| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92701 | 2008-08-19 07:38:00 | Browser Hijacked | Blam (54) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698690 | 2008-08-25 11:53:00 | [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{DA806815-2928-4C36-BEDB-185A3F2779BE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{964B2A7A-27A3-4779-BC64-6E411BA91393}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "{1252A1A8-CE52-48C4-A7D0-4359BAD1791F}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service "{37B2D698-1B83-4B46-8CD9-D39F7372DCE6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5C471523-00C5-4EC4-B9E5-18027D7405C3}C:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs "UDP Query User{DDFCA996-F226-4CA9-B640-35FC36A73055}C:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs "{EA3AD50B-284F-451F-B566-E473FB8E5DD0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{23705D63-9538-48B8-BC2C-F22E094F9EE8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{FD4C0163-CDB1-484E-AF39-33BD4A5B95C8}"= UDP:C:\Program Files\Ice Cream Tycoon\ICT.exe:Ice Cream Tycoon "{EE774825-3ABF-4695-9739-DA5D2743B1D6}"= TCP:C:\Program Files\Ice Cream Tycoon\ICT.exe:Ice Cream Tycoon "TCP Query User{42E4F08B-8830-4C63-A146-1FE10429D525}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D3FD9185-4061-4839-8630-64AB0C859979}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{EFFABC88-1142-45A8-9AD3-9C04915C6791}C:\\program files\\crossloop\\crossloopconnect.exe"= UDP:C:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "UDP Query User{35A30BC4-F612-4B49-97CE-3DBD3399BC50}C:\\program files\\crossloop\\crossloopconnect.exe"= TCP:C:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "TCP Query User{13652786-44D8-4C91-A067-FE29154273AB}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{107B4F44-BD03-4D6B-AD26-4C97A7BA66FC}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher "TCP Query User{0D88326B-6662-4228-AA84-DFDA5F1B8874}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade "UDP Query User{169A31E4-448F-4129-8A9E-5C3B569DC9A3}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade "TCP Query User{DA22228B-61B0-4656-B64C-3BAFCA5B7897}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{9C7DDA92-D576-4401-A594-CA45DF4D331C}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher "TCP Query User{623750C5-7B4C-42A3-8F87-75F045104C02}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{3DF66769-C973-4FC3-B395-1B8F56FD7038}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{958A4C75-634F-4912-8351-B289BECA9720}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "UDP Query User{0BCCF79A-F75E-4F3F-838A-03ECB199138D}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV "{3814DE87-AC92-460F-9880-CB0C3AA0AEFC}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP) "{F2688E47-2FAC-4A05-865C-20143B996F72}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP) "TCP Query User{27DFC128-DECB-4FEC-8B5B-05E2EE2AECD3}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{FD07D66B-69BA-477C-BC84-A7D5BD131F3C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{F0C960F5-0E17-429F-A73D-8CCAF2183333}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{DE59728B-F5B4-41B9-BC44-91B2F451F07C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{27B8A24A-C21F-432A-97B1-70D76A72F6F7}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{C66B37A8-9D83-4503-863F-2F1942CF6DCC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{7563AABB-10A8-42CC-A84C-C679236625DE}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{35A15CC1-F285-4460-8D1C-E12624F1FE04}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "{F6C0294E-5C0B-4874-BA93-B0A59C599041}"= C:\Program Files\Skype\Phone\Skype.exe:Skype |
Blam (54) | ||
| 698691 | 2008-08-25 11:54:00 | "TCP Query User{970295E3-E05C-4B08-A026-345ECCE14D4A}C:\\program files\\ogplanet\\bb tanks\\game.exe"= UDP:C:\program files\ogplanet\bb tanks\game.exe:BBTanks Launcher "UDP Query User{A94755E8-77D7-4704-B770-9B2E9E6051D8}C:\\program files\\ogplanet\\bb tanks\\game.exe"= TCP:C:\program files\ogplanet\bb tanks\game.exe:BBTanks Launcher "TCP Query User{D4FB043A-56F4-4A8F-AF1C-8BAA2483C837}C:\\program files\\xchat\\xchat.exe"= UDP:C:\program files\xchat\xchat.exe:XChat IRC Client "UDP Query User{3F946F02-C8BD-4870-A81F-35E8C67431BA}C:\\program files\\xchat\\xchat.exe"= TCP:C:\program files\xchat\xchat.exe:XChat IRC Client "{1BF30BF2-A489-4AE3-B0FE-CE17ABEA012C}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "{520E1CC0-F778-4AC9-B21B-BB0CD69DE691}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War "TCP Query User{DE1A85DF-6238-47C7-B496-03A5ADB62DFC}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "UDP Query User{9B4E9521-3583-4AFC-B9DE-AD70722CF0E6}C:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox "TCP Query User{8C66D16B-C12D-49F8-8950-B642E79F4D14}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{16855C45-17FD-43D0-959A-88A7E59559AD}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "TCP Query User{26E1EFAC-2906-4DB3-A49A-B7AA1736E9F7}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{2962CA78-708E-49A5-8F13-60B7A49924DC}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "{65718524-FD67-497D-8ED4-25432DE4E400}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{969A9FF1-A858-4EC7-9D90-6AB53A0028CA}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "UDP Query User{15F734D7-FF89-4377-ABF6-749BBF6C75D5}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclip se\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.1 .1.200707311521\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plu gins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.20070 7311521\jre\bin\expeditorw.exe:J9 launcher (without console window) "TCP Query User{E0B2D7C1-19C7-4B03-9906-80E700A9A9F7}C:\\program files\\valix netsearch\\valix netsearch.exe"= UDP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "UDP Query User{C3289091-197C-4D6C-A74C-415AB2D420EA}C:\\program files\\valix netsearch\\valix netsearch.exe"= TCP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "TCP Query User{D787FCC3-F752-45F9-8A58-B07C6C1C1BF7}C:\\program files\\valix netsearch\\valix netsearch.exe"= UDP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "UDP Query User{04B8336E-A7B2-4D58-A28B-E8E3EEC7EB74}C:\\program files\\valix netsearch\\valix netsearch.exe"= TCP:C:\program files\valix netsearch\valix netsearch.exe:Valix NetSearch "{A55F1D4C-21A8-4FF4-AB72-1F9B365065CE}"= UDP:C:\Program Files\Macrium\Reflect\reflect.exe:reflect "{5EF30288-A702-4258-9FFF-1039D0211218}"= TCP:C:\Program Files\Macrium\Reflect\reflect.exe:reflect "{ED74EA0A-CE77-410B-846A-124031D5CBD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4F04A9A9-84EF-44CF-81BC-0671B66512F8}"= UDP:I:\Dreamweaver 8 protable.exe:Dreamweaver 8 protable "{74DA64AC-CDB8-4034-A6A3-0943CB769BAA}"= TCP:I:\Dreamweaver 8 protable.exe:Dreamweaver 8 protable "{11CB2F8E-A70B-47E4-94F3-BF428188B09B}"= UDP:I:\UTORRENT\utorrent.exe:µTorrent "{EBFF0E11-1CBA-424E-AD43-98CBBFD3AAB4}"= TCP:I:\UTORRENT\utorrent.exe:µTorrent "{3EFCFCEC-C5CA-4B1F-B2E7-8CC8AFE4A36B}"= UDP:I:\UTORRENT\utorrent.exe:µTorrent "{389A22AC-B994-4FFC-BFB9-781299A18EBA}"= TCP:I:\UTORRENT\utorrent.exe:µTorrent "{57B6E503-1EA4-4B5A-ADC5-C7CD79B86C02}"= UDP:H:\UTORRENT\utorrent.exe:µTorrent "{A4021550-21F0-47E8-9260-7C6C13513B33}"= TCP:H:\UTORRENT\utorrent.exe:µTorrent |
Blam (54) | ||
| 698692 | 2008-08-25 11:55:00 | "TCP Query User{6C7DFE5C-017A-40A3-BC61-19D5C722C1FA}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{E49A42A3-723A-4F44-BF3C-24B324FF8761}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{1BB065D9-5FB3-4D20-B78E-1C212AC07D86}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{24563351-AD03-492F-B32C-71A4DB562BC4}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{FED56516-F400-45EF-BABA-936E17A878C6}E:\\halo\\halo.exe"= UDP:E:\halo\halo.exe:Halo "UDP Query User{77B0E10C-FE27-45BF-810A-E54CB93A52D1}E:\\halo\\halo.exe"= TCP:E:\halo\halo.exe:Halo "TCP Query User{C90D7C9D-C67F-4F91-B70A-AE298C861690}D:\\settings\\desktop\\halo\\halo.exe"= UDP:D:\settings\desktop\halo\halo.exe:Halo "UDP Query User{02DDCB0B-3038-41D9-802A-6CBFCCC383F8}D:\\settings\\desktop\\halo\\halo.exe"= TCP:D:\settings\desktop\halo\halo.exe:Halo "TCP Query User{8698D004-D3C0-418B-BB12-5AF1F02AFF6E}C:\\program files\\asus\\wl-520gu wireless router utilities\\discovery.exe"= UDP:C:\program files\asus\wl-520gu wireless router utilities\discovery.exe:ASUS Device Discovery Application "UDP Query User{7757D32B-A514-493C-8436-F3099E417D70}C:\\program files\\asus\\wl-520gu wireless router utilities\\discovery.exe"= TCP:C:\program files\asus\wl-520gu wireless router utilities\discovery.exe:ASUS Device Discovery Application "TCP Query User{E7A0F802-9F30-463E-A08A-D9D6BEB3E354}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{4AFEB00F-1B77-47F9-9EDA-18A228B358A0}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "{5EDC1597-A017-4AD5-A909-75F841997A38}"= UDP:H:\UTORRENT\utorrent.exe:µTorrent "{7D5B0DA9-D754-4A13-8793-7786B0EEAAE7}"= TCP:H:\UTORRENT\utorrent.exe:µTorrent "{69D36FDB-93C1-4708-85C4-3A0E9B3D23C0}"= UDP:C:\Program Files\pipi\jfCacheMgr.exe:jfCacheMgr(http://www.pipi.cn) "{DF0534C6-B8CD-44FD-977F-998BFF2EF23B}"= TCP:C:\Program Files\pipi\jfCacheMgr.exe:jfCacheMgr(http://www.pipi.cn) "{059251BA-D3B9-4D74-BC49-6F2B34C16887}"= UDP:C:\Program Files\pipi\KmLiveUpdate.exe:KmLiveUpdate(http://www.pipi.cn) "{2758C7AC-67F6-45D4-BCA0-1286E65B4BA5}"= TCP:C:\Program Files\pipi\KmLiveUpdate.exe:KmLiveUpdate(http://www.pipi.cn) "{916DA0F3-A3E1-48C6-B5F9-BAD67F1585C3}"= UDP:C:\Program Files\pipi\PIPIPlayer.exe:PIPIPlayer "{AFAC3145-6E12-48BA-971A-BB874DD2FE83}"= TCP:C:\Program Files\pipi\PIPIPlayer.exe:PIPIPlayer "TCP Query User{13C126DE-588E-4EE6-8D1D-158E75FD6064}D:\\settings\\desktop\\halo\\halo.exe"= UDP:D:\settings\desktop\halo\halo.exe:Halo "UDP Query User{0F5C3514-0F67-4F10-8AFC-E11D62303570}D:\\settings\\desktop\\halo\\halo.exe"= TCP:D:\settings\desktop\halo\halo.exe:Halo "TCP Query User{CD19B5EE-EBD4-4AD1-8ADB-73BEA44168F3}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{631EB2E3-F5A8-4DB5-9848-BBC272ACC888}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{4BF386E1-C821-43B7-A551-81DFF9CFDDA7}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{DB6C008E-BBDB-45BA-8748-6B52A15828CE}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "TCP Query User{A530E7E0-56FD-4630-8D1B-B8D4C26510DB}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{26597B61-B5FC-427B-8E20-7CAC0519274E}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "{2C2B5563-3829-4C09-B96E-FC1BC7660438}"= UDP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{22E52FC4-308A-44F7-BAC5-3F4AAE6E52A4}"= TCP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "TCP Query User{295C2065-476C-4860-AA58-EE6EEC1152E9}F:\\documents\\halo2\\halo.exe"= UDP:F:\documents\halo2\halo.exe:Halo "UDP Query User{5A65126C-C0FD-43AB-806A-CC6718140F63}F:\\documents\\halo2\\halo.exe"= TCP:F:\documents\halo2\halo.exe:Halo "TCP Query User{F971107E-F96F-494B-9452-F58560131AAD}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{2C39D6B7-34CC-401E-B030-5C3A4DEA36D5}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java(TM) Platform SE binary "TCP Query User{353D83EC-C410-45B1-9C3C-F8D32953EF25}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{009603FA-B0ED-4460-AF14-1A139C949EA1}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "{C7CB011A-6BAC-407D-B6FB-422D36806CA0}"= UDP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{6FE266CC-98E0-451E-8192-D08B548595BB}"= TCP:F:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{9FA3AF33-EC43-4B18-99E1-4B256DBF6628}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "{542E8BDF-AD0C-42D0-A2C0-2ABEC90B48C1}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:Pinnacle Streaming Server "TCP Query User{437C013E-A3D0-4978-8532-8EDF220D33EB}C:\\program files\\pinnacle\\shared files\\programs\\strmserver\\strmserver.exe"= UDP:C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe:Streaming Server "UDP Query User{D8A374F3-472F-443B-96B6-42EBBA017196}C:\\program files\\pinnacle\\shared files\\programs\\strmserver\\strmserver.exe"= TCP:C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe:Streaming Server "TCP Query User{AE881B2D-F71E-4624-B21C-9BCB0000777D}T:\\documents\\halo2\\halo.exe"= UDP:T:\documents\halo2\halo.exe:Halo "UDP Query User{681669A2-0974-4269-BD64-6DF4BF2E1F6C}T:\\documents\\halo2\\halo.exe"= TCP:T:\documents\halo2\halo.exe:Halo "TCP Query User{1D55F93A-0BF7-4EE7-95B5-DD7611ECFFB1}F:\\documents\\games\\far cry\\bin32\\farcry.exe"= UDP:F:\documents\games\far cry\bin32\farcry.exe:Far Cry "UDP Query User{3E1B7B56-2FB3-4A07-8916-A1A460F9E3A3}F:\\documents\\games\\far cry\\bin32\\farcry.exe"= TCP:F:\documents\games\far cry\bin32\farcry.exe:Far Cry "TCP Query User{C1C957E4-C51F-4D9A-8682-806AC0CAC94B}G:\\documents\\games\\halo2\\halo.exe"= UDP:G:\documents\games\halo2\halo.exe:Halo "UDP Query User{F008D8EC-D872-466F-BB7F-D25C94BF2594}G:\\documents\\games\\halo2\\halo.exe"= TCP:G:\documents\games\halo2\halo.exe:Halo "TCP Query User{2B78690E-0967-4F3F-BE1B-6A239E8DFE25}G:\\documents\\games\\halo custom edition\\haloce.exe"= UDP:G:\documents\games\halo custom edition\haloce.exe:Halo "UDP Query User{983B47B4-658F-42BC-8E7F-2BA3500ABE9C}G:\\documents\\games\\halo custom edition\\haloce.exe"= TCP:G:\documents\games\halo custom edition\haloce.exe:Halo "TCP Query User{4D3226A0-7F16-4562-B7BE-E5FD2FD4C7A1}G:\\documents\\games\\halo2\\halo.exe"= UDP:G:\documents\games\halo2\halo.exe:Halo "UDP Query User{A4441128-D8CE-4104-82C3-AC87916A178A}G:\\documents\\games\\halo2\\halo.exe"= TCP:G:\documents\games\halo2\halo.exe:Halo "{E93EFF04-EA32-41C5-9D46-051C0C1DC528}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D38B2431-E089-4AE4-98CC-7ABA751531FC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{49EA0FE6-F6F1-4B21-8695-3F34DA292A25}H:\\documents\\games\\halo custom edition\\haloce.exe"= UDP:H:\documents\games\halo custom edition\haloce.exe:Halo "UDP Query User{D538326E-8648-403E-958C-A8F0EABF0492}H:\\documents\\games\\halo custom edition\\haloce.exe"= TCP:H:\documents\games\halo custom edition\haloce.exe:Halo "{C9BC347A-C7B2-41CD-8FDF-2A08EEBA2F5F}"= UDP:H:\PortableApps\UTORRENT\utorrent.exe:µTorrent "{FF139117-4DB5-41BD-BACF-9A6835203E2B}"= TCP:H:\PortableApps\UTORRENT\utorrent.exe:µTorrent [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\xchat\\xchat.exe"= C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys [2006-10-31 11:47] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS [2006-10-20 13:11] R0 WsFsF;WsFsF;C:\Windows\system32\Drivers\WsFsFwlh.s ys [2007-05-08 19:18] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-20 02:35] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-01 15:26] R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sy s [2008-06-27 12:31] R1 wscam6300;wscam6300;C:\Windows\system32\Drivers\ws cam6300.sys [2007-05-08 19:18] R1 wstdi;wstdi;C:\Windows\system32\Drivers\wstdiwlh.s ys [2007-05-08 19:18] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-07-20 02:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-07-20 02:36] R2 iReboot;iReboot Background Service;C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 23:49] R2 KbdFIOControl;KbdFIOControl;C:\Windows\system32\Dr ivers\KbdF.sys [2007-11-18 12:10] R2 PVM Service;PVM Service;C:\Program Files\RingThree\bin\pvmservice.exe [2007-11-08 13:02] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 21:45] R2 WebsenseDesktopClient;Websense Desktop Client;C:\Program Files\PMM\WDC.exe [2007-05-08 19:18] S2 gupdate1c88e2ea271caa6;Google Update Service (gupdate1c88e2ea271caa6);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-16 20:24] S2 roclient;roclient;C:\Program Files\RemoteObserverClient\roclient.exe [] S3 kqemu;KQEMU virtualisation module for QEMU;C:\Windows\system32\DRIVERS\kqemu.sys [2008-07-30 22:29] S3 MODRC;DiBcom Infrared Receiver;C:\Windows\system32\DRIVERS\modrc.sys [2007-10-19 14:32] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-08-02 17:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc rsmsvcs REG_MULTI_SZ ntmssvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{434d3cf3-698b-11dd-9432-00037ab14bb9}] \shell\AutoRun\command - I:\ekugb3.bat \shell\explore\Command - I:\ekugb3.bat \shell\open\Command - I:\ekugb3.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{479958fe-3736-11dd-9510-00037ab14bb9}] \shell\AutoRun\command - F:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8e03e5bd-1a1d-11dd-9f0f-00037ab14bb9}] \shell\Auto\command - Start.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bfed0697-690c-11dd-8caf-00037ab14bb9}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m5launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d2c3f14c-461a-11dd-9c5d-00037ab14bb9}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d642eb9a-6c99-11dd-9b3a-00037ab14bb9}] \shell\AutoRun\command - F:\rqq2v.bat \shell\explore\Command - F:\rqq2v.bat \shell\open\Command - F:\rqq2v.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d642eb9f-6c99-11dd-9b3a-00037ab14bb9}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ff8a9ff8-68be-11dd-a340-00037ab14bb9}] \shell\AutoRun\command - F:\StartPortableApps.exe . Contents of the 'Scheduled Tasks' folder 2008-08-25 C:\Windows\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2008-08-25 C:\Windows\Tasks\GoogleUpdateTask.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-07-16 20:24] 2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{CC00CB17-5E0B-4AC7-85DE-3C607F951946}.job - C:\Windows\system32\msfeedssync.exe [2008-06-01 13:52] . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 23:13:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem203000030.dll . Completion time: 2008-08-25 23:14:49 ComboFix-quarantined-files.txt 2008-08-25 11:14:44 ComboFix2.txt 2008-08-24 22:49:58 ComboFix3.txt 2008-08-24 20:34:22 ComboFix4.txt 2008-08-24 10:51:21 Pre-Run: 15,692,726,272 bytes free Post-Run: 15,638,736,896 bytes free 530 --- E O F --- 2008-08-24 21:56:07 |
Blam (54) | ||
| 698693 | 2008-08-25 22:54:00 | Ok.Thats it.All done all finished. This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below into the box and click OK. ComboFix /u i189.photobucket.com |
Pancake (6359) | ||
| 698694 | 2008-08-25 23:23:00 | Thanks, how do I enable all the things that combofix disabled? | Blam (54) | ||
| 698695 | 2008-08-25 23:27:00 | Whatever you had probably stuffed up autoplay and Avast When you put a cd in a cdrom it doesnt open?? Is that what youre saying? If it is get this (www.microsoft.com) |
Speedy Gonzales (78) | ||
| 698696 | 2008-08-26 00:30:00 | No ,I mean the autoplay widnow doesn't show, up, what should I do with avast!? | Blam (54) | ||
| 698697 | 2008-08-26 00:37:00 | Uninstall it (if its not working), then use this (avast.com) Then reinstall it |
Speedy Gonzales (78) | ||
| 698698 | 2008-08-26 02:05:00 | The autorun/autoplay feature, when enabled, causes one of two things to happen depending on previously made choices . 1 . When a cd-rom or dvd is inserted, or a usb device (camera, flashdrive, external hard drive, etc) is attached, Windows will open a message window that provides a list of actions to take based on the content of the device or media . 2 . If on prior occasion of the message window, the user selected to always perform the same action with certain types of media/device, there will be no message window opened upon detection of media/device . Instead, it will automatically run the previously selected program or execute the same behavior . Example: with autorun/autoplay enabled you insert a music cd . Windows will detect the cd and it's contents, then open a message window that might offer to play the cd with Media Player, Music Match Jukebox, or any of many applications you may or may not have installed . Insert a Movie DVD and Windows might prompt you to view it with Power DVD, Media Player, etc . Example: with autorun/autoplay enabled and on a previous prompt for action the box was checked to always apply the same action, Windows might automatically open Roxio CD Creator or Nero Burning ROM when a blank cd is inserted . Plug in a usb camera and Windows might open or prompt you to use the Scanner and Camera Transfer Wizard to transfer the pictures to your computer . Plug in a flash drive and Windows might open or prompt you to use Windows Explorer to browse the contents of the flash drive . It may also just execute an infection residing on the flash drive, thereby infecting your computer . Insert a game cd or software cd, and Windows might automatically begin the installation setup . Malware authors have begun to exploit the autorun/autoplay feature, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue . It has been included in ComboFix for your future protection . . Many security apps disable it as well, and even Microsoft recommends disabling it . Disabling autorun/autoplay does not prevent you from accessing those media sources . They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive) . Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera . Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc . I do recommend you leave the feature disabled and get into the habit of accessing those media devices manually, however, I will send you via PM the information required to re-enable the autoplay feature should you decide to do so . Please note that future versions of ComboFix will not run after this registry fix has been applied and therefore malware cleaning will be difficult . |
Pancake (6359) | ||
| 1 2 3 4 5 6 7 8 | |||||