT_46721

"20783:TCP"= 20783:TCP:PORT_20783

"35338:TCP"= 35338:TCP:PORT_35338

"16283:TCP"= 16283:TCP:PORT_16283

"19460:TCP"= 19460:TCP:PORT_19460

"33031:TCP"= 33031:TCP:PORT_33031

"18979:TCP"= 18979:TCP:PORT_18979

"52646:TCP"= 52646:TCP:PORT_52646

"49942:TCP"= 49942:TCP:PORT_49942

"28360:TCP"= 28360:TCP:PORT_28360

"57490:TCP"= 57490:TCP:PORT_57490

"52703:TCP"= 52703:TCP:PORT_52703

"46325:TCP"= 46325:TCP:PORT_46325

"44110:TCP"= 44110:TCP:PORT_44110

"37096:TCP"= 37096:TCP:PORT_37096

"45816:TCP"= 45816:TCP:PORT_45816

"34469:TCP"= 34469:TCP:PORT_34469

"63153:TCP"= 63153:TCP:PORT_63153

"23384:TCP"= 23384:TCP:PORT_23384

"37110:TCP"= 37110:TCP:PORT_37110

"42250:TCP"= 42250:TCP:PORT_42250

"17579:TCP"= 17579:TCP:PORT_17579

"48317:TCP"= 48317:TCP:PORT_48317

"65321:TCP"= 65321:TCP:PORT_65321

"28216:TCP"= 28216:TCP:PORT_28216

"21275:TCP"= 21275:TCP:PORT_21275

"10971:TCP"= 10971:TCP:PORT_10971

"50875:TCP"= 50875:TCP:PORT_50875

"52738:TCP"= 52738:TCP:PORT_52738

"9709:TCP"= 9709:TCP:PORT_9709

"12548:TCP"= 12548:TCP:PORT_12548

"14001:TCP"= 14001:TCP:PORT_14001

"17766:TCP"= 17766:TCP:PORT_17766

"15505:TCP"= 15505:TCP:PORT_15505

"51266:TCP"= 51266:TCP:PORT_51266

"41880:TCP"= 41880:TCP:PORT_41880

"54047:TCP"= 54047:TCP:PORT_54047

"45755:TCP"= 45755:TCP:PORT_45755

"64915:TCP"= 64915:TCP:PORT_64915

"20700:TCP"= 20700:TCP:PORT_20700

"38841:TCP"= 38841:TCP:PORT_38841

"53305:TCP"= 53305:TCP:PORT_53305

"33271:TCP"= 33271:TCP:PORT_33271

"44813:TCP"= 44813:TCP:PORT_44813

"35594:TCP"= 35594:TCP:PORT_35594

"62713:TCP"= 62713:TCP:PORT_62713

"25908:TCP"= 25908:TCP:PORT_25908

"25560:TCP"= 25560:TCP:PORT_25560

"20516:TCP"= 20516:TCP:PORT_20516

"12177:TCP"= 12177:TCP:PORT_12177

"5391:TCP"= 5391:TCP:PORT_5391

"37641:TCP"= 37641:TCP:PORT_37641

"64541:TCP"= 64541:TCP:PORT_64541

"27841:TCP"= 27841:TCP:PORT_27841

"11918:TCP"= 11918:TCP:PORT_11918

"47199:TCP"= 47199:TCP:PORT_47199

"18736:TCP"= 18736:TCP:PORT_18736

"49993:TCP"= 49993:TCP:PORT_49993

"29185:TCP"= 29185:TCP:PORT_29185

"45054:TCP"= 45054:TCP:PORT_45054

"49755:TCP"= 49755:TCP:PORT_49755

"50970:TCP"= 50970:TCP:PORT_50970

"45086:TCP"= 45086:TCP:PORT_45086

"12630:TCP"= 12630:TCP:PORT_12630

"12614:TCP"= 12614:TCP:PORT_12614

"29223:TCP"= 29223:TCP:PORT_29223

"12888:TCP"= 12888:TCP:PORT_12888

"15498:TCP"= 15498:TCP:PORT_15498

"8943:TCP"= 8943:TCP:PORT_8943

"58010:TCP"= 58010:TCP:PORT_58010

"10524:TCP"= 10524:TCP:PORT_10524

"24728:TCP"= 24728:TCP:PORT_24728

"27590:TCP"= 27590:TCP:PORT_27590

"29360:TCP"= 29360:TCP:PORT_29360

"13740:TCP"= 13740:TCP:PORT_13740

"57435:TCP"= 57435:TCP:PORT_57435

"8657:TCP"= 8657:TCP:PORT_8657

"41743:TCP"= 41743:TCP:PORT_41743

"30583:TCP"= 30583:TCP:PORT_30583

"18879:TCP"= 18879:TCP:PORT_18879

"62848:TCP"= 62848:TCP:PORT_62848

"28895:TCP"= 28895:TCP:PORT_28895

"15509:TCP"= 15509:TCP:PORT_15509

"29678:TCP"= 29678:TCP:PORT_29678

"38613:TCP"= 38613:TCP:PORT_38613

"55386:TCP"= 55386:TCP:PORT_55386

"15028:TCP"= 15028:TCP:PORT_15028

"41036:TCP"= 41036:TCP:PORT_41036

"34892:TCP"= 34892:TCP:PORT_34892

"26285:TCP"= 26285:TCP:PORT_26285

"19122:TCP"= 19122:TCP:PORT_19122

"6090:TCP"= 6090:TCP:PORT_6090

"13582:TCP"= 13582:TCP:PORT_13582

"47301:TCP"= 47301:TCP:PORT_47301

"45978:TCP"= 45978:TCP:PORT_45978

"38715:TCP"= 38715:TCP:PORT_38715

"30950:TCP"= 30950:TCP:PORT_30950

"63344:TCP"= 63344:TCP:PORT_63344

"15473:TCP"= 15473:TCP:PORT_15473

"44844:TCP"= 44844:TCP:PORT_44844

"65534:TCP"= 65534:TCP:PORT_65534

"13407:TCP"= 13407:TCP:PORT_13407

"41420:TCP"= 41420:TCP:PORT_41420

"13045:TCP"= 13045:TCP:PORT_13045

"61273:TCP"= 61273:TCP:PORT_61273

"7785:TCP"= 7785:TCP:PORT_7785

"37801:TCP"= 37801:TCP:PORT_37801

"19886:TCP"= 19886:TCP:PORT_19886

"12998:TCP"= 12998:TCP:PORT_12998

"64832:TCP"= 64832:TCP:PORT_64832

"5846:TCP"= 5846:TCP:PORT_5846

"21379:TCP"= 21379:TCP:PORT_21379

"36996:TCP"= 36996:TCP:PORT_36996

"57328:TCP"= 57328:TCP:PORT_57328

"38136:TCP"= 38136:TCP:PORT_38136

"24665:TCP"= 24665:TCP:PORT_24665

"59551:TCP"= 59551:TCP:PORT_59551

"46465:TCP"= 46465:TCP:PORT_46465

"41141:TCP"= 41141:TCP:PORT_41141

"19110:TCP"= 19110:TCP:PORT_19110

"6024:TCP"= 6024:TCP:PORT_6024

"36373:TCP"= 36373:TCP:PORT_36373

"33567:TCP"= 33567:TCP:PORT_33567

"15300:TCP"= 15300:TCP:PORT_15300

"35297:TCP"= 35297:TCP:PORT_35297

"65467:TCP"= 65467:TCP:PORT_65467

"20360:TCP"= 20360:TCP:PORT_20360

"53441:TCP"= 53441:TCP:PORT_53441

"27208:TCP"= 27208:TCP:PORT_27208

"19185:TCP"= 19185:TCP:PORT_19185

"38286:TCP"= 38286:TCP:PORT_38286

"41207:TCP"= 41207:TCP:PORT_41207

"40594:TCP"= 40594:TCP:PORT_40594

"49016:TCP"= 49016:TCP:PORT_49016

"8583:TCP"= 8583:TCP:PORT_8583

"17657:TCP"= 17657:TCP:PORT_17657

"24469:TCP"= 24469:TCP:PORT_24469

"57250:TCP"= 57250:TCP:PORT_57250

"59020:TCP"= 59020:TCP:PORT_59020

"30090:TCP"= 30090:TCP:PORT_30090

"26505:TCP"= 26505:TCP:PORT_26505

"7137:TCP"= 7137:TCP:PORT_7137

"19903:TCP"= 19903:TCP:PORT_19903

"36493:TCP"= 36493:TCP:PORT_36493

"8563:TCP"= 8563:TCP:PORT_8563

"27711:TCP"= 27711:TCP:PORT_27711

"26520:TCP"= 26520:TCP:PORT_26520

"29298:TCP"= 29298:TCP:PORT_29298

"15496:TCP"= 15496:TCP:PORT_15496

"15622:TCP"= 15622:TCP:PORT_15622

"50829:TCP"= 50829:TCP:PORT_50829

"43176:TCP"= 43176:TCP:PORT_43176

"43590:TCP"= 43590:TCP:PORT_43590

"53442:TCP"= 53442:TCP:PORT_53442

"61446:TCP"= 61446:TCP:PORT_61446

"7220:TCP"= 7220:TCP:PORT_7220

"60996:TCP"= 60996:TCP:PORT_60996

"29817:TCP"= 29817:TCP:PORT_29817

"53366:TCP"= 53366:TCP:PORT_53366

"58208:TCP"= 58208:TCP:PORT_58208

"56238:TCP"= 56238:TCP:PORT_56238

"46323:TCP"= 46323:TCP:PORT_46323

"57790:TCP"= 57790:TCP:PORT_57790

"43746:TCP"= 43746:TCP:PORT_43746

"21969:TCP"= 21969:TCP:PORT_21969

"63493:TCP"= 63493:TCP:PORT_63493

"42875:TCP"= 42875:TCP:PORT_42875

"11578:TCP"= 11578:TCP:PORT_11578

"15683:TCP"= 15683:TCP:PORT_15683

"18090:TCP"= 18090:TCP:PORT_18090

"60345:TCP"= 60345:TCP:PORT_60345

"5209:TCP"= 5209:TCP:PORT_5209

"55047:TCP"= 55047:TCP:PORT_55047

"15998:TCP"= 15998:TCP:PORT_15998

"35103:TCP"= 35103:TCP:PORT_35103

"19129:TCP"= 19129:TCP:PORT_19129

"32480:TCP"= 32480:TCP:PORT_32480

"23047:TCP"= 23047:TCP:PORT_23047

"52508:TCP"= 52508:TCP:PORT_52508

"47313:TCP"= 47313:TCP:PORT_47313

"36078:TCP"= 36078:TCP:PORT_36078

"62766:TCP"= 62766:TCP:PORT_62766

"22943:TCP"= 22943:TCP:PORT_22943

"65206:TCP"= 65206:TCP:PORT_65206

"50286:TCP"= 50286:TCP:PORT_50286

"14385:TCP"= 14385:TCP:PORT_14385

"7395:TCP"= 7395:TCP:PORT_7395

"22250:TCP"= 22250:TCP:PORT_22250

"16970:TCP"= 16970:TCP:PORT_16970

"61466:TCP"= 61466:TCP:PORT_61466

"54715:TCP"= 54715:TCP:PORT_54715

"9371:TCP"= 9371:TCP:PORT_9371

"16911:TCP"= 16911:TCP:PORT_16911

"26282:TCP"= 26282:TCP:PORT_26282

"33629:TCP"= 33629:TCP:PORT_33629

"29625:TCP"= 29625:TCP:PORT_29625

"15115:TCP"= 15115:TCP:PORT_15115

"46516:TCP"= 46516:TCP:PORT_46516

"39953:TCP"= 39953:TCP:PORT_39953

"20375:TCP"= 20375:TCP:PORT_20375

"41075:TCP"= 41075:TCP:PORT_41075

"38110:TCP"= 38110:TCP:PORT_38110

"43207:TCP"= 43207:TCP:PORT_43207

"35371:TCP"= 35371:TCP:PORT_35371

"32673:TCP"= 32673:TCP:PORT_32673

"65139:TCP"= 65139:TCP:PORT_65139

"9071:TCP"= 9071:TCP:PORT_9071

"32596:TCP"= 32596:TCP:PORT_32596

"54750:TCP"= 54750:TCP:PORT_54750

"47184:TCP"= 47184:TCP:PORT_47184

"6075:TCP"= 6075:TCP:PORT_6075

"22993:TCP"= 22993:TCP:PORT_22993

"26191:TCP"= 26191:TCP:PORT_26191

"49041:TCP"= 49041:TCP:PORT_49041

"16891:TCP"= 16891:TCP:PORT_16891

"50887:TCP"= 50887:TCP:PORT_50887

"30485:TCP"= 30485:TCP:PORT_30485

"27969:TCP"= 27969:TCP:PORT_27969

"28281:TCP"= 28281:TCP:PORT_28281

"63610:TCP"= 63610:TCP:PORT_63610

"60031:TCP"= 60031:TCP:PORT_60031

"57910:TCP"= 57910:TCP:PORT_57910

"57410:TCP"= 57410:TCP:PORT_57410

"38639:TCP"= 38639:TCP:PORT_38639

"35567:TCP"= 35567:TCP:PORT_35567

"21996:TCP"= 21996:TCP:PORT_21996

"22298:TCP"= 22298:TCP:PORT_22298

"57875:TCP"= 57875:TCP:PORT_57875

"52543:TCP"= 52543:TCP:PORT_52543

"57423:TCP"= 57423:TCP:PORT_57423

"53066:TCP"= 53066:TCP:PORT_53066

"37326:TCP"= 37326:TCP:PORT_37326

"53081:TCP"= 53081:TCP:PORT_53081

"8281:TCP"= 8281:TCP:PORT_8281

"12230:TCP"= 12230:TCP:PORT_12230

"43922:TCP"= 43922:TCP:PORT_43922

"17485:TCP"= 17485:TCP:PORT_17485

"12422:TCP"= 12422:TCP:PORT_12422

"19246:TCP"= 19246:TCP:PORT_19246

"55840:TCP"= 55840:TCP:PORT_55840

"49450:TCP"= 49450:TCP:PORT_49450

"31584:TCP"= 31584:TCP:PORT_31584

"8576:TCP"= 8576:TCP:PORT_8576

"15653:TCP"= 15653:TCP:PORT_15653

"10680:TCP"= 10680:TCP:PORT_10680

"26816:TCP"= 26816:TCP:PORT_26816

"46145:TCP"= 46145:TCP:PORT_46145

"9297:TCP"= 9297:TCP:PORT_9297

"20258:TCP"= 20258:TCP:PORT_20258

"40032:TCP"= 40032:TCP:PORT_40032

"48038:TCP"= 48038:TCP:PORT_48038

"14329:TCP"= 14329:TCP:PORT_14329

"13848:TCP"= 13848:TCP:PORT_13848

"40692:TCP"= 40692:TCP:PORT_40692

"36768:TCP"= 36768:TCP:PORT_36768

"19024:TCP"= 19024:TCP:PORT_19024

"41013:TCP"= 41013:TCP:PORT_41013

"63969:TCP"= 63969:TCP:PORT_63969

"45950:TCP"= 45950:TCP:PORT_45950

"35475:TCP"= 35475:TCP:PORT_35475

"23344:TCP"= 23344:TCP:PORT_23344

"29031:TCP"= 29031:TCP:PORT_29031

"40273:TCP"= 40273:TCP:PORT_40273

"13210:TCP"= 13210:TCP:PORT_13210

"14525:TCP"= 14525:TCP:PORT_14525

"46544:TCP"= 46544:TCP:PORT_46544

"61748:TCP"= 61748:TCP:PORT_61748

"23530:TCP"= 23530:TCP:PORT_23530

"47268:TCP"= 47268:TCP:PORT_47268

"46551:TCP"= 46551:TCP:PORT_46551

"8770:TCP"= 8770:TCP:PORT_8770

"22782:TCP"= 22782:TCP:PORT_22782

"52094:TCP"= 52094:TCP:PORT_52094

"57004:TCP"= 57004:TCP:PORT_57004

"42060:TCP"= 42060:TCP:PORT_42060

"30336:TCP"= 30336:TCP:PORT_30336

"13497:TCP"= 13497:TCP:PORT_13497

"38778:TCP"= 38778:TCP:PORT_38778

"16551:TCP"= 16551:TCP:PORT_16551

"60993:TCP"= 60993:TCP:PORT_60993

"40192:TCP"= 40192:TCP:PORT_40192

"64933:TCP"= 64933:TCP:PORT_64933

"28509:TCP"= 28509:TCP:PORT_28509

"57919:TCP"= 57919:TCP:PORT_57919

"46795:TCP"= 46795:TCP:PORT_46795

"42224:TCP"= 42224:TCP:PORT_42224

"24692:TCP"= 24692:TCP:PORT_24692

"49860:TCP"= 49860:TCP:PORT_49860

"59192:TCP"= 59192:TCP:PORT_59192

"35236:TCP"= 35236:TCP:PORT_35236

"28426:TCP"= 28426:TCP:PORT_28426

"11843:TCP"= 11843:TCP:PORT_11843

"25466:TCP"= 25466:TCP:PORT_25466

"32891:TCP"= 32891:TCP:PORT_32891

"5598:TCP"= 5598:TCP:PORT_5598

"48442:TCP"= 48442:TCP:PORT_48442

"21031:TCP"= 21031:TCP:PORT_21031

"30546:TCP"= 30546:TCP:PORT_30546

"21926:TCP"= 21926:TCP:PORT_21926

"54419:TCP"= 54419:TCP:PORT_54419

"35321:TCP"= 35321:TCP:PORT_35321

"28713:TCP"= 28713:TCP:PORT_28713

"49458:TCP"= 49458:TCP:PORT_49458

"30808:TCP"= 30808:TCP:PORT_30808

"54683:TCP"= 54683:TCP:PORT_54683

"62836:TCP"= 62836:TCP:PORT_62836

"48735:TCP"= 48735:TCP:PORT_48735

"26766:TCP"= 26766:TCP:PORT_26766

"29675:TCP"= 29675:TCP:PORT_29675

"55196:TCP"= 55196:TCP:PORT_55196

"25993:TCP"= 25993:TCP:PORT_25993

"59680:TCP"= 59680:TCP:PORT_59680

"44671:TCP"= 44671:TCP:PORT_44671

"19746:TCP"= 19746:TCP:PORT_19746

"29833:TCP"= 29833:TCP:PORT_29833

"50763:TCP"= 50763:TCP:PORT_50763

"17661:TCP"= 17661:TCP:PORT_17661

"10548:TCP"= 10548:TCP:PORT_10548

"15868:TCP"= 15868:TCP:PORT_15868

"54228:TCP"= 54228:TCP:PORT_54228

"63860:TCP"= 63860:TCP:PORT_63860

"15818:TCP"= 15818:TCP:PORT_15818

"51938:TCP"= 51938:TCP:PORT_51938

"51417:TCP"= 51417:TCP:PORT_51417

"27133:TCP"= 27133:TCP:PORT_27133

"14796:TCP"= 14796:TCP:PORT_14796

"16719:TCP"= 16719:TCP:PORT_16719

"34465:TCP"= 34465:TCP:PORT_34465

"39476:TCP"= 39476:TCP:PORT_39476

"23283:TCP"= 23283:TCP:PORT_23283

"14813:TCP"= 14813:TCP:PORT_14813

"12275:TCP"= 12275:TCP:PORT_12275

"16137:TCP"= 16137:TCP:PORT_16137

"31948:TCP"= 31948:TCP:PORT_31948

"50649:TCP"= 50649:TCP:PORT_50649

"13741:TCP"= 13741:TCP:PORT_13741

"11919:TCP"= 11919:TCP:PORT_11919

"23259:TCP"= 23259:TCP:PORT_23259

"50313:TCP"= 50313:TCP:PORT_50313

"28744:TCP"= 28744:TCP:PORT_28744

"8372:TCP"= 8372:TCP:PORT_8372

"34431:TCP"= 34431:TCP:PORT_34431

"62653:TCP"= 62653:TCP:PORT_62653

"37555:TCP"= 37555:TCP:PORT_37555

"54095:TCP"= 54095:TCP:PORT_54095

"60083:TCP"= 60083:TCP:PORT_60083

"58813:TCP"= 58813:TCP:PORT_58813

"40051:TCP"= 40051:TCP:PORT_40051

"25735:TCP"= 25735:TCP:PORT_25735

"44282:TCP"= 44282:TCP:PORT_44282

"13698:TCP"= 13698:TCP:PORT_13698

"37363:TCP"= 37363:TCP:PORT_37363

"12489:TCP"= 12489:TCP:PORT_12489

"27203:TCP"= 27203:TCP:PORT_27203

"6703:TCP"= 6703:TCP:PORT_6703

"22082:TCP"= 22082:TCP:PORT_22082

"42798:TCP"= 42798:TCP:PORT_42798

"62270:TCP"= 62270:TCP:PORT_62270

"50611:TCP"= 50611:TCP:PORT_50611

"39441:TCP"= 39441:TCP:PORT_39441

"5012:TCP"= 5012:TCP:PORT_5012

"57723:TCP"= 57723:TCP:PORT_57723

"32160:TCP"= 32160:TCP:PORT_32160

"10689:TCP"= 10689:TCP:PORT_10689

"53823:TCP"= 53823:TCP:PORT_53823

"48018:TCP"= 48018:TCP:PORT_48018

"49690:TCP"= 49690:TCP:PORT_49690

"22215:TCP"= 22215:TCP:PORT_22215

"48368:TCP"= 48368:TCP:PORT_48368

"43500:TCP"= 43500:TCP:PORT_43500

"43308:TCP"= 43308:TCP:PORT_43308

"6813:TCP"= 6813:TCP:PORT_6813

"18036:TCP"= 18036:TCP:PORT_18036

"26429:TCP"= 26429:TCP:PORT_26429

"37511:TCP"= 37511:TCP:PORT_37511

"13406:TCP"= 13406:TCP:PORT_13406

"56158:TCP"= 56158:TCP:PORT_56158

"65520:TCP"= 65520:TCP:PORT_65520

"64813:TCP"= 64813:TCP:PORT_64813

"22436:TCP"= 22436:TCP:PORT_22436

"15122:TCP"= 15122:TCP:PORT_15122

"12356:TCP"= 12356:TCP:PORT_12356

"57038:TCP"= 57038:TCP:PORT_57038

"25583:TCP"= 25583:TCP:PORT_25583

"39985:TCP"= 39985:TCP:PORT_39985

"54610:TCP"= 54610:TCP:PORT_54610

"32984:TCP"= 32984:TCP:PORT_32984

"14942:TCP"= 14942:TCP:PORT_14942

"48391:TCP"= 48391:TCP:PORT_48391

"33038:TCP"= 33038:TCP:PORT_33038

"30045:TCP"= 30045:TCP:PORT_30045

"18172:TCP"= 18172:TCP:PORT_18172

"45673:TCP"= 45673:TCP:PORT_45673

"45898:TCP"= 45898:TCP:PORT_45898

"55610:TCP"= 55610:TCP:PORT_55610

"15536:TCP"= 15536:TCP:PORT_15536

"16906:TCP"= 16906:TCP:PORT_16906

"14236:TCP"= 14236:TCP:PORT_14236

"30345:TCP"= 30345:TCP:PORT_30345

"37266:TCP"= 37266:TCP:PORT_37266

"61110:TCP"= 61110:TCP:PORT_61110

"6172:TCP"= 6172:TCP:PORT_6172

"23926:TCP"= 23926:TCP:PORT_23926

"26922:TCP"= 26922:TCP:PORT_26922

"24700:TCP"= 24700:TCP:PORT_24700

"43708:TCP"= 43708:TCP:PORT_43708

"26583:TCP"= 26583:TCP:PORT_26583

"39035:TCP"= 39035:TCP:PORT_39035

"16078:TCP"= 16078:TCP:PORT_16078

"6783:TCP"= 6783:TCP:PORT_6783

"25243:TCP"= 25243:TCP:PORT_25243

"60098:TCP"= 60098:TCP:PORT_60098

"63008:TCP"= 63008:TCP:PORT_63008

"40133:TCP"= 40133:TCP:PORT_40133

"44133:TCP"= 44133:TCP:PORT_44133

"34297:TCP"= 34297:TCP:PORT_34297

"55317:TCP"= 55317:TCP:PORT_55317

"37701:TCP"= 37701:TCP:PORT_37701

 

R2 DNS Client (Dnscache);DNS Client (Dnscache);C:\Program Files\ProtectService\ProtectService.exe [2008-09-15 12:19]

R3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 08:36]

R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 08:07]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-16 14:14]

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-16 14:13]

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-16 14:13]

S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-16 14:14]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b2fbbc-a8ff-11d9-bd06-000ce581fb3b}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db6d614-708e-11d9-bc5a-f037e038276d}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{10A07F79-70F2-4169-B872-55184904D41D} - C:\WINDOWS\system32\846888\846888.dll

WebBrowser-{F2F40B8B-3BFD-C213-3DA8-819B8F5AB65E} - (no file)

WebBrowser-{DD9ED457-6D9E-4084-B6EE-F7C56EB06F23} - C:\Program Files\SuperBar\SuperBar.Dll

HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe

HKCU-Run-MessengerPlus2 - C:\Program Files\Messenger Plus! 2\MsgPlus.exe

HKLM-Run-MessengerPlus2 - C:\Program Files\Messenger Plus! 2\MsgPlus.exe

HKLM-Run-sysftray2 - C:\windows\kenny16.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/

 

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab

C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

 

O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

C:\WINDOWS\Downloaded Program Files\accounttracking.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 22:55:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-09-18 23:00:45

ComboFix-quarantined-files.txt 2008-09-18 21:59:37

 

Pre-Run: 13,031,870,464 bytes free

Post-Run: 13,205,585,920 bytes free

 

726 --- E O F --- 2008-09-11 11:47:28

Share this post


Link to post
Share on other sites

indy666

 

2 Things:

 

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

 

File::

C:\WINDOWS\fmark2.dat

C:\WINDOWS\f49f4daa.dat

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b2fbbc-a8ff-11d9-bd06-000ce581fb3b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db6d614-708e-11d9-bc5a-f037e038276d}]

 

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

 

Using the Image as a reference, drag CFScript into ComboFix.exe

 

CFScriptB-4.gif

    You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply

2. You have a suspicious program and file Iwould like to look at

 

Please go HERE

 

Put Your Name, and LavaSoft HJT forum

 

and In the file to submit box, click Browse. Locate the file

    C:\Program Files\ProtectService\ProtectService.exe

In the comments tell them that I asked you to upload the file

Then Select Send File.

Share this post


Link to post
Share on other sites

ComboFix 08-09-16.05 - Inderpal 2008-09-19 16:46:01.2 - NTFSx86

Running from: C:\Documents and Settings\Inderpal\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))

.

 

2008-09-16 15:02 . 2008-09-19 16:35 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-16 14:14 . 2008-09-19 14:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-16 14:14 . 2008-09-16 14:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-16 14:14 . 2008-09-16 14:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-16 14:14 . 2008-09-16 14:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Program Files\AVG

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-09-16 13:57 . 2008-09-16 15:02 <DIR> d-------- C:\!KillBox

2008-09-15 12:19 . 2008-09-15 12:19 <DIR> d-------- C:\Program Files\ProtectService

2008-09-15 12:18 . 2008-09-15 12:18 1 --a------ C:\WINDOWS\fmark2.dat

2008-09-15 12:18 . 2008-09-16 13:52 1 --a------ C:\WINDOWS\f49f4daa.dat

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\en

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-10 20:00 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-09-10 19:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-09-10 19:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-09-10 19:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-09-10 19:59 . 2008-04-14 01:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-09-10 19:59 . 2008-04-14 01:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-09-10 19:58 . 2008-04-14 01:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-09-10 19:58 . 2008-04-14 01:12 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-09-10 19:58 . 2008-04-14 01:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-09-10 19:58 . 2008-04-14 01:12 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-09-10 19:58 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-09-10 19:56 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-09-10 19:56 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-09-10 19:55 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-09-10 19:55 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-09-10 19:55 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-09-10 19:55 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-09-10 19:54 . 2008-04-14 01:11 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll

2008-09-10 19:54 . 2008-04-14 01:11 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll

2008-09-10 19:54 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-09-10 19:54 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-09-10 19:54 . 2007-09-17 09:48 1,261 --------- C:\WINDOWS\system32\pid.inf

2008-09-10 19:52 . 2008-04-14 01:11 233,472 --------- C:\WINDOWS\system32\azroles.dll

2008-09-10 19:52 . 2008-04-14 01:11 12,800 --------- C:\WINDOWS\system32\credssp.dll

2008-09-10 19:52 . 2008-04-14 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-09-10 19:51 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\Inderpal\Application Data\Malwarebytes

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-08-20 19:27 . 2004-08-04 08:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-08-20 19:27 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 11:15 --------- d-----w C:\Program Files\MSN Messenger

2008-08-16 19:12 --------- d-----w C:\Program Files\HP

2008-08-11 23:02 --------- d-----w C:\Program Files\Apple Software Update

2008-08-11 23:00 --------- d-----w C:\Program Files\iTunes

2008-08-11 23:00 --------- d-----w C:\Program Files\iPod

2008-08-11 22:57 --------- d-----w C:\Program Files\QuickTime

2008-07-30 12:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-30 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-29 14:02 --------- d-----w C:\Program Files\Trend Micro

2008-07-25 12:06 --------- d-----w C:\Program Files\Java

2008-07-23 16:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-07-23 16:21 --------- d-----w C:\Program Files\Common Files\HP

2008-07-22 19:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2006-03-03 23:16 0 ----a-w C:\Documents and Settings\Inderpal\iphist.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]

"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-01-02 249856]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-16 1235736]

"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"vidc.adv1"= VdmCodec.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34095:TCP"= 34095:TCP:PORT_34095

"29306:TCP"= 29306:TCP:PORT_29306

"61806:TCP"= 61806:TCP:PORT_61806

"55325:TCP"= 55325:TCP:PORT_55325

"63434:TCP"= 63434:TCP:PORT_63434

"47203:TCP"= 47203:TCP:PORT_47203

"19478:TCP"= 19478:TCP:PORT_19478

"46826:TCP"= 46826:TCP:PORT_46826

"22563:TCP"= 22563:TCP:PORT_22563

"45529:TCP"= 45529:TCP:PORT_45529

"13447:TCP"= 13447:TCP:PORT_13447

"51376:TCP"= 51376:TCP:PORT_51376

"44046:TCP"= 44046:TCP:PORT_44046

"29064:TCP"= 29064:TCP:PORT_29064

"33181:TCP"= 33181:TCP:PORT_33181

"37115:TCP"= 37115:TCP:PORT_37115

"15891:TCP"= 15891:TCP:PORT_15891

"57989:TCP"= 57989:TCP:PORT_57989

"24594:TCP"= 24594:TCP:PORT_24594

"11692:TCP"= 11692:TCP:PORT_11692

"49946:TCP"= 49946:TCP:PORT_49946

"27581:TCP"= 27581:TCP:PORT_27581

"51762:TCP"= 51762:TCP:PORT_51762

"31193:TCP"= 31193:TCP:PORT_31193

"38837:TCP"= 38837:TCP:PORT_38837

"45467:TCP"= 45467:TCP:PORT_45467

"51255:TCP"= 51255:TCP:PORT_51255

"51383:TCP"= 51383:TCP:PORT_51383

"48435:TCP"= 48435:TCP:PORT_48435

"47223:TCP"= 47223:TCP:PORT_47223

"14904:TCP"= 14904:TCP:PORT_14904

"31318:TCP"= 31318:TCP:PORT_31318

"53863:TCP"= 53863:TCP:PORT_53863

"31712:TCP"= 31712:TCP:PORT_31712

"12559:TCP"= 12559:TCP:PORT_12559

"11498:TCP"= 11498:TCP:PORT_11498

"62388:TCP"= 62388:TCP:PORT_62388

"47610:TCP"= 47610:TCP:PORT_47610

"13056:TCP"= 13056:TCP:PORT_13056

"62760:TCP"= 62760:TCP:PORT_62760

"62301:TCP"= 62301:TCP:PORT_62301

"52216:TCP"= 52216:TCP:PORT_52216

"20010:TCP"= 20010:TCP:PORT_20010

"38976:TCP"= 38976:TCP:PORT_38976

"37568:TCP"= 37568:TCP:PORT_37568

"29980:TCP"= 29980:TCP:PORT_29980

"40557:TCP"= 40557:TCP:PORT_40557

"17151:TCP"= 17151:TCP:PORT_17151

"36480:TCP"= 36480:TCP:PORT_36480

"25743:TCP"= 25743:TCP:PORT_25743

"60320:TCP"= 60320:TCP:PORT_60320

"54403:TCP"= 54403:TCP:PORT_54403

"15916:TCP"= 15916:TCP:PORT_15916

"27915:TCP"= 27915:TCP:PORT_27915

"63820:TCP"= 63820:TCP:PORT_63820

"42190:TCP"= 42190:TCP:PORT_42190

"63935:TCP"= 63935:TCP:PORT_63935

"28129:TCP"= 28129:TCP:PORT_28129

"31598:TCP"= 31598:TCP:PORT_31598

"58729:TCP"= 58729:TCP:PORT_58729

"57813:TCP"= 57813:TCP:PORT_57813

"15468:TCP"= 15468:TCP:PORT_15468

"56271:TCP"= 56271:TCP:PORT_56271

"36790:TCP"= 36790:TCP:PORT_36790

"62740:TCP"= 62740:TCP:PORT_62740

"15831:TCP"= 15831:TCP:PORT_15831

"27458:TCP"= 27458:TCP:PORT_27458

"19976:TCP"= 19976:TCP:PORT_19976

"43541:TCP"= 43541:TCP:PORT_43541

"20453:TCP"= 20453:TCP:PORT_20453

"32303:TCP"= 32303:TCP:PORT_32303

"42540:TCP"= 42540:TCP:PORT_42540

"54759:TCP"= 54759:TCP:PORT_54759

"7161:TCP"= 7161:TCP:PORT_7161

"30910:TCP"= 30910:TCP:PORT_30910

"29205:TCP"= 29205:TCP:PORT_29205

"42927:TCP"= 42927:TCP:PORT_42927

"30665:TCP"= 30665:TCP:PORT_30665

"15686:TCP"= 15686:TCP:PORT_15686

"27056:TCP"= 27056:TCP:PORT_27056

"31238:TCP"= 31238:TCP:PORT_31238

"54766:TCP"= 54766:TCP:PORT_54766

"10556:TCP"= 10556:TCP:PORT_10556

"8175:TCP"= 8175:TCP:PORT_8175

"64971:TCP"= 64971:TCP:PORT_64971

"5903:TCP"= 5903:TCP:PORT_5903

"36250:TCP"= 36250:TCP:PORT_36250

"29055:TCP"= 29055:TCP:PORT_29055

"5716:TCP"= 5716:TCP:PORT_5716

"17213:TCP"= 17213:TCP:PORT_17213

"19615:TCP"= 19615:TCP:PORT_19615

"13302:TCP"= 13302:TCP:PORT_13302

"7021:TCP"= 7021:TCP:PORT_7021

"58372:TCP"= 58372:TCP:PORT_58372

"5243:TCP"= 5243:TCP:PORT_5243

"18961:TCP"= 18961:TCP:PORT_18961

"48086:TCP"= 48086:TCP:PORT_48086

"62340:TCP"= 62340:TCP:PORT_62340

"41533:TCP"= 41533:TCP:PORT_41533

"61243:TCP"= 61243:TCP:PORT_61243

"17079:TCP"= 17079:TCP:PORT_17079

"38703:TCP"= 38703:TCP:PORT_38703

"48685:TCP"= 48685:TCP:PORT_48685

"54068:TCP"= 54068:TCP:PORT_54068

"24713:TCP"= 24713:TCP:PORT_24713

"61055:TCP"= 61055:TCP:PORT_61055

"48739:TCP"= 48739:TCP:PORT_48739

"36544:TCP"= 36544:TCP:PORT_36544

"6666:TCP"= 6666:TCP:PORT_6666

"21431:TCP"= 21431:TCP:PORT_21431

"46924:TCP"= 46924:TCP:PORT_46924

"63685:TCP"= 63685:TCP:PORT_63685

"46721:TCP"= 46721:TCP:PORT_46721

"20783:TCP"= 20783:TCP:PORT_20783

"35338:TCP"= 35338:TCP:PORT_35338

"16283:TCP"= 16283:TCP:PORT_16283

"19460:TCP"= 19460:TCP:PORT_19460

"33031:TCP"= 33031:TCP:PORT_33031

"18979:TCP"= 18979:TCP:PORT_18979

"52646:TCP"= 52646:TCP:PORT_52646

"49942:TCP"= 49942:TCP:PORT_49942

"28360:TCP"= 28360:TCP:PORT_28360

"57490:TCP"= 57490:TCP:PORT_57490

"52703:TCP"= 52703:TCP:PORT_52703

"46325:TCP"= 46325:TCP:PORT_46325

"44110:TCP"= 44110:TCP:PORT_44110

"37096:TCP"= 37096:TCP:PORT_37096

"45816:TCP"= 45816:TCP:PORT_45816

"34469:TCP"= 34469:TCP:PORT_34469

"63153:TCP"= 63153:TCP:PORT_63153

"23384:TCP"= 23384:TCP:PORT_23384

"37110:TCP"= 37110:TCP:PORT_37110

"42250:TCP"= 42250:TCP:PORT_42250

"17579:TCP"= 17579:TCP:PORT_17579

"48317:TCP"= 48317:TCP:PORT_48317

"65321:TCP"= 65321:TCP:PORT_65321

"28216:TCP"= 28216:TCP:PORT_28216

"21275:TCP"= 21275:TCP:PORT_21275

"10971:TCP"= 10971:TCP:PORT_10971

"50875:TCP"= 50875:TCP:PORT_50875

"52738:TCP"= 52738:TCP:PORT_52738

"9709:TCP"= 9709:TCP:PORT_9709

"12548:TCP"= 12548:TCP:PORT_12548

"14001:TCP"= 14001:TCP:PORT_14001

"17766:TCP"= 17766:TCP:PORT_17766

"15505:TCP"= 15505:TCP:PORT_15505

"51266:TCP"= 51266:TCP:PORT_51266

"41880:TCP"= 41880:TCP:PORT_41880

"54047:TCP"= 54047:TCP:PORT_54047

"45755:TCP"= 45755:TCP:PORT_45755

"64915:TCP"= 64915:TCP:PORT_64915

"20700:TCP"= 20700:TCP:PORT_20700

"38841:TCP"= 38841:TCP:PORT_38841

"53305:TCP"= 53305:TCP:PORT_53305

"33271:TCP"= 33271:TCP:PORT_33271

"44813:TCP"= 44813:TCP:PORT_44813

"35594:TCP"= 35594:TCP:PORT_35594

"62713:TCP"= 62713:TCP:PORT_62713

"25908:TCP"= 25908:TCP:PORT_25908

"25560:TCP"= 25560:TCP:PORT_25560

"20516:TCP"= 20516:TCP:PORT_20516

"12177:TCP"= 12177:TCP:PORT_12177

"5391:TCP"= 5391:TCP:PORT_5391

"37641:TCP"= 37641:TCP:PORT_37641

"64541:TCP"= 64541:TCP:PORT_64541

"27841:TCP"= 27841:TCP:PORT_27841

"11918:TCP"= 11918:TCP:PORT_11918

"47199:TCP"= 47199:TCP:PORT_47199

"18736:TCP"= 18736:TCP:PORT_18736

"49993:TCP"= 49993:TCP:PORT_49993

"29185:TCP"= 29185:TCP:PORT_29185

"45054:TCP"= 45054:TCP:PORT_45054

"49755:TCP"= 49755:TCP:PORT_49755

"50970:TCP"= 50970:TCP:PORT_50970

"45086:TCP"= 45086:TCP:PORT_45086

"12630:TCP"= 12630:TCP:PORT_12630

"12614:TCP"= 12614:TCP:PORT_12614

"29223:TCP"= 29223:TCP:PORT_29223

"12888:TCP"= 12888:TCP:PORT_12888

"15498:TCP"= 15498:TCP:PORT_15498

"8943:TCP"= 8943:TCP:PORT_8943

"58010:TCP"= 58010:TCP:PORT_58010

"10524:TCP"= 10524:TCP:PORT_10524

"24728:TCP"= 24728:TCP:PORT_24728

"27590:TCP"= 27590:TCP:PORT_27590

"29360:TCP"= 29360:TCP:PORT_29360

"13740:TCP"= 13740:TCP:PORT_13740

"57435:TCP"= 57435:TCP:PORT_57435

"8657:TCP"= 8657:TCP:PORT_8657

"41743:TCP"= 41743:TCP:PORT_41743

"30583:TCP"= 30583:TCP:PORT_30583

"18879:TCP"= 18879:TCP:PORT_18879

"62848:TCP"= 62848:TCP:PORT_62848

"28895:TCP"= 28895:TCP:PORT_28895

"15509:TCP"= 15509:TCP:PORT_15509

"29678:TCP"= 29678:TCP:PORT_29678

"38613:TCP"= 38613:TCP:PORT_38613

"55386:TCP"= 55386:TCP:PORT_55386

"15028:TCP"= 15028:TCP:PORT_15028

"41036:TCP"= 41036:TCP:PORT_41036

"34892:TCP"= 34892:TCP:PORT_34892

"26285:TCP"= 26285:TCP:PORT_26285

"19122:TCP"= 19122:TCP:PORT_19122

"6090:TCP"= 6090:TCP:PORT_6090

"13582:TCP"= 13582:TCP:PORT_13582

"47301:TCP"= 47301:TCP:PORT_47301

"45978:TCP"= 45978:TCP:PORT_45978

"38715:TCP"= 38715:TCP:PORT_38715

"30950:TCP"= 30950:TCP:PORT_30950

"63344:TCP"= 63344:TCP:PORT_63344

"15473:TCP"= 15473:TCP:PORT_15473

"44844:TCP"= 44844:TCP:PORT_44844

"65534:TCP"= 65534:TCP:PORT_65534

"13407:TCP"= 13407:TCP:PORT_13407

"41420:TCP"= 41420:TCP:PORT_41420

"13045:TCP"= 13045:TCP:PORT_13045

"61273:TCP"= 61273:TCP:PORT_61273

"7785:TCP"= 7785:TCP:PORT_7785

"37801:TCP"= 37801:TCP:PORT_37801

"19886:TCP"= 19886:TCP:PORT_19886

"12998:TCP"= 12998:TCP:PORT_12998

"64832:TCP"= 64832:TCP:PORT_64832

"5846:TCP"= 5846:TCP:PORT_5846

"21379:TCP"= 21379:TCP:PORT_21379

"36996:TCP"= 36996:TCP:PORT_36996

"57328:TCP"= 57328:TCP:PORT_57328

"38136:TCP"= 38136:TCP:PORT_38136

"24665:TCP"= 24665:TCP:PORT_24665

"59551:TCP"= 59551:TCP:PORT_59551

"46465:TCP"= 46465:TCP:PORT_46465

"41141:TCP"= 41141:TCP:PORT_41141

"19110:TCP"= 19110:TCP:PORT_19110

"6024:TCP"= 6024:TCP:PORT_6024

"36373:TCP"= 36373:TCP:PORT_36373

"33567:TCP"= 33567:TCP:PORT_33567

"15300:TCP"= 15300:TCP:PORT_15300

"35297:TCP"= 35297:TCP:PORT_35297

"65467:TCP"= 65467:TCP:PORT_65467

"20360:TCP"= 20360:TCP:PORT_20360

"53441:TCP"= 53441:TCP:PORT_53441

"27208:TCP"= 27208:TCP:PORT_27208

"19185:TCP"= 19185:TCP:PORT_19185

"38286:TCP"= 38286:TCP:PORT_38286

"41207:TCP"= 41207:TCP:PORT_41207

"40594:TCP"= 40594:TCP:PORT_40594

"49016:TCP"= 49016:TCP:PORT_49016

"8583:TCP"= 8583:TCP:PORT_8583

"17657:TCP"= 17657:TCP:PORT_17657

"24469:TCP"= 24469:TCP:PORT_24469

"57250:TCP"= 57250:TCP:PORT_57250

"59020:TCP"= 59020:TCP:PORT_59020

"30090:TCP"= 30090:TCP:PORT_30090

"26505:TCP"= 26505:TCP:PORT_26505

"7137:TCP"= 7137:TCP:PORT_7137

"19903:TCP"= 19903:TCP:PORT_19903

"36493:TCP"= 36493:TCP:PORT_36493

"8563:TCP"= 8563:TCP:PORT_8563

"27711:TCP"= 27711:TCP:PORT_27711

"26520:TCP"= 26520:TCP:PORT_26520

"29298:TCP"= 29298:TCP:PORT_29298

"15496:TCP"= 15496:TCP:PORT_15496

"15622:TCP"= 15622:TCP:PORT_15622

"50829:TCP"= 50829:TCP:PORT_50829

"43176:TCP"= 43176:TCP:PORT_43176

"43590:TCP"= 43590:TCP:PORT_43590

"53442:TCP"= 53442:TCP:PORT_53442

"61446:TCP"= 61446:TCP:PORT_61446

"7220:TCP"= 7220:TCP:PORT_7220

"60996:TCP"= 60996:TCP:PORT_60996

"29817:TCP"= 29817:TCP:PORT_29817

"53366:TCP"= 53366:TCP:PORT_53366

"58208:TCP"= 58208:TCP:PORT_58208

"56238:TCP"= 56238:TCP:PORT_56238

"46323:TCP"= 46323:TCP:PORT_46323

"57790:TCP"= 57790:TCP:PORT_57790

"43746:TCP"= 43746:TCP:PORT_43746

"21969:TCP"= 21969:TCP:PORT_21969

"63493:TCP"= 63493:TCP:PORT_63493

"42875:TCP"= 42875:TCP:PORT_42875

"11578:TCP"= 11578:TCP:PORT_11578

"15683:TCP"= 15683:TCP:PORT_15683

"18090:TCP"= 18090:TCP:PORT_18090

"60345:TCP"= 60345:TCP:PORT_60345

"5209:TCP"= 5209:TCP:PORT_5209

"55047:TCP"= 55047:TCP:PORT_55047

"15998:TCP"= 15998:TCP:PORT_15998

"35103:TCP"= 35103:TCP:PORT_35103

"19129:TCP"= 19129:TCP:PORT_19129

"32480:TCP"= 32480:TCP:PORT_32480

"23047:TCP"= 23047:TCP:PORT_23047

"52508:TCP"= 52508:TCP:PORT_52508

"47313:TCP"= 47313:TCP:PORT_47313

"36078:TCP"= 36078:TCP:PORT_36078

"62766:TCP"= 62766:TCP:PORT_62766

"22943:TCP"= 22943:TCP:PORT_22943

"65206:TCP"= 65206:TCP:PORT_65206

"50286:TCP"= 50286:TCP:PORT_50286

"14385:TCP"= 14385:TCP:PORT_14385

"7395:TCP"= 7395:TCP:PORT_7395

"22250:TCP"= 22250:TCP:PORT_22250

"16970:TCP"= 16970:TCP:PORT_16970

"61466:TCP"= 61466:TCP:PORT_61466

"54715:TCP"= 54715:TCP:PORT_54715

"9371:TCP"= 9371:TCP:PORT_9371

"16911:TCP"= 16911:TCP:PORT_16911

"26282:TCP"= 26282:TCP:PORT_26282

"33629:TCP"= 33629:TCP:PORT_33629

"29625:TCP"= 29625:TCP:PORT_29625

"15115:TCP"= 15115:TCP:PORT_15115

"46516:TCP"= 46516:TCP:PORT_46516

"39953:TCP"= 39953:TCP:PORT_39953

"20375:TCP"= 20375:TCP:PORT_20375

"41075:TCP"= 41075:TCP:PORT_41075

"38110:TCP"= 38110:TCP:PORT_38110

"43207:TCP"= 43207:TCP:PORT_43207

"35371:TCP"= 35371:TCP:PORT_35371

"32673:TCP"= 32673:TCP:PORT_32673

"65139:TCP"= 65139:TCP:PORT_65139

"9071:TCP"= 9071:TCP:PORT_9071

"32596:TCP"= 32596:TCP:PORT_32596

"54750:TCP"= 54750:TCP:PORT_54750

"47184:TCP"= 47184:TCP:PORT_47184

"6075:TCP"= 6075:TCP:PORT_6075

"22993:TCP"= 22993:TCP:PORT_22993

"26191:TCP"= 26191:TCP:PORT_26191

"49041:TCP"= 49041:TCP:PORT_49041

"16891:TCP"= 16891:TCP:PORT_16891

"50887:TCP"= 50887:TCP:PORT_50887

"30485:TCP"= 30485:TCP:PORT_30485

"27969:TCP"= 27969:TCP:PORT_27969

"28281:TCP"= 28281:TCP:PORT_28281

"63610:TCP"= 63610:TCP:PORT_63610

"60031:TCP"= 60031:TCP:PORT_60031

"57910:TCP"= 57910:TCP:PORT_57910

"57410:TCP"= 57410:TCP:PORT_57410

"38639:TCP"= 38639:TCP:PORT_38639

"35567:TCP"= 35567:TCP:PORT_35567

"21996:TCP"= 21996:TCP:PORT_21996

"22298:TCP"= 22298:TCP:PORT_22298

"57875:TCP"= 57875:TCP:PORT_57875

"52543:TCP"= 52543:TCP:PORT_52543

"57423:TCP"= 57423:TCP:PORT_57423

"53066:TCP"= 53066:TCP:PORT_53066

"37326:TCP"= 37326:TCP:PORT_37326

"53081:TCP"= 53081:TCP:PORT_53081

"8281:TCP"= 8281:TCP:PORT_8281

"12230:TCP"= 12230:TCP:PORT_12230

"43922:TCP"= 43922:TCP:PORT_43922

"17485:TCP"= 17485:TCP:PORT_17485

"12422:TCP"= 12422:TCP:PORT_12422

"19246:TCP"= 19246:TCP:PORT_19246

"55840:TCP"= 55840:TCP:PORT_55840

"49450:TCP"= 49450:TCP:PORT_49450

"31584:TCP"= 31584:TCP:PORT_31584

"8576:TCP"= 8576:TCP:PORT_8576

"15653:TCP"= 15653:TCP:PORT_15653

"10680:TCP"= 10680:TCP:PORT_10680

"26816:TCP"= 26816:TCP:PORT_26816

"46145:TCP"= 46145:TCP:PORT_46145

"9297:TCP"= 9297:TCP:PORT_9297

"20258:TCP"= 20258:TCP:PORT_20258

"40032:TCP"= 40032:TCP:PORT_40032

"48038:TCP"= 48038:TCP:PORT_48038

"14329:TCP"= 14329:TCP:PORT_14329

"13848:TCP"= 13848:TCP:PORT_13848

"40692:TCP"= 40692:TCP:PORT_40692

"36768:TCP"= 36768:TCP:PORT_36768

"19024:TCP"= 19024:TCP:PORT_19024

"41013:TCP"= 41013:TCP:PORT_41013

"63969:TCP"= 63969:TCP:PORT_63969

"45950:TCP"= 45950:TCP:PORT_45950

"35475:TCP"= 35475:TCP:PORT_35475

"23344:TCP"= 23344:TCP:PORT_23344

"29031:TCP"= 29031:TCP:PORT_29031

"40273:TCP"= 40273:TCP:PORT_40273

"13210:TCP"= 13210:TCP:PORT_13210

"14525:TCP"= 14525:TCP:PORT_14525

"46544:TCP"= 46544:TCP:PORT_46544

"61748:TCP"= 61748:TCP:PORT_61748

"23530:TCP"= 23530:TCP:PORT_23530

"47268:TCP"= 47268:TCP:PORT_47268

"46551:TCP"= 46551:TCP:PORT_46551

"8770:TCP"= 8770:TCP:PORT_8770

"22782:TCP"= 22782:TCP:PORT_22782

"52094:TCP"= 52094:TCP:PORT_52094

"57004:TCP"= 57004:TCP:PORT_57004

"42060:TCP"= 42060:TCP:PORT_42060

"30336:TCP"= 30336:TCP:PORT_30336

"13497:TCP"= 13497:TCP:PORT_13497

"38778:TCP"= 38778:TCP:PORT_38778

"16551:TCP"= 16551:TCP:PORT_16551

"60993:TCP"= 60993:TCP:PORT_60993

"40192:TCP"= 40192:TCP:PORT_40192

"64933:TCP"= 64933:TCP:PORT_64933

"28509:TCP"= 28509:TCP:PORT_28509

"57919:TCP"= 57919:TCP:PORT_57919

"46795:TCP"= 46795:TCP:PORT_46795

"42224:TCP"= 42224:TCP:PORT_42224

"24692:TCP"= 24692:TCP:PORT_24692

"49860:TCP"= 49860:TCP:PORT_49860

"59192:TCP"= 59192:TCP:PORT_59192

"35236:TCP"= 35236:TCP:PORT_35236

"28426:TCP"= 28426:TCP:PORT_28426

"11843:TCP"= 11843:TCP:PORT_11843

"25466:TCP"= 25466:TCP:PORT_25466

"32891:TCP"= 32891:TCP:PORT_32891

"5598:TCP"= 5598:TCP:PORT_5598

"48442:TCP"= 48442:TCP:PORT_48442

"21031:TCP"= 21031:TCP:PORT_21031

"30546:TCP"= 30546:TCP:PORT_30546

"21926:TCP"= 21926:TCP:PORT_21926

"54419:TCP"= 54419:TCP:PORT_54419

"35321:TCP"= 35321:TCP:PORT_35321

"28713:TCP"= 28713:TCP:PORT_28713

"49458:TCP"= 49458:TCP:PORT_49458

"30808:TCP"= 30808:TCP:PORT_30808

"54683:TCP"= 54683:TCP:PORT_54683

"62836:TCP"= 62836:TCP:PORT_62836

"48735:TCP"= 48735:TCP:PORT_48735

"26766:TCP"= 26766:TCP:PORT_26766

"29675:TCP"= 29675:TCP:PORT_29675

"55196:TCP"= 55196:TCP:PORT_55196

"25993:TCP"= 25993:TCP:PORT_25993

"59680:TCP"= 59680:TCP:PORT_59680

"44671:TCP"= 44671:TCP:PORT_44671

"19746:TCP"= 19746:TCP:PORT_19746

"29833:TCP"= 29833:TCP:PORT_29833

"50763:TCP"= 50763:TCP:PORT_50763

"17661:TCP"= 17661:TCP:PORT_17661

"10548:TCP"= 10548:TCP:PORT_10548

"15868:TCP"= 15868:TCP:PORT_15868

"54228:TCP"= 54228:TCP:PORT_54228

"63860:TCP"= 63860:TCP:PORT_63860

"15818:TCP"= 15818:TCP:PORT_15818

"51938:TCP"= 51938:TCP:PORT_51938

"51417:TCP"= 51417:TCP:PORT_51417

"27133:TCP"= 27133:TCP:PORT_27133

"14796:TCP"= 14796:TCP:PORT_14796

"16719:TCP"= 16719:TCP:PORT_16719

"34465:TCP"= 34465:TCP:PORT_34465

"39476:TCP"= 39476:TCP:PORT_39476

"23283:TCP"= 23283:TCP:PORT_23283

"14813:TCP"= 14813:TCP:PORT_14813

"12275:TCP"= 12275:TCP:PORT_12275

"16137:TCP"= 16137:TCP:PORT_16137

"31948:TCP"= 31948:TCP:PORT_31948

"50649:TCP"= 50649:TCP:PORT_50649

"13741:TCP"= 13741:TCP:PORT_13741

"11919:TCP"= 11919:TCP:PORT_11919

"23259:TCP"= 23259:TCP:PORT_23259

"50313:TCP"= 50313:TCP:PORT_50313

"28744:TCP"= 28744:TCP:PORT_28744

"8372:TCP"= 8372:TCP:PORT_8372

"34431:TCP"= 34431:TCP:PORT_34431

"62653:TCP"= 62653:TCP:PORT_62653

"37555:TCP"= 37555:TCP:PORT_37555

"54095:TCP"= 54095:TCP:PORT_54095

"60083:TCP"= 60083:TCP:PORT_60083

"58813:TCP"= 58813:TCP:PORT_58813

"40051:TCP"= 40051:TCP:PORT_40051

"25735:TCP"= 25735:TCP:PORT_25735

"44282:TCP"= 44282:TCP:PORT_44282

"13698:TCP"= 13698:TCP:PORT_13698

"37363:TCP"= 37363:TCP:PORT_37363

"12489:TCP"= 12489:TCP:PORT_12489

"27203:TCP"= 27203:TCP:PORT_27203

"6703:TCP"= 6703:TCP:PORT_6703

"22082:TCP"= 22082:TCP:PORT_22082

"42798:TCP"= 42798:TCP:PORT_42798

"62270:TCP"= 62270:TCP:PORT_62270

"50611:TCP"= 50611:TCP:PORT_50611

"39441:TCP"= 39441:TCP:PORT_39441

"5012:TCP"= 5012:TCP:PORT_5012

"57723:TCP"= 57723:TCP:PORT_57723

"32160:TCP"= 32160:TCP:PORT_32160

"10689:TCP"= 10689:TCP:PORT_10689

"53823:TCP"= 53823:TCP:PORT_53823

"48018:TCP"= 48018:TCP:PORT_48018

"49690:TCP"= 49690:TCP:PORT_49690

"22215:TCP"= 22215:TCP:PORT_22215

"48368:TCP"= 48368:TCP:PORT_48368

"43500:TCP"= 43500:TCP:PORT_43500

"43308:TCP"= 43308:TCP:PORT_43308

"6813:TCP"= 6813:TCP:PORT_6813

"18036:TCP"= 18036:TCP:PORT_18036

"26429:TCP"= 26429:TCP:PORT_26429

"37511:TCP"= 37511:TCP:PORT_37511

"13406:TCP"= 13406:TCP:PORT_13406

"56158:TCP"= 56158:TCP:PORT_56158

"65520:TCP"= 65520:TCP:PORT_65520

"64813:TCP"= 64813:TCP:PORT_64813

"22436:TCP"= 22436:TCP:PORT_22436

"15122:TCP"= 15122:TCP:PORT_15122

"12356:TCP"= 12356:TCP:PORT_12356

"57038:TCP"= 57038:TCP:PORT_57038

"25583:TCP"= 25583:TCP:PORT_25583

"39985:TCP"= 39985:TCP:PORT_39985

"54610:TCP"= 54610:TCP:PORT_54610

"32984:TCP"= 32984:TCP:PORT_32984

"14942:TCP"= 14942:TCP:PORT_14942

"48391:TCP"= 48391:TCP:PORT_48391

"33038:TCP"= 33038:TCP:PORT_33038

"30045:TCP"= 30045:TCP:PORT_30045

"18172:TCP"= 18172:TCP:PORT_18172

"45673:TCP"= 45673:TCP:PORT_45673

"45898:TCP"= 45898:TCP:PORT_45898

"55610:TCP"= 55610:TCP:PORT_55610

"15536:TCP"= 15536:TCP:PORT_15536

"16906:TCP"= 16906:TCP:PORT_16906

"14236:TCP"= 14236:TCP:PORT_14236

"30345:TCP"= 30345:TCP:PORT_30345

"37266:TCP"= 37266:TCP:PORT_37266

"61110:TCP"= 61110:TCP:PORT_61110

"6172:TCP"= 6172:TCP:PORT_6172

"23926:TCP"= 23926:TCP:PORT_23926

"26922:TCP"= 26922:TCP:PORT_26922

"24700:TCP"= 24700:TCP:PORT_24700

"43708:TCP"= 43708:TCP:PORT_43708

"26583:TCP"= 26583:TCP:PORT_26583

"39035:TCP"= 39035:TCP:PORT_39035

"16078:TCP"= 16078:TCP:PORT_16078

"6783:TCP"= 6783:TCP:PORT_6783

"25243:TCP"= 25243:TCP:PORT_25243

"60098:TCP"= 60098:TCP:PORT_60098

"63008:TCP"= 63008:TCP:PORT_63008

"40133:TCP"= 40133:TCP:PORT_40133

"44133:TCP"= 44133:TCP:PORT_44133

"34297:TCP"= 34297:TCP:PORT_34297

"55317:TCP"= 55317:TCP:PORT_55317

"37701:TCP"= 37701:TCP:PORT_37701

 

R2 DNS Client (Dnscache);DNS Client (Dnscache);C:\Program Files\ProtectService\ProtectService.exe [2008-09-15 12:19]

R3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 08:36]

R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 08:07]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-16 14:14]

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-16 14:13]

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-16 14:13]

S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-16 14:14]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07b2fbbc-a8ff-11d9-bd06-000ce581fb3b}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9db6d614-708e-11d9-bc5a-f037e038276d}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

R0 -: HKCU-Main,Start Page = hxxp://www.google.com/

 

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab

C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

 

O16 -: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

C:\WINDOWS\Downloaded Program Files\accounttracking.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-19 16:52:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

**************************************************************************

.

Completion time: 2008-09-19 16:59:21

ComboFix-quarantined-files.txt 2008-09-19 15:57:56

ComboFix2.txt 2008-09-18 22:00:48

 

Pre-Run: 13,208,121,344 bytes free

Post-Run: 13,188,358,144 bytes free

 

706 --- E O F --- 2008-09-11 11:47:28

Share this post


Link to post
Share on other sites

I tried to do the second step,

 

Please go HERE

 

Put Your Name, and LavaSoft HJT forum

 

and In the file to submit box, click Browse. Locate the file

C:\Program Files\ProtectService\ProtectService.exe

In the comments tell them that I asked you to upload the file

Then Select Send File.

 

But when i go into the protect service folder there are no files in there?

Share this post


Link to post
Share on other sites

indy666

 

The CFScript file didn't work. Did you save the CFScript file to your Desktop and drag it into Combofix?

 

Please doulble check the name it was saved as, and check to make sure the items were copied and pasted into Notepad.

 

2. Are you fimilar with that program ProtectService ?

Share this post


Link to post
Share on other sites

ComboFix 08-09-16.05 - Inderpal 2008-09-22 17:26:14.3 - NTFSx86

Running from: C:\Documents and Settings\Inderpal\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Inderpal\Desktop\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Inderpal\Cookies\[email protected][1].txt

C:\Documents and Settings\Inderpal\Cookies\[email protected][2].txt

C:\Documents and Settings\Inderpal\Cookies\[email protected][1].txt

C:\WINDOWS\f49f4daa.dat

C:\WINDOWS\fmark2.dat

 

.

((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))

.

 

2008-09-16 15:02 . 2008-09-19 16:35 <DIR> d--h----- C:\$AVG8.VAULT$

2008-09-16 14:14 . 2008-09-22 11:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-09-16 14:14 . 2008-09-16 14:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-09-16 14:14 . 2008-09-16 14:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-09-16 14:14 . 2008-09-16 14:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Program Files\AVG

2008-09-16 14:13 . 2008-09-16 14:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-09-16 13:57 . 2008-09-16 15:02 <DIR> d-------- C:\!KillBox

2008-09-15 12:19 . 2008-09-15 12:19 <DIR> d-------- C:\Program Files\ProtectService

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\system32\en

2008-09-10 21:27 . 2008-09-10 21:27 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-10 20:00 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll

2008-09-10 19:59 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll

2008-09-10 19:59 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll

2008-09-10 19:59 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-09-10 19:59 . 2008-04-14 01:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll

2008-09-10 19:59 . 2008-04-14 01:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll

2008-09-10 19:58 . 2008-04-14 01:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll

2008-09-10 19:58 . 2008-04-14 01:12 76,800 --------- C:\WINDOWS\system32\qutil.dll

2008-09-10 19:58 . 2008-04-14 01:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll

2008-09-10 19:58 . 2008-04-14 01:12 32,768 --------- C:\WINDOWS\system32\setupn.exe

2008-09-10 19:58 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-09-10 19:56 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll

2008-09-10 19:56 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll

2008-09-10 19:55 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll

2008-09-10 19:55 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-09-10 19:55 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll

2008-09-10 19:55 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe

2008-09-10 19:54 . 2008-04-14 01:11 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll

2008-09-10 19:54 . 2008-04-14 01:11 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll

2008-09-10 19:54 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll

2008-09-10 19:54 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll

2008-09-10 19:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll

2008-09-10 19:54 . 2007-09-17 09:48 1,261 --------- C:\WINDOWS\system32\pid.inf

2008-09-10 19:52 . 2008-04-14 01:11 233,472 --------- C:\WINDOWS\system32\azroles.dll

2008-09-10 19:52 . 2008-04-14 01:11 12,800 --------- C:\WINDOWS\system32\credssp.dll

2008-09-10 19:52 . 2008-04-14 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

2008-09-10 19:51 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\Inderpal\Application Data\Malwarebytes

2008-09-04 12:42 . 2008-09-04 12:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-11 11:15 --------- d-----w C:\Program Files\MSN Messenger

2008-08-16 19:12 --------- d-----w C:\Program Files\HP

2008-08-11 23:02 --------- d-----w C:\Program Files\Apple Software Update

2008-08-11 23:00 --------- d-----w C:\Program Files\iTunes

2008-08-11 23:00 --------- d-----w C:\Program Files\iPod

2008-08-11 22:57 --------- d-----w C:\Program Files\QuickTime

2008-07-30 12:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-07-30 11:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Lavasoft

2008-07-30 11:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-29 14:02 --------- d-----w C:\Program Files\Trend Micro

2008-07-25 12:06 --------- d-----w C:\Program Files\Java

2008-07-23 16:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-07-23 16:21 --------- d-----w C:\Program Files\Common Files\HP

2008-07-22 19:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2006-03-03 23:16 0 ----a-w C:\Documents and Settings\Inderpal\iphist.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 5058560]

"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-01-02 249856]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-16 1235736]

"nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2004-02-09 C:\WINDOWS\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"vidc.adv1"= VdmCodec.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34095:TCP"= 34095:TCP:PORT_34095

"29306:TCP"= 29306:TCP:PORT_29306

"61806:TCP"= 61806:TCP:PORT_61806

"55325:TCP"= 55325:TCP:PORT_55325

"63434:TCP"= 63434:TCP:PORT_63434

"47203:TCP"= 47203:TCP:PORT_47203

"19478:TCP"= 19478:TCP:PORT_19478

"46826:TCP"= 46826:TCP:PORT_46826

"22563:TCP"= 22563:TCP:PORT_22563

"45529:TCP"= 45529:TCP:PORT_45529

"13447:TCP"= 13447:TCP:PORT_13447

"51376:TCP"= 51376:TCP:PORT_51376

"44046:TCP"= 44046:TCP:PORT_44046

"29064:TCP"= 29064:TCP:PORT_29064

"33181:TCP"= 33181:TCP:PORT_33181

"37115:TCP"= 37115:TCP:PORT_37115

"15891:TCP"= 15891:TCP:PORT_15891

"57989:TCP"= 57989:TCP:PORT_57989

"24594:TCP"= 24594:TCP:PORT_24594

"11692:TCP"= 11692:TCP:PORT_11692

"49946:TCP"= 49946:TCP:PORT_49946

"27581:TCP"= 27581:TCP:PORT_27581

"51762:TCP"= 51762:TCP:PORT_51762

"31193:TCP"= 31193:TCP:PORT_31193

"38837:TCP"= 38837:TCP:PORT_38837

"45467:TCP"= 45467:TCP:PORT_45467

"51255:TCP"= 51255:TCP:PORT_51255

"51383:TCP"= 51383:TCP:PORT_51383

"48435:TCP"= 48435:TCP:PORT_48435

"47223:TCP"= 47223:TCP:PORT_47223

"14904:TCP"= 14904:TCP:PORT_14904

"31318:TCP"= 31318:TCP:PORT_31318

"53863:TCP"= 53863:TCP:PORT_53863

"31712:TCP"= 31712:TCP:PORT_31712

"12559:TCP"= 12559:TCP:PORT_12559

"11498:TCP"= 11498:TCP:PORT_11498

"62388:TCP"= 62388:TCP:PORT_62388

"47610:TCP"= 47610:TCP:PORT_47610

"13056:TCP"= 13056:TCP:PORT_13056

"62760:TCP"= 62760:TCP:PORT_62760

"62301:TCP"= 62301:TCP:PORT_62301

"52216:TCP"= 52216:TCP:PORT_52216

"20010:TCP"= 20010:TCP:PORT_20010

"38976:TCP"= 38976:TCP:PORT_38976

"37568:TCP"= 37568:TCP:PORT_37568

"29980:TCP"= 29980:TCP:PORT_29980

"40557:TCP"= 40557:TCP:PORT_40557

"17151:TCP"= 17151:TCP:PORT_17151

"36480:TCP"= 36480:TCP:PORT_36480

"25743:TCP"= 25743:TCP:PORT_25743

"60320:TCP"= 60320:TCP:PORT_60320

"54403:TCP"= 54403:TCP:PORT_54403

"15916:TCP"= 15916:TCP:PORT_15916

"27915:TCP"= 27915:TCP:PORT_27915

"63820:TCP"= 63820:TCP:PORT_63820

"42190:TCP"= 42190:TCP:PORT_42190

"63935:TCP"= 63935:TCP:PORT_63935

"28129:TCP"= 28129:TCP:PORT_28129

"31598:TCP"= 31598:TCP:PORT_31598

"58729:TCP"= 58729:TCP:PORT_58729

"57813:TCP"= 57813:TCP:PORT_57813

"15468:TCP"= 15468:TCP:PORT_15468

"56271:TCP"= 56271:TCP:PORT_56271

"36790:TCP"= 36790:TCP:PORT_36790

"62740:TCP"= 62740:TCP:PORT_62740

"15831:TCP"= 15831:TCP:PORT_15831

"27458:TCP"= 27458:TCP:PORT_27458

"19976:TCP"= 19976:TCP:PORT_19976

"43541:TCP"= 43541:TCP:PORT_43541

"20453:TCP"= 20453:TCP:PORT_20453

"32303:TCP"= 32303:TCP:PORT_32303

"42540:TCP"= 42540:TCP:PORT_42540

"54759:TCP"= 54759:TCP:PORT_54759

"7161:TCP"= 7161:TCP:PORT_7161

"30910:TCP"= 30910:TCP:PORT_30910

"29205:TCP"= 29205:TCP:PORT_29205

"42927:TCP"= 42927:TCP:PORT_42927

"30665:TCP"= 30665:TCP:PORT_30665

"15686:TCP"= 15686:TCP:PORT_15686

"27056:TCP"= 27056:TCP:PORT_27056

"31238:TCP"= 31238:TCP:PORT_31238

"54766:TCP"= 54766:TCP:PORT_54766

"10556:TCP"= 10556:TCP:PORT_10556

"8175:TCP"= 8175:TCP:PORT_8175

"64971:TCP"= 64971:TCP:PORT_64971

"5903:TCP"= 5903:TCP:PORT_5903

"36250:TCP"= 36250:TCP:PORT_36250

"29055:TCP"= 29055:TCP:PORT_29055

"5716:TCP"= 5716:TCP:PORT_5716

"17213:TCP"= 17213:TCP:PORT_17213

"19615:TCP"= 19615:TCP:PORT_19615

"13302:TCP"= 13302:TCP:PORT_13302

"7021:TCP"= 7021:TCP:PORT_7021

"58372:TCP"= 58372:TCP:PORT_58372

"5243:TCP"= 5243:TCP:PORT_5243

"18961:TCP"= 18961:TCP:PORT_18961

"48086:TCP"= 48086:TCP:PORT_48086

"62340:TCP"= 62340:TCP:PORT_62340

"41533:TCP"= 41533:TCP:PORT_41533

"61243:TCP"= 61243:TCP:PORT_61243

"17079:TCP"= 17079:TCP:PORT_17079

"38703:TCP"= 38703:TCP:PORT_38703

"48685:TCP"= 48685:TCP:PORT_48685

"54068:TCP"= 54068:TCP:PORT_54068

"24713:TCP"= 24713:TCP:PORT_24713

"61055:TCP"= 61055:TCP:PORT_61055

"48739:TCP"= 48739:TCP:PORT_48739

"36544:TCP"= 36544:TCP:PORT_36544

"6666:TCP"= 6666:TCP:PORT_6666

"21431:TCP"= 21431:TCP:PORT_21431

"46924:TCP"= 46924:TCP:PORT_46924

"63685:TCP"= 63685:TCP:PORT_63685

"46721:TCP"= 46721:TCP:PORT_46721

"20783:TCP"= 20783:TCP:PORT_20783

"35338:TCP"= 35338:TCP:PORT_35338

"16283:TCP"= 16283:TCP:PORT_16283

"19460:TCP"= 19460:TCP:PORT_19460

"33031:TCP"= 33031:TCP:PORT_33031

"18979:TCP"= 18979:TCP:PORT_18979

"52646:TCP"= 52646:TCP:PORT_52646

"49942:TCP"= 49942:TCP:PORT_49942

"28360:TCP"= 28360:TCP:PORT_28360

"57490:TCP"= 57490:TCP:PORT_57490

"52703:TCP"= 52703:TCP:PORT_52703

"46325:TCP"= 46325:TCP:PORT_46325

"44110:TCP"= 44110:TCP:PORT_44110

"37096:TCP"= 37096:TCP:PORT_37096

"45816:TCP"= 45816:TCP:PORT_45816

"34469:TCP"= 34469:TCP:PORT_34469

"63153:TCP"= 63153:TCP:PORT_63153

"23384:TCP"= 23384:TCP:PORT_23384

"37110:TCP"= 37110:TCP:PORT_37110

"42250:TCP"= 42250:TCP:PORT_42250

"17579:TCP"= 17579:TCP:PORT_17579

"48317:TCP"= 48317:TCP:PORT_48317

"65321:TCP"= 65321:TCP:PORT_65321

"28216:TCP"= 28216:TCP:PORT_28216

"21275:TCP"= 21275:TCP:PORT_21275

"10971:TCP"= 10971:TCP:PORT_10971

"50875:TCP"= 50875:TCP:PORT_50875

"52738:TCP"= 52738:TCP:PORT_52738

"9709:TCP"= 9709:TCP:PORT_9709

"12548:TCP"= 12548:TCP:PORT_12548

"14001:TCP"= 14001:TCP:PORT_14001

"17766:TCP"= 17766:TCP:PORT_17766

"15505:TCP"= 15505:TCP:PORT_15505

"51266:TCP"= 51266:TCP:PORT_51266

"41880:TCP"= 41880:TCP:PORT_41880

"54047:TCP"= 54047:TCP:PORT_54047

"45755:TCP"= 45755:TCP:PORT_45755

"64915:TCP"= 64915:TCP:PORT_64915

"20700:TCP"= 20700:TCP:PORT_20700

"38841:TCP"= 38841:TCP:PORT_38841

"53305:TCP"= 53305:TCP:PORT_53305

"33271:TCP"= 33271:TCP:PORT_33271

"44813:TCP"= 44813:TCP:PORT_44813

"35594:TCP"= 35594:TCP:PORT_35594

"62713:TCP"= 62713:TCP:PORT_62713

"25908:TCP"= 25908:TCP:PORT_25908

"25560:TCP"= 25560:TCP:PORT_25560

"20516:TCP"= 20516:TCP:PORT_20516

"12177:TCP"= 12177:TCP:PORT_12177

"5391:TCP"= 5391:TCP:PORT_5391

"37641:TCP"= 37641:TCP:PORT_37641

"64541:TCP"= 64541:TCP:PORT_64541

"27841:TCP"= 27841:TCP:PORT_27841

"11918:TCP"= 11918:TCP:PORT_11918

"47199:TCP"= 47199:TCP:PORT_47199

"18736:TCP"= 18736:TCP:PORT_18736

"49993:TCP"= 49993:TCP:PORT_49993

"29185:TCP"= 29185:TCP:PORT_29185

"45054:TCP"= 45054:TCP:PORT_45054

"49755:TCP"= 49755:TCP:PORT_49755

"50970:TCP"= 50970:TCP:PORT_50970

"45086:TCP"= 45086:TCP:PORT_45086

"12630:TCP"= 12630:TCP:PORT_12630

"12614:TCP"= 12614:TCP:PORT_12614

"29223:TCP"= 29223:TCP:PORT_29223

"12888:TCP"= 12888:TCP:PORT_12888

"15498:TCP"= 15498:TCP:PORT_15498

"8943:TCP"= 8943:TCP:PORT_8943

"58010:TCP"= 58010:TCP:PORT_58010

"10524:TCP"= 10524:TCP:PORT_10524

"24728:TCP"= 24728:TCP:PORT_24728

"27590:TCP"= 27590:TCP:PORT_27590

"29360:TCP"= 29360:TCP:PORT_29360

"13740:TCP"= 13740:TCP:PORT_13740

"57435:TCP"= 57435:TCP:PORT_57435

"8657:TCP"= 8657:TCP:PORT_8657

"41743:TCP"= 41743:TCP:PORT_41743

"30583:TCP"= 30583:TCP:PORT_30583

"18879:TCP"= 18879:TCP:PORT_18879

"62848:TCP"= 62848:TCP:PORT_62848

"28895:TCP"= 28895:TCP:PORT_28895

"15509:TCP"= 15509:TCP:PORT_15509

"29678:TCP"= 29678:TCP:PORT_29678

"38613:TCP"= 38613:TCP:PORT_38613

"55386:TCP"= 55386:TCP:PORT_55386

"15028:TCP"= 15028:TCP:PORT_15028

"41036:TCP"= 41036:TCP:PORT_41036

"34892:TCP"= 34892:TCP:PORT_34892

"26285:TCP"= 26285:TCP:PORT_26285

"19122:TCP"= 19122:TCP:PORT_19122

"6090:TCP"= 6090:TCP:PORT_6090

"13582:TCP"= 13582:TCP:PORT_13582

"47301:TCP"= 47301:TCP:PORT_47301

"45978:TCP"= 45978:TCP:PORT_45978

"38715:TCP"= 38715:TCP:PORT_38715

"30950:TCP"= 30950:TCP:PORT_30950

"63344:TCP"= 63344:TCP:PORT_63344

"15473:TCP"= 15473:TCP:PORT_15473

"44844:TCP"= 44844:TCP:PORT_44844

"65534:TCP"= 65534:TCP:PORT_65534

"13407:TCP"= 13407:TCP:PORT_13407

"41420:TCP"= 41420:TCP:PORT_41420

"13045:TCP"= 13045:TCP:PORT_13045

"61273:TCP"= 61273:TCP:PORT_61273

"7785:TCP"= 7785:TCP:PORT_7785

"37801:TCP"= 37801:TCP:PORT_37801

"19886:TCP"= 19886:TCP:PORT_19886

"12998:TCP"= 12998:TCP:PORT_12998

"64832:TCP"= 64832:TCP:PORT_64832

"5846:TCP"= 5846:TCP:PORT_5846

"21379:TCP"= 21379:TCP:PORT_21379

"36996:TCP"= 36996:TCP:PORT_36996

"57328:TCP"= 57328:TCP:PORT_57328

"38136:TCP"= 38136:TCP:PORT_38136

"24665:TCP"= 24665:TCP:PORT_24665

"59551:TCP"= 59551:TCP:PORT_59551

"46465:TCP"= 46465:TCP:PORT_46465

"41141:TCP"= 41141:TCP:PORT_41141

"19110:TCP"= 19110:TCP:PORT_19110

"6024:TCP"= 6024:TCP:PORT_6024

"36373:TCP"= 36373:TCP:PORT_36373

"33567:TCP"= 33567:TCP:PORT_33567

"15300:TCP"= 15300:TCP:PORT_15300

"35297:TCP"= 35297:TCP:PORT_35297

"65467:TCP"= 65467:TCP:PORT_65467

"20360:TCP"= 20360:TCP:PORT_20360

"53441:TCP"= 53441:TCP:PORT_53441

"27208:TCP"= 27208:TCP:PORT_27208

"19185:TCP"= 19185:TCP:PORT_19185

"38286:TCP"= 38286:TCP:PORT_38286

"41207:TCP"= 41207:TCP:PORT_41207

"40594:TCP"= 40594:TCP:PORT_40594

"49016:TCP"= 49016:TCP:PORT_49016

"8583:TCP"= 8583:TCP:PORT_8583

"17657:TCP"= 17657:TCP:PORT_17657

"24469:TCP"= 24469:TCP:PORT_24469

"57250:TCP"= 57250:TCP:PORT_57250

"59020:TCP"= 59020:TCP:PORT_59020

"30090:TCP"= 30090:TCP:PORT_30090

"26505:TCP"= 26505:TCP:PORT_26505

"7137:TCP"= 7137:TCP:PORT_7137

"19903:TCP"= 19903:TCP:PORT_19903

"36493:TCP"= 36493:TCP:PORT_36493

"8563:TCP"= 8563:TCP:PORT_8563

"27711:TCP"= 27711:TCP:PORT_27711

"26520:TCP"= 26520:TCP:PORT_26520

"29298:TCP"= 29298:TCP:PORT_29298

"15496:TCP"= 15496:TCP:PORT_15496

"15622:TCP"= 15622:TCP:PORT_15622

"50829:TCP"= 50829:TCP:PORT_50829

"43176:TCP"= 43176:TCP:PORT_43176

"43590:TCP"= 43590:TCP:PORT_43590

"53442:TCP"= 53442:TCP:PORT_53442

"61446:TCP"= 61446:TCP:PORT_61446

"7220:TCP"= 7220:TCP:PORT_7220

"60996:TCP"= 60996:TCP:PORT_60996

"29817:TCP"= 29817:TCP:PORT_29817

"53366:TCP"= 53366:TCP:PORT_53366

"58208:TCP"= 58208:TCP:PORT_58208

"56238:TCP"= 56238:TCP:PORT_56238

"46323:TCP"= 46323:TCP:PORT_46323

"57790:TCP"= 57790:TCP:PORT_57790

"43746:TCP"= 43746:TCP:PORT_43746

"21969:TCP"= 21969:TCP:PORT_21969

"63493:TCP"= 63493:TCP:PORT_63493

"42875:TCP"= 42875:TCP:PORT_42875

"11578:TCP"= 11578:TCP:PORT_11578

"15683:TCP"= 15683:TCP:PORT_15683

"18090:TCP"= 18090:TCP:PORT_18090

"60345:TCP"= 60345:TCP:PORT_60345

"5209:TCP"= 5209:TCP:PORT_5209

"55047:TCP"= 55047:TCP:PORT_55047

"15998:TCP"= 15998:TCP:PORT_15998

"35103:TCP"= 35103:TCP:PORT_35103

"19129:TCP"= 19129:TCP:PORT_19129

"32480:TCP"= 32480:TCP:PORT_32480

"23047:TCP"= 23047:TCP:PORT_23047

"52508:TCP"= 52508:TCP:PORT_52508

"47313:TCP"= 47313:TCP:PORT_47313

"36078:TCP"= 36078:TCP:PORT_36078

"62766:TCP"= 62766:TCP:PORT_62766

"22943:TCP"= 22943:TCP:PORT_22943

"65206:TCP"= 65206:TCP:PORT_65206

"50286:TCP"= 50286:TCP:PORT_50286

"14385:TCP"= 14385:TCP:PORT_14385

"7395:TCP"= 7395:TCP:PORT_7395

"22250:TCP"= 22250:TCP:PORT_22250

"16970:TCP"= 16970:TCP:PORT_16970

"61466:TCP"= 61466:TCP:PORT_61466

"54715:TCP"= 54715:TCP:PORT_54715

"9371:TCP"= 9371:TCP:PORT_9371

"16911:TCP"= 16911:TCP:PORT_16911

"26282:TCP"= 26282:TCP:PORT_26282

"33629:TCP"= 33629:TCP:PORT_33629

"29625:TCP"= 29625:TCP:PORT_29625

"15115:TCP"= 15115:TCP:PORT_15115

"46516:TCP"= 46516:TCP:PORT_46516

"39953:TCP"= 39953:TCP:PORT_39953

"20375:TCP"= 20375:TCP:PORT_20375

"41075:TCP"= 41075:TCP:PORT_41075

"38110:TCP"= 38110:TCP:PORT_38110

"43207:TCP"= 43207:TCP:PORT_43207

"35371:TCP"= 35371:TCP:PORT_35371

"32673:TCP"= 32673:TCP:PORT_32673

"65139:TCP"= 65139:TCP:PORT_65139

"9071:TCP"= 9071:TCP:PORT_9071

"32596:TCP"= 32596:TCP:PORT_32596

"54750:TCP"= 54750:TCP:PORT_54750

"47184:TCP"= 47184:TCP:PORT_47184

"6075:TCP"= 6075:TCP:PORT_6075

"22993:TCP"= 22993:TCP:PORT_22993

"26191:TCP"= 26191:TCP:PORT_26191

"49041:TCP"= 49041:TCP:PORT_49041

"16891:TCP"= 16891:TCP:PORT_16891

"50887:TCP"= 50887:TCP:PORT_50887

"30485:TCP"= 30485:TCP:PORT_30485

"27969:TCP"= 27969:TCP:PORT_27969

"28281:TCP"= 28281:TCP:PORT_28281

"63610:TCP"= 63610:TCP:PORT_63610

"60031:TCP"= 60031:TCP:PORT_60031

"57910:TCP"= 57910:TCP:PORT_57910

"57410:TCP"= 57410:TCP:PORT_57410

"38639:TCP"= 38639:TCP:PORT_38639

"35567:TCP"= 35567:TCP:PORT_35567

"21996:TCP"= 21996:TCP:PORT_21996

"22298:TCP"= 22298:TCP:PORT_22298

"57875:TCP"= 57875:TCP:PORT_57875

"52543:TCP"= 52543:TCP:PORT_52543

"57423:TCP"= 57423:TCP:PORT_57423

"53066:TCP"= 53066:TCP:PORT_53066

"37326:TCP"= 37326:TCP:PORT_37326

"53081:TCP"= 53081:TCP:PORT_53081

"8281:TCP"= 8281:TCP:PORT_8281

"12230:TCP"= 12230:TCP:PORT_12230

"43922:TCP"= 43922:TCP:PORT_43922

"17485:TCP"= 17485:TCP:PORT_17485

"12422:TCP"= 12422:TCP:PORT_12422

"19246:TCP"= 19246:TCP:PORT_19246

"55840:TCP"= 55840:TCP:PORT_55840

"49450:TCP"= 49450:TCP:PORT_49450

"31584:TCP"= 31584:TCP:PORT_31584

"8576:TCP"= 8576:TCP:PORT_8576

"15653:TCP"= 15653:TCP:PORT_15653

"10680:TCP"= 10680:TCP:PORT_10680

"26816:TCP"= 26816:TCP:PORT_26816

"46145:TCP"= 46145:TCP:PORT_46145

"9297:TCP"= 9297:TCP:PORT_9297

"20258:TCP"= 20258:TCP:PORT_20258

"40032:TCP"= 40032:TCP:PORT_40032

"48038:TCP"= 48038:TCP:PORT_48038

"14329:TCP"= 14329:TCP:PORT_14329

"13848:TCP"= 13848:TCP:PORT_13848

"40692:TCP"= 40692:TCP:PORT_40692

"36768:TCP"= 36768:TCP:PORT_36768

"19024:TCP"= 19024:TCP:PORT_19024

"41013:TCP"= 41013:TCP:PORT_41013

"63969:TCP"= 63969:TCP:PORT_63969

"45950:TCP"= 45950:TCP:PORT_45950

"35475:TCP"= 35475:TCP:PORT_35475

"23344:TCP"= 23344:TCP:PORT_23344

"29031:TCP"= 29031:TCP:PORT_29031

"40273:TCP"= 40273:TCP:PORT_40273

"13210:TCP"= 13210:TCP:PORT_13210

"14525:TCP"= 14525:TCP:PORT_14525

"46544:TCP"= 46544:TCP:PORT_46544

"61748:TCP"= 61748:TCP:PORT_61748

"23530:TCP"= 23530:TCP:PORT_23530

"47268:TCP"= 47268:TCP:PORT_47268

"46551:TCP"= 46551:TCP:PORT_46551

"8770:TCP"= 8770:TCP:PORT_8770

"22782:TCP"= 22782:TCP:PORT_22782

"52094:TCP"= 52094:TCP:PORT_52094

"57004:TCP"= 57004:TCP:PORT_57004

"42060:TCP"= 42060:TCP:PORT_42060

"30336:TCP"= 30336:TCP:PORT_30336

"13497:TCP"= 13497:TCP:PORT_13497

"38778:TCP"= 38778:TCP:PORT_38778

"16551:TCP"= 16551:TCP:PORT_16551

"60993:TCP"= 60993:TCP:PORT_60993

"40192:TCP"= 40192:TCP:PORT_40192

"64933:TCP"= 64933:TCP:PORT_64933

"28509:TCP"= 28509:TCP:PORT_28509

"57919:TCP"= 57919:TCP:PORT_57919

"46795:TCP"= 46795:TCP:PORT_46795

"42224:TCP"= 42224:TCP:PORT_42224

"24692:TCP"= 24692:TCP:PORT_24692

"49860:TCP"= 49860:TCP:PORT_49860

"59192:TCP"= 59192:TCP:PORT_59192

"35236:TCP"= 35236:TCP:PORT_35236

"28426:TCP"= 28426:TCP:PORT_28426

"11843:TCP"= 11843:TCP:PORT_11843

"25466:TCP"= 25466:TCP:PORT_25466

"32891:TCP"= 32891:TCP:PORT_32891

"5598:TCP"= 5598:TCP:PORT_5598

"48442:TCP"= 48442:TCP:PORT_48442

"21031:TCP"= 21031:TCP:PORT_21031

"30546:TCP"= 30546:TCP:PORT_30546

"21926:TCP"= 21926:TCP:PORT_21926

"54419:TCP"= 54419:TCP:PORT_54419

"35321:TCP"= 35321:TCP:PORT_35321

"28713:TCP"= 28713:TCP:PORT_28713

"49458:TCP"= 49458:TCP:PORT_49458

"30808:TCP"= 30808:TCP:PORT_30808

"54683:TCP"= 54683:TCP:PORT_54683

"62836:TCP"= 62836:TCP:PORT_62836

"48735:TCP"= 48735:TCP:PORT_48735

"26766:TCP"= 26766:TCP:PORT_26766

"29675:TCP"= 29675:TCP:PORT_29675

"55196:TCP"= 55196:TCP:PORT_55196

"25993:TCP"= 25993:TCP:PORT_25993

"59680:TCP"= 59680:TCP:PORT_59680

"44671:TCP"= 44671:TCP:PORT_44671

"19746:TCP"= 19746:TCP:PORT_19746

"29833:TCP"= 29833:TCP:PORT_29833

"50763:TCP"= 50763:TCP:PORT_50763

"17661:TCP"= 17661:TCP:PORT_17661

"10548:TCP"= 10548:TCP:PORT_10548

"15868:TCP"= 15868:TCP:PORT_15868

"54228:TCP"= 54228:TCP:PORT_54228

"63860:TCP"= 63860:TCP:PORT_63860

"15818:TCP"= 15818:TCP:PORT_15818

"51938:TCP"= 51938:TCP:PORT_51938

"51417:TCP"= 51417:TCP:PORT_51417

"27133:TCP"= 27133:TCP:PORT_27133

"14796:TCP"= 14796:TCP:PORT_14796

"16719:TCP"= 16719:TCP:PORT_16719

"34465:TCP"= 34465:TCP:PORT_34465

"39476:TCP"= 39476:TCP:PORT_39476

"23283:TCP"= 23283:TCP:PORT_23283

"14813:TCP"= 14813:TCP:PORT_14813

"12275:TCP"= 12275:TCP:PORT_12275

"16137:TCP"= 16137:TCP:PORT_16137

"31948:TCP"= 31948:TCP:PORT_31948

"50649:TCP"= 50649:TCP:PORT_50649

"13741:TCP"= 13741:TCP:PORT_13741

"11919:TCP"= 11919:TCP:PORT_11919

"23259:TCP"= 23259:TCP:PORT_23259

"50313:TCP"= 50313:TCP:PORT_50313

"28744:TCP"= 28744:TCP:PORT_28744

"8372:TCP"= 8372:TCP:PORT_8372

"34431:TCP"= 34431:TCP:PORT_34431

"62653:TCP"= 62653:TCP:PORT_62653

"37555:TCP"= 37555:TCP:PORT_37555

"54095:TCP"= 54095:TCP:PORT_54095

"60083:TCP"= 60083:TCP:PORT_60083

"58813:TCP"= 58813:TCP:PORT_58813

"40051:TCP"= 40051:TCP:PORT_40051

"25735:TCP"= 25735:TCP:PORT_25735

"44282:TCP"= 44282:TCP:PORT_44282

"13698:TCP"= 13698:TCP:PORT_13698

"37363:TCP"= 37363:TCP:PORT_37363

"12489:TCP"= 12489:TCP:PORT_12489

"27203:TCP"= 27203:TCP:PORT_27203

"6703:TCP"= 6703:TCP:PORT_6703

"22082:TCP"= 22082:TCP:PORT_22082

"42798:TCP"= 42798:TCP:PORT_42798

"62270:TCP"= 62270:TCP:PORT_62270

"50611:TCP"= 50611:TCP:PORT_50611

"39441:TCP"= 39441:TCP:PORT_39441

"5012:TCP"= 5012:TCP:PORT_5012

"57723:TCP"= 57723:TCP:PORT_57723

"32160:TCP"= 32160:TCP:PORT_32160

"10689:TCP"= 10689:TCP:PORT_10689

"53823:TCP"= 53823:TCP:PORT_53823

"48018:TCP"= 48018:TCP:PORT_48018

"49690:TCP"= 49690:TCP:PORT_49690

"22215:TCP"= 22215:TCP:PORT_22215

"48368:TCP"= 48368:TCP:PORT_48368

"43500:TCP"= 43500:TCP:PORT_43500

"43308:TCP"= 43308:TCP:PORT_43308

"6813:TCP"= 6813:TCP:PORT_6813

"18036:TCP"= 18036:TCP:PORT_18036

"26429:TCP"= 26429:TCP:PORT_26429

"37511:TCP"= 37511:TCP:PORT_37511

"13406:TCP"= 13406:TCP:PORT_13406

"56158:TCP"= 56158:TCP:PORT_56158

"65520:TCP"= 65520:TCP:PORT_65520

"64813:TCP"= 64813:TCP:PORT_64813

"22436:TCP"= 22436:TCP:PORT_22436

"15122:TCP"= 15122:TCP:PORT_15122

"12356:TCP"= 12356:TCP:PORT_12356

"57038:TCP"= 57038:TCP:PORT_57038

"25583:TCP"= 25583:TCP:PORT_25583

"39985:TCP"= 39985:TCP:PORT_39985

"54610:TCP"= 54610:TCP:PORT_54610

"32984:TCP"= 32984:TCP:PORT_32984

"14942:TCP"= 14942:TCP:PORT_14942

"48391:TCP"= 48391:TCP:PORT_48391

"33038:TCP"= 33038:TCP:PORT_33038

"30045:TCP"= 30045:TCP:PORT_30045

"18172:TCP"= 18172:TCP:PORT_18172

"45673:TCP"= 45673:TCP:PORT_45673

"45898:TCP"= 45898:TCP:PORT_45898

"55610:TCP"= 55610:TCP:PORT_55610

"15536:TCP"= 15536:TCP:PORT_15536

"16906:TCP"= 16906:TCP:PORT_16906

"14236:TCP"= 14236:TCP:PORT_14236

"30345:TCP"= 30345:TCP:PORT_30345

"37266:TCP"= 37266:TCP:PORT_37266

"61110:TCP"= 61110:TCP:PORT_61110

"6172:TCP"= 6172:TCP:PORT_6172

"23926:TCP"= 23926:TCP:PORT_23926

"26922:TCP"= 26922:TCP:PORT_26922

"24700:TCP"= 24700:TCP:PORT_24700

"43708:TCP"= 43708:TCP:PORT_43708

"26583:TCP"= 26583:TCP:PORT_26583

"39035:TCP"= 39035:TCP:PORT_39035

"16078:TCP"= 16078:TCP:PORT_16078

"6783:TCP"= 6783:TCP:PORT_6783

"25243:TCP"= 25243:TCP:PORT_25243

"60098:TCP"= 60098:TCP:PORT_60098

"63008:TCP"= 63008:TCP:PORT_63008

"40133:TCP"= 40133:TCP:PORT_40133

"44133:TCP"= 44133:TCP:PORT_44133

"34297:TCP"= 34297:TCP:PORT_34297

"55317:TCP"= 55317:TCP:PORT_55317

"37701:TCP"= 37701:TCP:PORT_37701

 

R3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 08:36]

R3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\viasens.sys [2003-11-07 08:07]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-16 14:14]

S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-16 14:13]

S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-16 14:13]

S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-16 14:14]

S2 DNS Client (Dnscache);DNS Client (Dnscache);C:\Program Files\ProtectService\ProtectService.exe [2008-09-15 12:19]

 

.

Contents of the 'Scheduled Tasks' folder

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-22 17:32:51

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\WINDOWS\TEMP\0050e8b2-1076-41e9-bd3c-fc7455847072.tmp 0 bytes

 

 

**************************************************************************

.

Completion time: 2008-09-22 17:38:09

ComboFix-quarantined-files.txt 2008-09-22 16:36:57

ComboFix2.txt 2008-09-19 15:59:24

ComboFix3.txt 2008-09-18 22:00:48

 

Pre-Run: 13,547,462,656 bytes free

Post-Run: 13,529,198,592 bytes free

 

691 --- E O F --- 2008-09-11 11:47:28

Share this post


Link to post
Share on other sites
Sign in to follow this