Jump to content

deployJava1.dll rootkit


Recommended Posts

just ran a scan notice the deployjava1.dll ESET says my pc is clean. I also notice IE.5 stuff like GIFs with randomly capitalized names and combofix log found and deleted "c:\favoritevideo\invisibleFolder"

ComboFix 10-10-20.04 - Compu 10/21/2010 14:19:00.1.1 - x86

Running from: c:\documents and settings\Compu\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\favoritevideo\InvisibleFolder

.

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))

.

2010-10-21 17:42 . 2010-10-21 17:44 -------- d-----w- C:\MGtools

2010-10-21 06:09 . 2010-10-21 06:09 -------- d-----w- c:\documents and settings\Compu\Application Data\SUPERAntiSpyware.com

2010-10-21 06:09 . 2010-10-21 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-21 06:09 . 2010-10-21 06:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-21 04:48 . 2010-10-21 05:06 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2010-10-21 04:45 . 2010-10-21 04:45 2 --shatr- c:\windows\winstart.bat

2010-10-21 04:44 . 2010-10-07 18:26 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2010-10-21 04:44 . 2010-10-21 05:15 -------- d-----w- c:\program files\UnHackMe

2010-10-21 04:24 . 2010-10-21 04:24 -------- d-----w- c:\program files\UPHClean

2010-10-21 02:56 . 2010-10-21 02:56 -------- d-----w- c:\program files\Common Files\Java

2010-10-21 02:56 . 2010-10-21 02:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-21 02:44 . 2010-10-21 02:44 -------- d-----w- C:\Combo-Fix8180C

2010-10-21 00:14 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-10-21 00:14 . 2010-10-21 00:14 -------- d-----w- c:\program files\Panda Security

2010-10-20 17:56 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-10-20 01:42 . 2010-10-20 01:42 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-10-20 01:42 . 2010-10-20 02:06 -------- d-----w- c:\documents and settings\Compu\Application Data\Spyware Terminator

2010-10-20 01:42 . 2010-10-20 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2010-10-20 01:42 . 2010-10-20 02:05 -------- d-----w- c:\program files\Spyware Terminator

2010-10-20 01:04 . 2010-10-20 01:50 -------- d-----w- c:\documents and settings\Compu\Application Data\ScanSpyware

2010-10-19 22:42 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\mouhid.sys

2010-10-19 14:09 . 2010-10-19 14:09 -------- d-----w- c:\documents and settings\Compu\Local Settings\Application Data\ESET

2010-10-19 14:09 . 2010-10-19 14:09 -------- d-----w- c:\documents and settings\Compu\Application Data\ESET

2010-10-19 14:08 . 2010-10-19 14:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-10-19 14:07 . 2010-10-19 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2010-10-18 15:32 . 2010-10-19 14:07 -------- d-----w- c:\program files\ESET

2010-10-17 10:32 . 2010-10-17 10:32 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer

2010-10-17 10:28 . 2010-10-17 10:32 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer

2010-10-17 09:01 . 2010-10-17 09:01 -------- d-----w- c:\documents and settings\Compu\Local Settings\Application Data\Help

2010-10-17 09:00 . 2010-10-17 09:00 -------- d-----w- c:\documents and settings\Compu\Local Settings\Application Data\Threat Expert

2010-10-17 08:38 . 2010-01-22 16:56 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-10-17 08:38 . 2010-01-22 16:56 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-10-17 08:38 . 2010-01-22 16:56 1652688 ----a-w- c:\windows\PCTBDCore.dll

2010-10-17 08:38 . 2010-01-22 16:55 767952 ----a-w- c:\windows\BDTSupport.dll

2010-10-17 08:19 . 2010-02-05 16:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-10-17 08:19 . 2010-10-17 09:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-10-17 08:19 . 2009-11-23 20:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-10-17 08:19 . 2010-10-17 09:09 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-10-17 08:19 . 2010-10-21 06:01 -------- d-----w- c:\program files\Spyware Doctor

2010-10-17 08:19 . 2010-10-17 08:38 -------- d-----w- c:\program files\Common Files\PC Tools

2010-10-17 08:19 . 2010-10-17 08:19 -------- d-----w- c:\documents and settings\Compu\Application Data\PC Tools

2010-10-17 08:19 . 2010-10-17 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-10-17 07:40 . 2010-10-17 07:40 388096 ----a-r- c:\documents and settings\Compu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-16 18:15 . 2010-10-16 18:15 -------- d-----w- c:\documents and settings\Administrator

2010-10-14 09:03 . 2010-06-02 11:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-10-14 09:03 . 2010-06-02 11:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-10-14 09:03 . 2010-06-02 11:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-10-14 09:03 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-10-14 09:03 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-10-14 09:03 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2010-10-14 09:03 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-10-14 09:02 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-10-14 06:40 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2010-10-14 06:40 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 06:40 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 06:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-14 06:34 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys

2010-10-14 06:31 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-10-14 06:29 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-10-14 06:29 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-10-14 06:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-10-14 06:26 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-10-14 06:26 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-10-14 06:26 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-10-14 06:26 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-10-14 06:26 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2010-10-14 06:26 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-10-14 06:26 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-10-14 06:26 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-10-14 06:26 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-10-14 06:26 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-10-14 06:26 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-10-14 06:26 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-10-14 06:24 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-10-14 06:23 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-10-14 06:23 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-10-14 05:00 . 2008-04-14 05:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-10-14 05:00 . 2008-04-14 12:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-10-14 05:00 . 2008-04-14 05:57 79872 ----a-w- c:\windows\system32\msxml6r.dll

2010-10-14 04:54 . 2008-04-14 12:42 3901 ------w- c:\windows\system32\drivers\siint5.dll

2010-10-14 04:53 . 2006-12-29 07:31 19569 ----a-w- c:\windows\002859_.tmp

2010-10-14 04:44 . 2010-10-14 04:44 -------- d-----w- c:\windows\EHome

2010-10-14 02:44 . 2010-10-14 02:44 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-10-13 04:40 . 2010-10-13 04:41 -------- d-----w- c:\program files\Wireshark

2010-10-10 00:59 . 2010-10-10 00:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple

2010-09-28 10:28 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe

2010-09-28 10:28 . 2008-09-24 17:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys

2010-09-28 10:28 . 2010-09-28 10:28 -------- d-----w- c:\program files\Realtek AC97

2010-09-28 10:27 . 2006-12-08 22:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe

2010-09-28 10:27 . 2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe

2010-09-28 10:27 . 2006-11-17 12:40 18804736 ----a-w- c:\windows\system32\alsndmgr.cpl

2010-09-28 10:27 . 2006-10-18 09:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll

2010-09-28 10:27 . 2006-07-31 18:27 217088 ----a-w- c:\windows\Alcrmv.exe

2010-09-28 10:27 . 2006-07-31 18:19 315392 ----a-w- c:\windows\alcupd.exe

2010-09-28 08:26 . 2010-09-28 08:27 -------- d-----w- c:\documents and settings\Compu\Application Data\Replay Media Catcher 4

2010-09-28 08:10 . 2010-09-28 08:10 -------- d-----w- c:\documents and settings\Compu\Local Settings\Application Data\Jaksta_Pty_Ltd

2010-09-28 08:07 . 2010-09-28 08:07 -------- d-----w- c:\program files\Applian Technologies

2010-09-26 14:35 . 2010-09-26 14:35 -------- d-----w- c:\program files\iPod

2010-09-25 15:38 . 2010-09-25 15:38 -------- d-----w- c:\windows\UltraDefrag

2010-09-24 07:49 . 2010-09-24 07:49 8704 ----a-w- c:\windows\system32\bootexctrl.exe

2010-09-24 07:49 . 2010-09-24 07:49 11776 ----a-w- c:\windows\system32\wgx.dll

2010-09-24 07:49 . 2010-09-24 07:49 24576 ----a-w- c:\windows\system32\udefrag.exe

2010-09-24 07:49 . 2010-09-24 07:49 14848 ----a-w- c:\windows\system32\lua5.1a_gui.exe

2010-09-24 07:49 . 2010-09-24 07:49 10752 ----a-w- c:\windows\system32\lua5.1a.exe

2010-09-24 07:48 . 2010-09-24 07:48 92160 ----a-w- c:\windows\system32\lua5.1a.dll

2010-09-24 07:48 . 2010-09-24 07:48 8192 ----a-w- c:\windows\system32\udefrag.dll

2010-09-24 07:48 . 2010-09-24 07:48 6144 ----a-w- c:\windows\system32\hibernate4win.exe

2010-09-24 07:48 . 2010-09-24 07:48 48640 ----a-w- c:\windows\system32\udefrag-kernel.dll

2010-09-24 07:48 . 2010-09-24 07:48 47104 ----a-w- c:\windows\system32\zenwinx.dll

2010-09-24 07:48 . 2010-09-24 07:48 88064 ----a-w- c:\windows\system32\defrag_native.exe

2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Compu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-26 136176]

"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-10-07 594200]

"Steam"="c:\program files\Steam\Steam.exe" [2010-09-28 1242448]

"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]

"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-04-26 185800]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Livestation"="c:\program files\Livestation\Livestation.exe" [2010-07-08 4431872]

"JumiController"="c:\program files\Jumi\Jumi.exe" [2010-03-27 1727488]

"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2010-04-23 177608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2010-07-08 49152]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-01 202256]

"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-11-08 913412]

"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2010-07-08 53248]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2010-07-08 147456]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

c:\documents and settings\Compu\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2009-12-29 292296]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-15 576000]

PowerReg Scheduler.exe [2009-10-25 256000]

PPS.lnk - c:\program files\PPStream\PPStream.exe [2010-4-8 2671496]

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"O&O Defrag"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Land Warrior\\Update.exe"=

"c:\\Program Files\\NovaLogic\\Delta Force Land Warrior\\DFLW.EXE"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"=

"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=

"c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"=

"c:\\Program Files\\uusee\\UUSeePlayer.exe"=

"c:\\Program Files\\PPStream\\PPStream.exe"=

"c:\\Program Files\\PPStream\\PPSAP.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"3246:TCP"= 3246:TCP:Services

"2479:TCP"= 2479:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

"8000:UDP"= 8000:UDP:SPF Port 8000 UDP

"8000:TCP"= 8000:TCP:SPF Port 8000 TCP

"8001:UDP"= 8001:UDP:SPF Port 8001 UDP

"8001:TCP"= 8001:TCP:SPF Port 8001 TCP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/20/2010 5:14 PM 28552]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/17/2010 1:19 AM 218592]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/19/2010 6:42 PM 142592]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8/12/2010 2:16 PM 810144]

R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [12/29/2009 9:08 AM 148936]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/22/2010 6:19 PM 10448]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]

R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [7/23/2009 12:07 PM 6528]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2/20/2010 9:37 PM 17792]

S2 0018391273802443mcinstcleanup;McAfee Application Installer Cleanup (0018391273802443); [x]

S2 0073951274376103mcinstcleanup;McAfee Application Installer Cleanup (0073951274376103); [x]

S2 0092291273523744mcinstcleanup;McAfee Application Installer Cleanup (0092291273523744); [x]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/17/2010 1:38 AM 112592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [7/9/2010 1:18 PM 267720]

S3 appliandMP;appliandMP; [x]

S3 cpuz133;cpuz133;\??\c:\docume~1\Compu\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys --> c:\docume~1\Compu\LOCALS~1\Temp\cpuz133\cpuz133_x32.sys [?]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/28/2010 6:55 PM 23456]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/14/2010 5:13 PM 14424]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 7:05 AM 14904]

S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [8/23/2009 7:34 PM 13225]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [10/20/2010 9:48 PM 24416]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/1/2009 4:49 PM 34384]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/17/2010 1:19 AM 366840]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/13/2010 12:24 AM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER

*Deregistered* - UnHackMeDrv

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-879983540-839522115-1004Core.job

- c:\documents and settings\Compu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-26 21:22]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-879983540-839522115-1004UA.job

- c:\documents and settings\Compu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-26 21:22]

2010-10-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job

- c:\program files\Microsoft IntelliType Pro\itype.exe [2010-07-22 00:07]

2010-10-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-879983540-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-10-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-879983540-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-10-21 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-04-08 04:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = local;*.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ʹ

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.