Bloodhound

View previous topic View next topic Go down

Solved Bloodhound

Post by crazyazn62 on 9th December 2008, 4:41 pm

reading up on this i know its old, and ive tried various things but its really more of an annoyance than a problem. thank you!
and if you find anything else thats unecessary let me know i love having a clean computer. progarms and all

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:55 AM, on 12/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\j-le2\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Symantec AntiVirus\SavUI.exe
c:\Users\j-le2\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\j-le2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [You must be registered and logged in to see this link.] Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\j-le2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\j-le2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SF.PACIFIC.EDU
O17 - HKLM\Software\..\Telephony: DomainName = sf.pacific.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SF.PACIFIC.EDU
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10961 bytes


Last edited by crazyazn62 on 9th December 2008, 4:43 pm; edited 1 time in total

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by crazyazn62 on 9th December 2008, 4:42 pm

2007 Microsoft Office system
7-Zip 4.57
Absolute Poker
Adobe Acrobat 8.1.3 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Shockwave Player
AIM 6
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
BitLord 1.1
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
Bonjour
Broadcom Management Programs
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
ClinCheck 2.5
Combined Community Codec Pack 2008-09-21 16:18
Computer Age Dentist
Conexant HDA D110 MDC V.92 Modem
DC++ 0.695
Debugging Tools for Windows (x86)
Dell Wireless WLAN Card
Digital Line Detect
DigitalPersona Platinum Fingerprint Recognition Software 3.3.0
DivX Codec
DivX Converter
DivX Web Player
Fiesta
Free Ipod Video Converter V 2.4
GroupWise
HijackThis 2.0.2
Interactive Dental Anatomy
iTunes
Java(TM) SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)
Microsoft LifeChat
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Speech SDK 5.1
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MiPACS Dental Enterprise Viewer
MiPACS Dental Enterprise Viewer setup
mIRC
Mjuice Components
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Neffy 1,2,0,12
NetWaiting
NVIDIA Drivers
PS3 Video 9 2.25
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Outlook 2007 (KB946983)
SigmaTel Audio
Sonic Activation Module
Sonic Audio module
Symantec AntiVirus
System Requirements Lab
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
URL Assistant
User's Guides
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Winamp (Remove Only)
Windows Media Player Firefox Plugin
Windows NT Messaging
WinRAR archiver

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by Belahzur on 9th December 2008, 4:56 pm

Hello.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by crazyazn62 on 10th December 2008, 2:31 am

ComboFix 08-12-07.04 - j-le2 2008-12-09 18:24:33.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1129 [GMT -8:00]
Running from: c:\users\j-le2\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf
.
---- Previous Run -------
.
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-05 22:22 . 2008-09-26 23:00 230,752 --a------ c:\windows\patchw32.dll
2008-12-05 22:22 . 2008-09-26 23:00 118,176 --a------ c:\windows\patchw.dll
2008-12-05 20:24 . 2008-12-09 18:21 d-------- c:\users\j-le2\AppData\Roaming\DNA
2008-12-05 20:24 . 2008-12-09 18:20 d-------- c:\program files\DNA
2008-12-05 14:51 . 2008-09-09 19:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-12-05 14:51 . 2008-09-04 20:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-12-05 14:51 . 2008-08-25 17:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-05 14:51 . 2008-09-09 19:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-12-05 14:51 . 2008-09-04 20:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-12-03 09:44 . 2008-12-03 09:44 d-------- c:\users\j-le2\AppData\Roaming\Malwarebytes
2008-12-03 09:43 . 2008-12-03 09:43 d-------- c:\programdata\Malwarebytes
2008-12-03 09:43 . 2008-12-03 09:44 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 09:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-03 09:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-02 00:32 . 2008-12-02 00:32 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 00:32 . 2008-12-02 00:32 d-------- c:\program files\iTunes
2008-12-02 00:32 . 2008-12-02 00:32 d-------- c:\program files\iPod
2008-11-23 10:35 . 2008-11-23 10:35 d-------- c:\programdata\acccore
2008-11-14 21:35 . 2008-11-14 21:36 d-------- c:\users\j-le2\AppData\Roaming\Media Player Classic
2008-11-11 19:40 . 2008-11-11 19:40 d-------- c:\program files\Combined Community Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 00:09 323,585 ----a-w c:\programdata\nvModes.dat
2008-12-09 22:30 --------- d-----w c:\program files\DC++
2008-12-06 11:01 --------- d-----w c:\programdata\Microsoft Help
2008-12-06 06:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 06:16 --------- d-----w c:\program files\Outspark
2008-12-02 08:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 08:31 --------- d-----w c:\program files\QuickTime
2008-11-23 18:36 --------- d-----w c:\program files\AIM6
2008-11-23 18:35 --------- d-----w c:\programdata\Viewpoint
2008-11-23 18:35 --------- d-----w c:\program files\Viewpoint
2008-11-23 18:27 --------- d-----w c:\programdata\AOL Downloads
2008-11-18 05:14 --------- d-----w c:\program files\DivX
2008-11-17 02:21 --------- d-----w c:\users\j-le2\AppData\Roaming\mIRC
2008-11-17 02:20 --------- d-----w c:\program files\mIRC
2008-10-30 08:12 --------- d-----w c:\programdata\NVIDIA
2008-10-29 19:21 --------- d-----w c:\program files\GamesCampus
2008-10-29 15:18 174,989 ----a-w c:\users\j-le2\AppData\Roaming\nvModes.dat
2008-10-15 19:02 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-10-12 17:16 --------- d-----w c:\programdata\FLEXnet
2008-10-11 20:28 --------- d-----w c:\program files\OGPlanet
2008-10-10 16:26 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-26 10:09 174 --sha-w c:\program files\desktop.ini
2004-12-22 02:34 25,214 ----a-w c:\program files\dplogo32.ico
2007-05-01 23:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-01 23:15 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-01 23:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-02 16:57 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-02 16:57 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-02 16:57 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-23 01:09 80 --sha-r c:\windows\System32\DA64F8564E.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Google Update"="c:\users\j-le2\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-05 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-03-08 77824]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-14 151552]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="sttray.exe" [2006-12-01 c:\windows\sttray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= ixplores.exe
"2"= winopz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\scripts\Shutdown\0\0]
"script"=shutdown.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1114\scripts\Logon\0\0]
"script"=lognPCSC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1114\scripts\Logon\1\0]
"script"=lognCMLs.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1114\scripts\Logon\2\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1114\scripts\Logon\3\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1133\scripts\Logon\0\0]
"script"=lognPCSC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1133\scripts\Logon\1\0]
"script"=lognCMLs.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1133\scripts\Logon\2\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1133\scripts\Logon\3\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1153\scripts\Logon\0\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-1153\scripts\Logon\1\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-4789\scripts\Logon\0\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-4789\scripts\Logon\1\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-4790\scripts\Logon\0\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-4790\scripts\Logon\1\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-7798\scripts\Logon\0\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-7798\scripts\Logon\1\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-7806\scripts\Logon\0\0]
"script"=Mandatory.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2262346067-1487338083-1717137528-7806\scripts\Logon\1\0]
"script"=Mandatory.bat

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by crazyazn62 on 10th December 2008, 2:33 am

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 06:29 67752 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeChat]
--a------ 2007-01-26 14:31 259440 c:\program files\Microsoft LifeChat\LifeChat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2006-08-17 08:00 1116920 c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2262346067-1487338083-1717137528-7798]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95B2FDF8-14F9-4126-8EFD-24C2EB7478B7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7C646339-1E71-4264-B722-131B26341EC5}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{2479DFA2-0C99-4BA9-8BD3-763B956A58B8}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{4D6FFDB4-F3E4-4D6D-ADB0-2B66A29B152E}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{7AD08F64-3DCC-4B60-ABE4-51220DB9AC0A}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{7B51AD9F-CCE5-458B-8090-E4E8B6436569}g:\\mipacs\\mipacsclientmv31_678\\misc\\dirviewer\\midentview.exe"= UDP:g:\mipacs\mipacsclientmv31_678\misc\dirviewer\midentview.exe:MiDentView
"UDP Query User{CC3CD8BE-CA90-4806-8402-C71A57E4C903}g:\\mipacs\\mipacsclientmv31_678\\misc\\dirviewer\\midentview.exe"= TCP:g:\mipacs\mipacsclientmv31_678\misc\dirviewer\midentview.exe:MiDentView
"{9A682E37-E40B-45D1-9906-1EF5BB1611C8}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{18E8F7F8-E080-4A8D-94C2-78EB0113DF8E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{4E097351-2557-4233-A7FE-42C73151E1B9}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{FE703FED-2DAD-41F7-99B1-3716A2122992}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{83AA0F14-BF0F-479C-947B-817CA2C6BFA4}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{537D3314-980C-43C6-9D71-05BCD879A771}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"{BA0CD98A-94F0-40E8-B0BD-26060A7A2C72}"= UDP:c:\program files\Microsoft Office\Office12\OUTLOOK.EXE:Outlook
"{601B665D-7CF5-4374-84D9-E8BEE61BA9B3}"= TCP:c:\program files\Microsoft Office\Office12\OUTLOOK.EXE:Outlook
"TCP Query User{10D73CD6-8185-4A12-83FE-2B221CF174EF}c:\\program files\\dirviewer\\midentview.exe"= UDP:c:\program files\dirviewer\midentview.exe:MiDentView
"UDP Query User{732B7E2C-308A-403B-ADCE-9E9C2E76AFCA}c:\\program files\\dirviewer\\midentview.exe"= TCP:c:\program files\dirviewer\midentview.exe:MiDentView
"{A180DCC3-01AA-4EE2-8752-A21B30294C80}"= UDP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{1E36A3BD-A9B2-4E0E-BB5E-769181087120}"= TCP:c:\novell\GroupWise\grpwise.exe:Novell GroupWise
"{E966FD65-C3A4-4011-8560-D1FA74BA8FEA}"= UDP:c:\novell\GroupWise\notify.exe:Novell Notify
"{A0003FAF-C627-4F59-B581-3DE75DF2A8CA}"= TCP:c:\novell\GroupWise\notify.exe:Novell Notify
"{03539B03-0ACE-4C4B-BB67-56B533E88C5D}"= UDP:c:\program files\Microsoft Office\Office12\OUTLOOK.EXE:Outlook
"{22BD0F53-6373-41B5-AA72-1B2D957679A1}"= TCP:c:\program files\Microsoft Office\Office12\OUTLOOK.EXE:Outlook
"TCP Query User{4516D281-A9C7-41BC-AB9F-B620099AF166}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{34DDBBD6-183C-4020-9122-A9839D49CDD1}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{D0ACCB6C-4756-4592-B588-E90772C3A3AA}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{C35D3255-F1F2-4F35-8F33-A02BB8E9D46B}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{D1D8967C-BE72-494E-9E45-81CCD7BEA762}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{34B94957-2678-4CAA-BA67-CB58D137F849}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{8B4FB198-B67C-4CAE-BAF4-7B672AC3C503}c:\\program files\\aim95\\aim.exe"= UDP:c:\program files\aim95\aim.exe:AOL Instant Messenger (SM)
"UDP Query User{646101F0-55A8-4287-B552-6BD07D9F4E50}c:\\program files\\aim95\\aim.exe"= TCP:c:\program files\aim95\aim.exe:AOL Instant Messenger (SM)
"TCP Query User{01BC6A4A-379F-4F3A-A7BA-209E9CC804BF}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{77190872-E2FB-4D36-834F-344153F0EAF2}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{6C24F678-E976-45ED-98FB-C342D4C01122}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{745DD27D-D183-41C1-B061-A2601E7B2876}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{9D758A3E-9122-4F89-861B-A8544B5B09DD}c:\\program files\\aim95\\aim.exe"= UDP:c:\program files\aim95\aim.exe:AOL Instant Messenger (SM)
"UDP Query User{379EF03D-3DF6-4523-A4E1-9A3E0F8E4E9E}c:\\program files\\aim95\\aim.exe"= TCP:c:\program files\aim95\aim.exe:AOL Instant Messenger (SM)
"{96BE3C81-C9CB-4CD2-A88B-823487B05609}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{75404D66-197D-4493-8C82-73525CDD132F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{3FE1960F-DA53-4D99-87CC-2ECE33034BDA}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{7EE9BF14-520C-4D60-8DDC-0154C34E6C00}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{DAE33BA3-45A0-40C2-BE4A-013F2A83F852}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{794B5F68-BECA-4625-8594-83ED41DE0A17}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{32668D03-59B0-471E-A6D2-0262E41AE193}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{29426754-F58F-4242-9499-1FF826B3910D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{0D353CBB-3D04-43B4-91FA-653D297F4DFD}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{031C2CC2-CF36-4D9A-94B2-EED27CFA0135}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{0CE90152-5D3E-429C-BFA1-8340A0B7E7E9}c:\\program files\\graboid\\tools\\nntp\\archiver.exe"= UDP:c:\program files\graboid\tools\nntp\archiver.exe:archiver
"UDP Query User{849E03F1-8F7D-4E88-A930-3A59E38DA32F}c:\\program files\\graboid\\tools\\nntp\\archiver.exe"= TCP:c:\program files\graboid\tools\nntp\archiver.exe:archiver
"TCP Query User{45676A02-3F74-4F52-B77F-330E696E2D05}c:\\program files\\graboid\\tools\\nntp\\player.exe"= UDP:c:\program files\graboid\tools\nntp\player.exe:player
"UDP Query User{B70D659D-A917-4A59-A455-3FB9C68ED75D}c:\\program files\\graboid\\tools\\nntp\\player.exe"= TCP:c:\program files\graboid\tools\nntp\player.exe:player
"TCP Query User{AE1EA41B-1CB7-485A-BB12-D7F1FB8E4BED}c:\\program files\\graboid\\tools\\media\\vlc\\vlc.exe"= UDP:c:\program files\graboid\tools\media\vlc\vlc.exe:VLC media player
"UDP Query User{4C84ACE1-03A0-4886-8DBA-59DFACB3BE36}c:\\program files\\graboid\\tools\\media\\vlc\\vlc.exe"= TCP:c:\program files\graboid\tools\media\vlc\vlc.exe:VLC media player
"TCP Query User{E3292BD3-1AE7-49DD-8FBA-5F257582DE36}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{57F73C70-2E75-4D28-B5B9-30D5C89BD305}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"{A38B1AF1-7D34-4142-A296-F29A5D7984C0}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DF120F3B-70A4-42F1-AB44-54CCD1644A93}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AEF21059-5584-4147-B6E0-26B66D04762A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A4A4A250-0A62-41D8-8B15-1F3F234F847B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B9AD7555-427D-4DC0-BC6B-860B9A5C7982}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{CDA60426-BD1E-456A-9613-2A0B49CCAC9F}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{5105ACE6-B55E-4F42-90E2-77E23FD68658}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2466C8EC-59C1-4B6D-931F-249B338576E9}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{D247ABC7-C928-43C9-A9B4-B08A791E60F9}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game
"UDP Query User{D7AD1764-5874-4A68-98B6-BE653D2076ED}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game
"TCP Query User{C334638A-9D6A-454F-9E73-F036A54A7AC7}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game
"UDP Query User{1AFBEC3F-227E-4038-BD0C-D4DD4E081148}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game
"TCP Query User{D33F6AEE-05C7-49B5-A001-2F7BC2121B65}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game
"UDP Query User{3B7115EB-7342-427D-9BA3-015A6C1B7B09}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game
"TCP Query User{71FDB9CD-C5B3-45F0-B2A7-46A81C27AE67}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{936C5BC6-F6AD-4FD0-97CD-0237C3169004}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{FC6F768F-E9FF-44E0-B249-40CFD73339B6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4FA17A29-6200-480D-B1FF-655381325349}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5FEDFBDD-E2E0-4C32-BC40-61A497E68181}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{93F2B0AB-D1D4-4011-8FCE-A297EF6E3854}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{37B00BD0-8BAB-4663-B523-CB234587B255}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{29F3DEE0-5ACB-4B8F-A224-1065CC2E806A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8872825C-CFCD-4F5C-8E04-0DDD2E1C8C94}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{2AE00314-CFD6-4B4E-AA68-6E85A7C987F0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{2CA1DF60-7333-426F-8C1C-C71D796A76BE}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{C43B9FB4-533A-4348-95DB-D975A861B1D9}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-11-28 122008]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-31 99376]
S3 dpK00701;U.are.U® Fingerprint Reader Upper Driver;c:\windows\system32\DRIVERS\dpK00701.sys [2007-01-29 46592]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
S3 usbdpfp;U.are.U® Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2007-01-29 47104]

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by crazyazn62 on 10th December 2008, 2:34 am

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2605088e-25c1-11dc-8a38-806e6f6e6963}]
\shell\AutoRun\command - E:\START.EXE readme.HTM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a202648-811b-11dc-a277-00188bd77448}]
\shell\AutoRun\command - F:\atlas3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\j-le2\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-08 12:16]

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{B495A524-35D6-462C-93F1-A948AB4C739F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 01:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\j-le2\AppData\Roaming\Mozilla\Firefox\Profiles\6t48c8he.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\users\j-le2\AppData\Local\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\users\j-le2\AppData\Roaming\Mozilla\Firefox\Profiles\6t48c8he.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-09 18:27:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(644)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2008-12-09 18:29:23
ComboFix-quarantined-files.txt 2008-12-10 02:29:20

Pre-Run: 8,162,885,632 bytes free
Post-Run: 9,882,644,480 bytes free

326 --- E O F --- 2008-12-06 11:01:34

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by Belahzur on 10th December 2008, 2:38 am

Hello.
Log looks clean, but I see a modified logon/shutdown script, did you set these yourself?


  • Now open a new notepad file.
  • Input this into the notepad file:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2605088e-25c1-11dc-8a38-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a202648-811b-11dc-a277-00188bd77448}]

  • Save this as fix.reg, save it to your desktop.
  • Double click fix.reg to run it.
  • Select yes to the registry merge prompt.


What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by crazyazn62 on 10th December 2008, 4:56 am

not sure what a modified logon/shutdown script. this computer was given to me by the school and it has some sort of logging account thing and they monitor my activity to an extent. just wodnering if this registry script will change anything that might make me not be able to connect with the school network. thank you!

crazyazn62
Novice
Novice

Posts Posts : 34
Joined Joined : 2008-12-03
OS OS : Windows Vista and Windows XP
Points Points : 29356
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by Belahzur on 10th December 2008, 2:29 pm

Hello.
This reg fix won't change connection with the school network.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Bloodhound

Post by Doctor Inferno on 15th January 2009, 8:12 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104610
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum