Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links sending me to random sites is it spyware?


  • This topic is locked This topic is locked
20 replies to this topic

#1 Scouse29

Scouse29

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 16 December 2009 - 09:38 AM

Hi If I click a link in google search sends me to random sites not related to what I want, had this problem before which I thought I'd fixed but has since started happening again please help i'm at the end of my tether thanks in advance


DDS (Ver_09-12-01.01) - NTFSx86
Run by Stephen at 14:08:46.71 on 16/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1292 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\802.11 Wireless LAN\802.11b Wireless Cardbus & PCI Adapter HW.11 V1.20\WlanCU.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:mark@ocsmusic.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [CTFMON.EXE] "c:\windows\system32\ctfmon.exe"
uRun: [RGSC] "c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe" /silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [PWRISOVM.EXE] "c:\program files\poweriso\PWRISOVM.EXE"
mRun: [TrojanScanner] "c:\program files\trojan remover\Trjscan.exe" /boot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\limewi~1.lnk - c:\documents and settings\stephen\desktop\iesha\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\802.11 wireless lan\802.11b wireless cardbus & pci adapter hw.11 v1.20\WlanCU.exe
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257362956734
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\q9xbnans.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\stephen\application data\mozilla\firefox\profiles\q9xbnans.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-8-4 26112]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 146312]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-14 38224]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [2003-12-3 185216]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2003-11-26 13532]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2008-4-14 3584]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-15 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-11-30 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-11-30 110080]

=============== Created Last 30 ================

2009-12-16 15:09:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-16 14:34:57 0 d-----w- c:\program files\Rockstar Games
2009-12-16 11:21:14 0 d-----w- c:\docume~1\stephen\applic~1\BitDefender
2009-12-16 11:20:15 0 d-----w- c:\program files\BitDefender
2009-12-16 11:20:15 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2009-12-16 11:16:25 0 d-----w- c:\program files\common files\BitDefender
2009-12-16 00:26:18 0 d-----w- c:\docume~1\stephen\applic~1\SUPERAntiSpyware.com
2009-12-15 22:51:29 0 d-----w- c:\program files\Trend Micro
2009-12-15 21:09:37 1538928 ----a-w- c:\windows\WRSetup.dll
2009-12-15 21:09:36 0 d-----w- c:\program files\Webroot
2009-12-15 21:09:36 0 d-----w- c:\docume~1\stephen\applic~1\Webroot
2009-12-15 21:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2009-12-14 16:53:42 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-14 16:53:42 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-14 16:53:42 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-14 16:53:42 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-14 16:53:41 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-14 16:53:38 0 d-----w- c:\program files\Trojan Remover
2009-12-14 16:53:38 0 d-----w- c:\docume~1\stephen\applic~1\Simply Super Software
2009-12-14 16:53:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-12-14 15:36:29 0 d-----w- c:\docume~1\stephen\applic~1\Malwarebytes
2009-12-14 15:36:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-14 15:36:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 15:36:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 15:36:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-14 14:37:00 132096 --sha-r- c:\windows\system32\oleaut32V.dll
2009-12-13 15:57:07 0 d-----w- c:\windows\system32\nagasoft
2009-12-12 22:24:34 0 d-s---w- c:\program files\Need for Speed Shift
2009-12-11 13:05:39 121 ----a-w- c:\windows\bdagent.INI
2009-12-11 12:14:57 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2009-12-11 12:07:04 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-10 19:28:50 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-10 19:28:50 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-12-10 19:28:44 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-10 19:28:44 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-12-10 18:33:43 0 d-----w- c:\docume~1\stephen\applic~1\KALiNKOsoft
2009-12-10 17:22:50 0 d-----w- c:\program files\KALiNKOsoft
2009-12-10 06:53:59 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-03 21:42:49 0 d-----w- c:\windows\RegisteredPackages
2009-12-03 12:16:22 0 d-----w- c:\program files\uTorrent
2009-12-03 12:16:02 0 d-----w- c:\docume~1\stephen\applic~1\uTorrent
2009-12-01 19:28:13 0 d-----w- c:\program files\THQ
2009-11-30 09:35:58 105344 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-11-30 09:35:48 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-11-30 09:35:37 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-11-30 09:35:04 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2009-11-30 09:34:16 0 d-----w- c:\docume~1\stephen\applic~1\Vodafone
2009-11-30 09:30:36 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2009-11-30 09:29:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Vodafone
2009-11-30 09:29:18 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-25 15:44:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-21 09:37:52 0 d-----w- c:\windows\pss
2009-11-20 12:04:55 0 d--h--w- c:\windows\PIF
2009-11-19 15:10:07 87608 ----a-w- c:\docume~1\stephen\applic~1\inst.exe
2009-11-19 15:10:07 47360 ----a-w- c:\docume~1\stephen\applic~1\pcouffin.sys
2009-11-17 19:42:30 0 d-----w- c:\program files\SystemRequirementsLab
2009-11-17 19:29:13 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-17 19:29:11 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-17 19:29:09 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-17 19:29:07 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-17 19:29:05 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-17 19:29:03 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-17 19:29:01 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-17 19:27:20 0 d--h--w- c:\windows\msdownld.tmp
2009-11-17 12:54:57 0 d-----w- c:\docume~1\stephen\applic~1\Windows Search

==================== Find3M ====================

2009-12-16 11:39:50 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-16 00:31:01 119296 ----a-w- c:\windows\system32\zlib.dll
2009-11-13 10:24:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-12 07:31:34 90112 ----a-w- c:\windows\DUMP58fd.tmp
2009-11-08 10:03:22 4297647 ----a-w- C:\ffdshow-rev3097_20091008.zip
2009-11-05 15:25:49 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-04 16:51:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 16:19:50 4320907 ----a-w- C:\ffdshow-rev3097_20091008_xxl.exe
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 19:27:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-08 14:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-27 18:19:52 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 16:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 16:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 16:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 16:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 16:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 16:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 16:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 16:42:38 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-25 16:42:38 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42:38 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll

============= FINISH: 14:15:30.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 28 December 2009 - 10:19 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 29 December 2009 - 05:37 AM

Hi thanks for your response, I think I do, because I have since un installed google toolbar but now if I search via google I click a link and get, internet explorer cannot display the web page, with diagnose connection etc, until I click refresh and it then sends me to the correct page, I'm finding this bizarre, and I think it happens via bing too

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 29 December 2009 - 11:52 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Let's take a deeper look. :(

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 03 January 2010 - 02:02 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 January 2010 - 01:03 PM

Yes please i have done the otl logs but am still working on the gmer.exe one, been having problems with it, pc crashes so will do it in safe mode asap and will post very soon, many many thanks for your help its greatly appreciated

#7 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 January 2010 - 06:18 PM

Please find attached the logs you requested, your help is greatly appreciated many thanks

Attached Files



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 04 January 2010 - 09:49 PM

Hello,

Please copy and paste your logs into your replies please. It is easier for me to review.

Please note........

The following is referring to Uniblue RegistryBooster 2010.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

==========

Also....

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

LimeWire 5.3.6
Trojan Remover 6.8.1
Uniblue DriverScanner 2009
Uniblue SpeedUpMyPC 2009
µTorrent


Probably why your infected!

Additional instructions can be found here if needed.

==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Re-run Gmer and post a log please.

==========

With your next post please provide:

* Did you remove all the programs I listed?
* Mbr log
* Combofix.txt
* Gmer log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 January 2010 - 07:31 AM

Hi thanks for your help, I have done as you requested although the new gmer log was not successful due to a bsod which happen sometimes due to needing an apparent bios upgrade, nothing to do with current malware problems etc, this has been happening for some time, thanks again for your assistance



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


ComboFix 10-01-04.01 - Stephen 05/01/2010 11:02:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1466 [GMT 0:00]
Running from: c:\documents and settings\Stephen\Desktop\thcbytes.exe
FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Stephen\Application Data\inst.exe
c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\windows\system32\oleaut32V.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 10:54 . 2010-01-05 10:54 41 ----a-w- C:\fixme.bat
2010-01-05 10:49 . 2010-01-05 10:49 77312 ----a-w- C:\mbr.exe
2010-01-03 11:00 . 2010-01-03 11:00 -------- d-----w- C:\VJVod_Cache
2010-01-02 12:45 . 2009-11-17 20:27 358944 ----a-w- c:\windows\vncutil.exe
2010-01-02 12:45 . 2009-11-17 20:27 1833504 ----a-w- c:\windows\SkyTel.exe
2010-01-02 12:45 . 2009-11-17 20:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-02 12:45 . 2009-11-17 20:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-01-02 12:45 . 2006-01-04 15:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-01-02 12:45 . 2008-08-05 20:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-02 12:45 . 2010-01-02 12:45 -------- d-----w- c:\program files\Realtek
2010-01-02 12:45 . 2009-11-02 13:48 831488 ----a-w- c:\windows\RtlExUpd.dll
2010-01-02 11:28 . 2010-01-02 11:28 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 08:14 . 2010-01-02 08:14 -------- d-----w- c:\program files\MSSOAP
2010-01-02 08:14 . 2010-01-02 08:13 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2009-12-31 11:24 . 2009-12-31 11:24 -------- d-----w- c:\documents and settings\Stephen\Application Data\MusicBrainz
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Temp
2009-12-22 09:43 . 2009-12-16 14:25 52224 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2009-12-22 09:43 . 2009-12-16 14:25 101376 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2009-12-21 20:19 . 2009-12-21 20:19 -------- d--h--w- c:\documents and settings\Stephen\InstallAnywhere
2009-12-21 11:53 . 2009-12-21 11:53 -------- d-----w- c:\documents and settings\Stephen\Application Data\Sports Interactive
2009-12-20 10:46 . 2009-12-20 10:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot
2009-12-20 10:45 . 2009-12-20 10:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-12-20 10:32 . 2009-11-20 08:48 2653072 -c----w- c:\documents and settings\All Users\Application Data\~1\DriverScanner_Setup.exe
2009-12-20 10:31 . 2010-01-05 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-20 10:30 . 2010-01-05 10:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~1
2009-12-20 10:19 . 2009-12-20 10:19 -------- d-----w- c:\documents and settings\Stephen\ErrorLogs
2009-12-20 10:06 . 2009-11-20 08:49 2838478 -c----w- c:\documents and settings\All Users\Application Data\~0\speedupmypc2009.exe
2009-12-20 10:06 . 2010-01-05 10:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-12-20 10:02 . 2009-12-20 10:03 3175784 ----a-w- c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\_temp\ub.exe
2009-12-16 19:55 . 2009-12-16 19:55 -------- d-----w- c:\program files\ESET
2009-12-16 16:05 . 2009-12-16 16:05 117760 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-16 16:04 . 2009-12-16 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-16 15:58 . 2009-12-18 09:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 15:09 . 2009-12-16 15:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-16 14:34 . 2009-11-17 13:45 -------- d-----w- c:\program files\Rockstar Games
2009-12-16 11:21 . 2009-12-16 11:21 -------- d-----w- c:\documents and settings\Stephen\Application Data\BitDefender
2009-12-16 11:20 . 2009-12-16 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-16 11:20 . 2009-12-16 11:20 -------- d-----w- c:\program files\BitDefender
2009-12-16 11:16 . 2009-12-16 11:20 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-16 00:28 . 2009-12-16 00:28 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Threat Expert
2009-12-16 00:26 . 2009-12-16 15:58 -------- d-----w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com
2009-12-16 00:26 . 2009-12-16 00:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-15 22:51 . 2009-12-15 22:51 -------- d-----w- c:\program files\Trend Micro
2009-12-15 21:09 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-12-15 21:09 . 2010-01-04 08:00 -------- d-----w- c:\documents and settings\Stephen\Application Data\Webroot
2009-12-15 21:09 . 2010-01-02 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-12-15 21:09 . 2009-12-15 21:09 -------- d-----w- c:\program files\Webroot
2009-12-14 20:46 . 2009-12-14 20:47 -------- d-----w- c:\program files\QuickTime
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-14 16:55 . 2009-12-17 19:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 16:53 . 2009-12-14 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-14 15:36 . 2009-12-14 15:36 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes
2009-12-14 15:36 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-14 15:36 . 2009-12-14 15:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 15:36 . 2009-12-14 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-14 15:36 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 15:57 . 2009-12-16 19:58 -------- d-----w- c:\windows\system32\nagasoft
2009-12-12 22:24 . 2010-01-03 16:44 -------- d-s---w- c:\program files\Need for Speed Shift
2009-12-11 12:07 . 2010-01-04 23:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-10 19:28 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-10 19:28 . 2001-08-17 14:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-12-10 19:28 . 2008-04-14 05:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-10 19:28 . 2008-04-14 05:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-12-10 18:33 . 2009-12-10 18:33 -------- d-----w- c:\documents and settings\Stephen\Application Data\KALiNKOsoft
2009-12-10 17:22 . 1998-06-18 01:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-10 17:22 . 2009-12-21 09:38 119296 ----a-w- c:\windows\system32\zlib.dll
2009-12-10 17:22 . 2008-01-13 17:36 91632 ----a-w- c:\windows\system32\dsofile.dll
2009-12-10 17:22 . 2003-01-26 14:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-10 17:22 . 2001-04-05 07:43 94208 --s---r- c:\windows\system32\msstkprp.dll
2009-12-10 17:22 . 1999-05-17 14:55 57344 ------w- c:\windows\system32\ADsSecurity.dll
2009-12-10 17:22 . 2008-01-13 20:59 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2009-12-10 17:22 . 2009-12-10 17:22 -------- d-----w- c:\program files\KALiNKOsoft
2009-12-10 15:52 . 2009-12-10 15:52 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\THQ
2009-12-10 11:34 . 2009-12-10 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-10 06:53 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-07 20:08 . 2009-12-07 20:08 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 10:50 . 2009-11-13 20:41 -------- d-----w- c:\documents and settings\Stephen\Application Data\Uniblue
2010-01-05 07:27 . 2009-12-03 12:16 -------- d-----w- c:\documents and settings\Stephen\Application Data\uTorrent
2010-01-03 13:36 . 2009-11-04 17:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 11:10 . 2009-11-04 17:30 -------- d-----w- c:\program files\Steam
2010-01-01 11:08 . 2009-11-16 16:25 506568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-30 10:37 . 2009-11-11 10:11 -------- d-----w- c:\documents and settings\Stephen\Application Data\Spotify
2009-12-29 19:00 . 2009-11-11 08:58 -------- d-----w- c:\documents and settings\Stephen\Application Data\Vso
2009-12-16 15:58 . 2009-11-04 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 11:39 . 2009-04-15 15:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-16 11:07 . 2009-11-30 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2009-12-16 00:25 . 2009-11-11 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-10 17:22 . 2009-11-04 17:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-10 15:14 . 2009-12-03 22:03 -------- d-----w- c:\documents and settings\Stephen\Application Data\Gearbox Software
2009-12-05 08:51 . 2009-12-05 08:51 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer
2009-12-05 08:48 . 2009-12-05 08:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-05 08:48 . 2009-12-05 08:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-05 06:57 . 2009-11-04 19:43 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-03 12:16 . 2009-12-03 12:16 -------- d-----w- c:\program files\uTorrent
2009-12-01 19:28 . 2009-12-01 19:28 -------- d-----w- c:\program files\THQ
2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\documents and settings\Stephen\Application Data\Vodafone
2009-11-30 09:32 . 2009-11-30 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-30 09:30 . 2009-11-30 09:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2009-11-30 09:29 . 2009-11-30 09:29 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 10:28 . 2009-11-11 08:36 -------- d-----w- c:\documents and settings\Stephen\Application Data\DivX
2009-11-19 15:10 . 2009-11-05 15:25 -------- d-----w- c:\program files\VSO
2009-11-19 15:10 . 2009-11-19 15:10 47360 ----a-w- c:\documents and settings\Stephen\Application Data\pcouffin.sys
2009-11-19 15:10 . 2009-11-19 15:10 47360 ----a-w- c:\documents and settings\Stephen\Application Data\pcouffin.sys
2009-11-17 20:27 . 2005-09-21 10:24 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 20:27 . 2005-09-21 16:29 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 20:27 . 2005-09-21 15:23 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 20:27 . 2005-09-22 13:36 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 20:26 . 2005-09-07 10:40 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 20:26 . 2005-09-21 15:32 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 20:26 . 2005-05-03 18:43 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:51 . 2005-09-23 18:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-17 19:42 . 2009-11-17 19:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-17 12:54 . 2009-11-17 12:54 -------- d-----w- c:\documents and settings\Stephen\Application Data\Windows Search
2009-11-16 14:19 . 2009-11-16 13:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-16 13:54 . 2009-11-16 13:54 -------- d--h--r- c:\documents and settings\Stephen\Application Data\SecuROM
2009-11-15 03:42 . 2009-11-09 13:42 12912 ----a-w- c:\documents and settings\Stephen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 03:21 . 2009-11-15 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-11-13 10:24 . 2009-11-13 10:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 10:24 . 2009-11-13 10:24 -------- d-----w- c:\program files\Java
2009-11-13 10:23 . 2009-11-13 10:23 152576 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 07:31 . 2009-11-04 16:31 90112 ----a-w- c:\windows\DUMP58fd.tmp
2009-11-11 11:54 . 2009-11-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-11 11:32 . 2009-11-11 11:32 -------- d-----w- c:\program files\Electronic Arts
2009-11-11 11:30 . 2009-11-11 11:30 -------- d-----w- c:\documents and settings\Stephen\Application Data\Leadertech
2009-11-11 11:16 . 2009-11-11 11:16 -------- d-----w- c:\program files\EA Sports
2009-11-11 10:11 . 2009-11-05 23:42 -------- d-----w- c:\program files\Spotify
2009-11-11 07:33 . 2009-11-11 07:33 -------- d-----w- c:\program files\Common Files\Scanner
2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\documents and settings\Stephen\Application Data\Yahoo!
2009-11-10 14:21 . 2009-11-10 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-10 10:51 . 2009-11-10 10:51 -------- d-----w- c:\program files\KONAMI
2009-11-10 10:51 . 2009-11-10 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-09 13:06 . 2009-11-04 17:58 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-11-08 22:22 . 2009-11-08 22:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-08 11:38 . 2009-11-04 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-08 10:08 . 2009-11-08 10:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 10:07 . 2009-11-08 10:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-08 10:04 . 2009-11-08 10:04 -------- d-----w- c:\program files\ffdshow
2009-11-08 10:03 . 2009-11-08 10:03 4297647 ----a-w- C:\ffdshow-rev3097_20091008.zip
2009-11-07 20:27 . 2009-11-07 20:27 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-06 14:37 . 2009-11-06 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-11-06 14:25 . 2009-11-06 14:25 -------- d-----w- c:\program files\Sports Interactive
2009-11-06 12:00 . 2008-08-09 14:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2008-08-09 14:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2008-08-09 14:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-05 15:25 . 2009-11-05 15:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\wsbl.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_white.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_black.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\pcwords.dat
2009-11-04 20:27 . 2009-11-04 20:27 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-04 18:26 . 2009-11-04 18:26 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-11-04 18:26 . 2009-11-04 18:26 16 ----a-w- c:\windows\system32\asdict.dat
2009-11-04 17:21 . 2009-11-04 16:53 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 16:51 . 2009-11-04 16:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 16:19 . 2009-11-08 10:03 4320907 ----a-w- C:\ffdshow-rev3097_20091008_xxl.exe
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 07:07 . 2009-11-09 13:40 38208 ----a-w- c:\documents and settings\Stephen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-10 07:07 . 2009-11-08 10:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-08 19:27 . 2009-11-08 10:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-08 14:57 . 2008-07-29 19:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 14:57 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 14:56 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 15:14 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-16 782336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2009-11-17 18789408]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\802.11 Wireless LAN\802.11b Wireless Cardbus & PCI Adapter HW.11 V1.20\WlanCU.exe [2003-12-5 442368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Stephen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-12 21:44 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 15:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 10:24 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-18 09:13 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-03 12:16 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"PinnacleUpdateSvc"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\steamapps\\bennosbabe28\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Stephen\\Desktop\\spotify.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\bennosbabe28\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"12018:TCP"= 12018:TCP:BitComet 12018 TCP
"12018:UDP"= 12018:UDP:BitComet 12018 UDP
"22282:TCP"= 22282:TCP:BitComet 22282 TCP
"22282:UDP"= 22282:UDP:BitComet 22282 UDP
"26622:TCP"= 26622:TCP:BitComet 26622 TCP
"26622:UDP"= 26622:UDP:BitComet 26622 UDP
"12076:TCP"= 12076:TCP:BitComet 12076 TCP
"12076:UDP"= 12076:UDP:BitComet 12076 UDP
"16394:TCP"= 16394:TCP:BitComet 16394 TCP
"16394:UDP"= 16394:UDP:BitComet 16394 UDP
"11285:TCP"= 11285:TCP:BitComet 11285 TCP
"11285:UDP"= 11285:UDP:BitComet 11285 UDP
"8592:TCP"= 8592:TCP:BitComet 8592 TCP
"8592:UDP"= 8592:UDP:BitComet 8592 UDP
"8373:TCP"= 8373:TCP:BitComet 8373 TCP
"8373:UDP"= 8373:UDP:BitComet 8373 UDP
"23303:TCP"= 23303:TCP:BitComet 23303 TCP
"23303:UDP"= 23303:UDP:BitComet 23303 UDP
"9820:TCP"= 9820:TCP:BitComet 9820 TCP
"9820:UDP"= 9820:UDP:BitComet 9820 UDP
"21018:TCP"= 21018:TCP:BitComet 21018 TCP
"21018:UDP"= 21018:UDP:BitComet 21018 UDP
"23163:TCP"= 23163:TCP:BitComet 23163 TCP
"23163:UDP"= 23163:UDP:BitComet 23163 UDP
"20480:TCP"= 20480:TCP:BitComet 20480 TCP
"20480:UDP"= 20480:UDP:BitComet 20480 UDP
"22997:TCP"= 22997:TCP:BitComet 22997 TCP
"22997:UDP"= 22997:UDP:BitComet 22997 UDP
"17717:TCP"= 17717:TCP:BitComet 17717 TCP
"17717:UDP"= 17717:UDP:BitComet 17717 UDP
"27202:TCP"= 27202:TCP:BitComet 27202 TCP
"27202:UDP"= 27202:UDP:BitComet 27202 UDP
"26944:TCP"= 26944:TCP:BitComet 26944 TCP
"26944:UDP"= 26944:UDP:BitComet 26944 UDP
"22003:TCP"= 22003:TCP:BitComet 22003 TCP
"22003:UDP"= 22003:UDP:BitComet 22003 UDP
"19074:TCP"= 19074:TCP:BitComet 19074 TCP
"19074:UDP"= 19074:UDP:BitComet 19074 UDP
"24298:TCP"= 24298:TCP:BitComet 24298 TCP
"24298:UDP"= 24298:UDP:BitComet 24298 UDP
"20627:TCP"= 20627:TCP:BitComet 20627 TCP
"20627:UDP"= 20627:UDP:BitComet 20627 UDP
"23988:TCP"= 23988:TCP:BitComet 23988 TCP
"23988:UDP"= 23988:UDP:BitComet 23988 UDP
"19896:TCP"= 19896:TCP:BitComet 19896 TCP
"19896:UDP"= 19896:UDP:BitComet 19896 UDP
"19921:TCP"= 19921:TCP:BitComet 19921 TCP
"19921:UDP"= 19921:UDP:BitComet 19921 UDP
"22397:TCP"= 22397:TCP:BitComet 22397 TCP
"22397:UDP"= 22397:UDP:BitComet 22397 UDP
"21449:TCP"= 21449:TCP:BitComet 21449 TCP
"21449:UDP"= 21449:UDP:BitComet 21449 UDP
"11572:TCP"= 11572:TCP:BitComet 11572 TCP
"11572:UDP"= 11572:UDP:BitComet 11572 UDP
"20394:TCP"= 20394:TCP:BitComet 20394 TCP
"20394:UDP"= 20394:UDP:BitComet 20394 UDP
"22916:TCP"= 22916:TCP:BitComet 22916 TCP
"22916:UDP"= 22916:UDP:BitComet 22916 UDP
"14612:TCP"= 14612:TCP:BitComet 14612 TCP
"14612:UDP"= 14612:UDP:BitComet 14612 UDP
"23108:TCP"= 23108:TCP:BitComet 23108 TCP
"23108:UDP"= 23108:UDP:BitComet 23108 UDP
"19048:TCP"= 19048:TCP:BitComet 19048 TCP
"19048:UDP"= 19048:UDP:BitComet 19048 UDP

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [04/08/2005 05:51 26112]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09/08/2008 14:42 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [02/01/2010 08:14 108880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [02/01/2010 08:14 1201640]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15/04/2009 15:13 146312]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [03/12/2003 11:47 185216]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [26/11/2003 18:06 13532]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [14/04/2008 12:00 3584]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/01/2010 12:45 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [30/11/2009 09:30 7680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [30/11/2009 09:35 110080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2B04A14D-4505-4D3F-AC8C-FF77E307828D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{2B04A14D-4505-4D3F-AC8C-FF77E307828D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{C509AE1B-132E-416B-BBE4-D5C8E985E63C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

2010-01-04 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-12-15 15:19]

2010-01-04 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-12-15 15:19]

2010-01-05 c:\windows\Tasks\wrSpySweeper_LEAA699C9ADF74DDF8D2E92197C21CD6B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-12-15 15:19]

2010-01-05 c:\windows\Tasks\wrSpySweeper_LEAA699C9ADF74DDF8D2E92197C21CD6B.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-12-15 15:19]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:mark@ocsmusic.com
FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 11:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-448539723-1177238915-1008\Software\SecuROM\License information*]
"datasecu"=hex:39,e3,c1,58,92,97,df,f7,cf,93,ee,e2,45,64,54,ef,47,c7,83,09,e4,
d3,fc,46,44,06,97,61,c5,51,9d,e2,64,6f,f3,a5,5c,cb,f3,f7,ef,de,b8,fd,a5,b2,\
"rkeysecu"=hex:b3,63,35,0c,d0,1b,29,1f,0b,4d,22,c5,a9,03,97,e6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-05 11:15:38
ComboFix-quarantined-files.txt 2010-01-05 11:15

Pre-Run: 39,260,422,144 bytes free
Post-Run: 39,237,959,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 820365DC80B3DDA9B6A1EF0BB196A9DF




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-04 18:31:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Stephen\LOCALS~1\Temp\uwliqkod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 05 January 2010 - 10:48 AM

Hello,

Please do this....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

==========

1. Go to Start -> Run, and type "notepad" into the box without the "".
2. Press ok.
3. Copy and paste the following code into notepad without the word "code":
mbr -f
4. Go to File -> Save
5. To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
6. Enter fix.bat into the "File name:" box just above the "Save as Type" box.
7. Double click fix.bat on your desktop.


A new MBR log will be created. Please post this.

==========

Now try Gmer again. If it causes another BSOD then try it in safe mode.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 January 2010 - 08:59 AM

Hi I noticed that when I unistalled the programs the problem stopped, I no longer get internet explorer cannot display the web page until I refresh after clicking google links, and the gmer.log is empty, after the scan it said it did not find anything, I hope thats normal behaviour, this was done in safe mode however. Thanks again for your help

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 06 January 2010 - 10:46 AM

Hello,

Looking much better.

What are you using for an Antivirus software?

==========

Please download Posted Image by OldTimer to your desktop from here.
  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • After it is finished, it should reboot your machine, if not, do this yourself to ensure a complete clean.
==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\All Users\Application Data\~1
c:\documents and settings\All Users\Application Data\DriverScanner
c:\documents and settings\All Users\Application Data\~0
c:\documents and settings\Stephen\Application Data\Uniblue
c:\documents and settings\Stephen\Application Data\uTorrent
c:\program files\uTorrent

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Stephen^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"12018:TCP"=-
"12018:UDP"=-
"22282:TCP"=-
"22282:UDP"=-
"26622:TCP"=-
"26622:UDP"=-
"12076:TCP"=-
"12076:UDP"=-
"16394:TCP"=-
"16394:UDP"=-
"11285:TCP"=-
"11285:UDP"=-
"8592:TCP"=-
"8592:UDP"=-
"8373:TCP"=-
"8373:UDP"=-
"23303:TCP"=-
"23303:UDP"=-
"9820:TCP"=-
"9820:UDP"=-
"21018:TCP"=-
"21018:UDP"=-
"23163:TCP"=-
"23163:UDP"=-
"20480:TCP"=-
"20480:UDP"=-
"22997:TCP"=-
"22997:UDP"=-
"17717:TCP"=-
"17717:UDP"=-
"27202:TCP"=-
"27202:UDP"=-
"26944:TCP"=-
"26944:UDP"=-
"22003:TCP"=-
"22003:UDP"=-
"19074:TCP"=-
"19074:UDP"=-
"24298:TCP"=-
"24298:UDP"=-
"20627:TCP"=-
"20627:UDP"=-
"23988:TCP"=-
"23988:UDP"=-
"19896:TCP"=-
"19896:UDP"=-
"19921:TCP"=-
"19921:UDP"=-
"22397:TCP"=-
"22397:UDP"=-
"21449:TCP"=-
"21449:UDP"=-
"11572:TCP"=-
"11572:UDP"=-
"20394:TCP"=-
"20394:UDP"=-
"22916:TCP"=-
"22916:UDP"=-
"14612:TCP"=-
"14612:UDP"=-
"23108:TCP"=-
"23108:UDP"=-
"19048:TCP"=-
"19048:UDP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Update MBAM and run a scan. Post a log.

==========

With your next post please provide:

* AV question
* Combofix.txt
* MBAM log
* What problems remain?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 January 2010 - 12:18 PM

Hello again, it seems like the problem has finally been solved as you may see with mbam 3 were found which I removed, and the pc seems a lot faster too, but I'll leave it to you to study these logs so I can be certain, and I am using bitdefender which I do not like, can you recommend a better av? Thanks again for all your help

ComboFix 10-01-04.01 - Stephen 06/01/2010 16:56:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1662 [GMT 0:00]
Running from: c:\documents and settings\Stephen\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\Stephen\Desktop\CFScript.txt
FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\DriverScanner
c:\documents and settings\Stephen\Application Data\Uniblue
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\_temp\ub.exe
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091113.204249.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091113.204434.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091114.012910.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091117.163323.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091121.182257.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091125.155511.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091128.085252.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091205.160449.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091210.133703.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091212.080050.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091214.212026.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091215.142954.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091217.175943.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\backup\091220.100234.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\error.log
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091113-204245_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091117-163241_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091121-182232_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091125-155506_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091128-085119_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091205-160445_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091210-133319_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091212-080046_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091214-212023_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091215-142016_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091217-175308_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\091220-100233_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\history\latest_scan_results.html
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\last_scan.dat
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster 2010\settings.dat
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\091220.100440.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\091226.135755.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\091229.070049.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\100101.105221.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\100103.085637.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\backup\100105.072711.zip
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\error.log
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\091220-100437_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\091226-135752_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\091229-070019_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\100101-105218_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\100103-085627_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\100105-072653_repair.xml
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\ignore.dat
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Stephen\Application Data\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Stephen\Application Data\Uniblue\speed up my pc 4\OptimizationMeter.xml
c:\documents and settings\Stephen\Application Data\Uniblue\speed up my pc 4\settings.xml
c:\documents and settings\Stephen\Application Data\Uniblue\speed up my pc 4\tweaks.xml
c:\documents and settings\Stephen\Application Data\uTorrent
c:\documents and settings\Stephen\Application Data\uTorrent\2012 (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Angels & Demons (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Avatar.TS.XviD - IMAGiNE.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Blind Faith - Blind Faith [Deluxe Edition] (2001, rec. 1969 @320).torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Blind_Faith_-_Blind_Faith-Remastered_Deluxe_Edition-2CD-2007-USZ.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Call Of Duty Modern Warfare 2 [English][PC][2DVDs][WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Call.of.Duty.Modern.Warfare.2.PROPER-SKIDROW.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Call_Of_Duty_Modern_Warfare_2-Razor1911.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\dht.dat
c:\documents and settings\Stephen\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Stephen\Application Data\uTorrent\FIFA.Manager.10-RELOADED.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\fm2010_v10.1.0_patch-boxed.exe.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\fm2010_v10.1.1_patch-boxed.exe.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\fm2010_v10.2.0_patch-boxed.exe.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Four.Christmases.DVDRip,bradstheone.avi.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\G-Force 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Gran Torino 2008 [Subs Included] DvDRip-soagg.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\GTR.Evolution-RELOADED.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Harry Brown 2009 DVDRip.avi.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Jason.Manford.Live.At.The.Manchester.Apollo.DVDRip.XviD-M1k3L.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Kaspersky Anti-Virus 2010 9.0.0.736 [FINAL].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Law Abiding Citizen.2009.R5.Xvid {1337x}-Noir.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Michael.McIntyre.Hello.Wembley.DVDRip.XviD-HAGGiS.[www.torrentfive.com].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Ministry Of Sound - The Annual 2010 3CDRip [Cov+3CD][Bubanee].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Need.for.Speed.Shift.2009.PC.1xDVD-5.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\PC - GODFATHER 2 Full Game directplay by globe@.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\PC - Playboy The Mansion Gold Edition [English] [4CDs] [WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\PC - Toca Race Driver 3 [www.GamesTorrents.com].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Race 07 [PC-DVD] [Multi5] [www.topetorrent.com].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Race.The.Official.WTCC.Game.DvD.MuLTi5-TXT.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\resume.dat
c:\documents and settings\Stephen\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Stephen\Application Data\uTorrent\Rhod.Gilbert.And.The.Award-Winning.Mince.Pie-Live.2009.DVDRip.XviD-t0rrentz.[Movie-Torrentz].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\rss.dat
c:\documents and settings\Stephen\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Stephen\Application Data\uTorrent\Russell.Howard.Dingledodies.DVDRip.XviD-HAGGiS avi - [ www.torrentday.com ].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Saints_Row_2-Razor1911.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\settings.dat
c:\documents and settings\Stephen\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Stephen\Application Data\uTorrent\The crew 2008 DVD.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\The Godfather II [MULTI6][PCDVD][WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\The Saboteur [MULTI3][PCDVD][WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Uniblue 2009 (SpeedUpMyPC + RegistryBooster + DriverScanner){H33T}{JOHNCANADUDE}.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\VA.-.Now.Thats.What.I.Call.Xmas.3CDs.(2009).LanzaMp3.CoM.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Webroot Spy Sweeper + SerialKeys.torrent
c:\documents and settings\Stephen\Application Data\uTorrent\Worldwide Boxing Manager [English][PC][WwW.GamesTorrents.CoM].torrent
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 15:50 . 2010-01-06 15:50 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-06 12:43 . 2003-02-28 22:09 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-01-06 12:43 . 2003-02-28 22:09 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-01-06 12:43 . 2003-02-28 22:09 26088 ----a-w- c:\windows\system32\xmlinst.exe
2010-01-06 12:43 . 2003-02-28 22:09 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-06 12:40 . 2010-01-06 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-01-06 12:30 . 2010-01-06 12:43 -------- d-----w- c:\program files\Ubi Soft
2010-01-05 10:54 . 2010-01-05 10:54 41 ----a-w- C:\fixme.bat
2010-01-05 10:49 . 2010-01-05 10:49 77312 ----a-w- C:\mbr.exe
2010-01-03 11:00 . 2010-01-03 11:00 -------- d-----w- C:\VJVod_Cache
2010-01-02 12:45 . 2009-11-17 20:27 358944 ----a-w- c:\windows\vncutil.exe
2010-01-02 12:45 . 2009-11-17 20:27 1833504 ----a-w- c:\windows\SkyTel.exe
2010-01-02 12:45 . 2009-11-17 20:27 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-01-02 12:45 . 2009-11-17 20:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-01-02 12:45 . 2006-01-04 15:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-01-02 12:45 . 2008-08-05 20:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-01-02 12:45 . 2010-01-02 12:45 -------- d-----w- c:\program files\Realtek
2010-01-02 12:45 . 2009-11-02 13:48 831488 ----a-w- c:\windows\RtlExUpd.dll
2010-01-02 11:28 . 2010-01-02 11:28 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 08:14 . 2010-01-02 08:14 -------- d-----w- c:\program files\MSSOAP
2010-01-02 08:14 . 2010-01-02 08:13 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2009-12-31 11:24 . 2009-12-31 11:24 -------- d-----w- c:\documents and settings\Stephen\Application Data\MusicBrainz
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Temp
2009-12-22 09:43 . 2009-12-16 14:25 52224 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2009-12-22 09:43 . 2009-12-16 14:25 101376 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2009-12-21 20:19 . 2009-12-21 20:19 -------- d--h--w- c:\documents and settings\Stephen\InstallAnywhere
2009-12-21 11:53 . 2009-12-21 11:53 -------- d-----w- c:\documents and settings\Stephen\Application Data\Sports Interactive
2009-12-20 10:46 . 2009-12-20 10:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot
2009-12-20 10:45 . 2009-12-20 10:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-12-20 10:19 . 2009-12-20 10:19 -------- d-----w- c:\documents and settings\Stephen\ErrorLogs
2009-12-16 16:05 . 2009-12-16 16:05 117760 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-16 16:04 . 2009-12-16 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-16 15:58 . 2009-12-18 09:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 15:09 . 2009-12-16 15:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-16 14:34 . 2009-11-17 13:45 -------- d-----w- c:\program files\Rockstar Games
2009-12-16 11:21 . 2009-12-16 11:21 -------- d-----w- c:\documents and settings\Stephen\Application Data\BitDefender
2009-12-16 11:20 . 2009-12-16 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-16 11:20 . 2009-12-16 11:20 -------- d-----w- c:\program files\BitDefender
2009-12-16 11:16 . 2009-12-16 11:20 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-16 00:28 . 2009-12-16 00:28 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Threat Expert
2009-12-16 00:26 . 2009-12-16 15:58 -------- d-----w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com
2009-12-16 00:26 . 2009-12-16 00:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-15 22:51 . 2009-12-15 22:51 -------- d-----w- c:\program files\Trend Micro
2009-12-15 21:09 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-12-15 21:09 . 2010-01-04 08:00 -------- d-----w- c:\documents and settings\Stephen\Application Data\Webroot
2009-12-15 21:09 . 2010-01-02 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-12-15 21:09 . 2009-12-15 21:09 -------- d-----w- c:\program files\Webroot
2009-12-14 20:46 . 2009-12-14 20:47 -------- d-----w- c:\program files\QuickTime
2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-14 16:55 . 2009-12-17 19:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-14 16:53 . 2009-12-14 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-14 15:36 . 2009-12-14 15:36 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes
2009-12-14 15:36 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-14 15:36 . 2010-01-06 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 15:36 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-14 15:36 . 2009-12-14 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-13 15:57 . 2009-12-16 19:58 -------- d-----w- c:\windows\system32\nagasoft
2009-12-12 22:24 . 2010-01-05 22:41 -------- d-s---w- c:\program files\Need for Speed Shift
2009-12-11 12:07 . 2010-01-06 16:40 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-10 19:28 . 2001-08-17 14:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-12-10 19:28 . 2001-08-17 14:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-12-10 19:28 . 2008-04-14 05:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-12-10 19:28 . 2008-04-14 05:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-12-10 18:33 . 2009-12-10 18:33 -------- d-----w- c:\documents and settings\Stephen\Application Data\KALiNKOsoft
2009-12-10 17:22 . 2003-02-28 22:09 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-12-10 17:22 . 2009-12-21 09:38 119296 ----a-w- c:\windows\system32\zlib.dll
2009-12-10 17:22 . 2008-01-13 17:36 91632 ----a-w- c:\windows\system32\dsofile.dll
2009-12-10 17:22 . 2003-01-26 14:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-12-10 17:22 . 2001-04-05 07:43 94208 --s---r- c:\windows\system32\msstkprp.dll
2009-12-10 17:22 . 1999-05-17 14:55 57344 ------w- c:\windows\system32\ADsSecurity.dll
2009-12-10 17:22 . 2008-01-13 20:59 36864 ----a-w- c:\windows\system32\dxinputdll.dll
2009-12-10 17:22 . 2009-12-10 17:22 -------- d-----w- c:\program files\KALiNKOsoft
2009-12-10 15:52 . 2009-12-10 15:52 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\THQ
2009-12-10 11:34 . 2009-12-10 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-10 06:53 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-07 20:08 . 2009-12-07 20:08 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 12:30 . 2009-11-04 17:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 11:10 . 2009-11-04 17:30 -------- d-----w- c:\program files\Steam
2010-01-01 11:08 . 2009-11-16 16:25 506568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-30 10:37 . 2009-11-11 10:11 -------- d-----w- c:\documents and settings\Stephen\Application Data\Spotify
2009-12-29 19:00 . 2009-11-11 08:58 -------- d-----w- c:\documents and settings\Stephen\Application Data\Vso
2009-12-16 15:58 . 2009-11-04 17:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 11:39 . 2009-04-15 15:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-12-16 11:07 . 2009-11-30 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2009-12-16 00:25 . 2009-11-11 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-10 17:22 . 2009-11-04 17:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-10 15:14 . 2009-12-03 22:03 -------- d-----w- c:\documents and settings\Stephen\Application Data\Gearbox Software
2009-12-05 08:51 . 2009-12-05 08:51 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer
2009-12-05 08:48 . 2009-12-05 08:48 -------- d-----w- c:\program files\Common Files\Apple
2009-12-05 08:48 . 2009-12-05 08:48 -------- d-----w- c:\program files\Apple Software Update
2009-12-05 06:57 . 2009-11-04 19:43 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-01 19:28 . 2009-12-01 19:28 -------- d-----w- c:\program files\THQ
2009-11-30 09:34 . 2009-11-30 09:34 -------- d-----w- c:\documents and settings\Stephen\Application Data\Vodafone
2009-11-30 09:32 . 2009-11-30 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-30 09:30 . 2009-11-30 09:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2009-11-30 09:29 . 2009-11-30 09:29 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 10:28 . 2009-11-11 08:36 -------- d-----w- c:\documents and settings\Stephen\Application Data\DivX
2009-11-19 15:10 . 2009-11-05 15:25 -------- d-----w- c:\program files\VSO
2009-11-19 15:10 . 2009-11-19 15:10 47360 ----a-w- c:\documents and settings\Stephen\Application Data\pcouffin.sys
2009-11-19 15:10 . 2009-11-19 15:10 47360 ----a-w- c:\documents and settings\Stephen\Application Data\pcouffin.sys
2009-11-17 20:27 . 2005-09-21 10:24 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 20:27 . 2005-09-21 16:29 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 20:27 . 2005-09-21 15:23 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 20:27 . 2005-09-22 13:36 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 20:26 . 2005-09-07 10:40 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 20:26 . 2005-09-21 15:32 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 20:26 . 2005-05-03 18:43 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:51 . 2005-09-23 18:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-17 19:42 . 2009-11-17 19:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-17 12:54 . 2009-11-17 12:54 -------- d-----w- c:\documents and settings\Stephen\Application Data\Windows Search
2009-11-16 14:19 . 2009-11-16 13:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-16 13:54 . 2009-11-16 13:54 -------- d--h--r- c:\documents and settings\Stephen\Application Data\SecuROM
2009-11-15 03:42 . 2009-11-09 13:42 12912 ----a-w- c:\documents and settings\Stephen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-15 03:21 . 2009-11-15 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-11-13 10:24 . 2009-11-13 10:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 10:24 . 2009-11-13 10:24 -------- d-----w- c:\program files\Java
2009-11-13 10:23 . 2009-11-13 10:23 152576 ----a-w- c:\documents and settings\Stephen\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 11:54 . 2009-11-11 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-11 11:32 . 2009-11-11 11:32 -------- d-----w- c:\program files\Electronic Arts
2009-11-11 11:30 . 2009-11-11 11:30 -------- d-----w- c:\documents and settings\Stephen\Application Data\Leadertech
2009-11-11 11:16 . 2009-11-11 11:16 -------- d-----w- c:\program files\EA Sports
2009-11-11 10:11 . 2009-11-05 23:42 -------- d-----w- c:\program files\Spotify
2009-11-11 07:33 . 2009-11-11 07:33 -------- d-----w- c:\program files\Common Files\Scanner
2009-11-11 07:32 . 2009-11-11 07:32 -------- d-----w- c:\documents and settings\Stephen\Application Data\Yahoo!
2009-11-10 14:21 . 2009-11-10 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-10 10:51 . 2009-11-10 10:51 -------- d-----w- c:\program files\KONAMI
2009-11-10 10:51 . 2009-11-10 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-09 13:06 . 2009-11-04 17:58 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-11-08 22:22 . 2009-11-08 22:22 0 ----a-w- c:\windows\nsreg.dat
2009-11-08 11:38 . 2009-11-04 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-08 10:08 . 2009-11-08 10:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 10:07 . 2009-11-08 10:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-08 10:04 . 2009-11-08 10:04 -------- d-----w- c:\program files\ffdshow
2009-11-08 10:03 . 2009-11-08 10:03 4297647 ----a-w- C:\ffdshow-rev3097_20091008.zip
2009-11-07 20:27 . 2009-11-07 20:27 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-06 12:00 . 2008-08-09 14:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2008-08-09 14:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2008-08-09 14:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-05 15:25 . 2009-11-05 15:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\wsbl.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_white.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\ph_black.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-11-05 11:59 . 2009-11-05 11:59 0 ----a-w- c:\windows\system32\pcwords.dat
2009-11-04 20:27 . 2009-11-04 20:27 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-11-04 18:26 . 2009-11-04 18:26 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-11-04 18:26 . 2009-11-04 18:26 16 ----a-w- c:\windows\system32\asdict.dat
2009-11-04 17:21 . 2009-11-04 16:53 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-04 16:51 . 2009-11-04 16:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:45 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 16:19 . 2009-11-08 10:03 4320907 ----a-w- C:\ffdshow-rev3097_20091008_xxl.exe
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 07:07 . 2009-11-09 13:40 38208 ----a-w- c:\documents and settings\Stephen\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-10 07:07 . 2009-11-08 10:07 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-08 19:27 . 2009-11-08 10:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-05_11.07.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 16:41 . 2010-01-06 16:41 16384 c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2010-01-06 16:42 . 2010-01-06 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-04 17:02 . 2010-01-05 07:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-04 17:02 . 2010-01-06 16:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-04 17:02 . 2010-01-05 07:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-04 17:02 . 2010-01-06 16:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-11-04 17:02 . 2010-01-05 07:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 12:00 . 2003-02-28 22:09 1388544 c:\windows\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 15:14 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-12-16 782336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2009-11-17 18789408]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Stephen\Start Menu\Programs\Startup\
ubisoft register.lnk - c:\program files\Ubi Soft\Register\schedule.exe [2010-1-6 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\802.11 Wireless LAN\802.11b Wireless Cardbus & PCI Adapter HW.11 V1.20\WlanCU.exe [2003-12-5 442368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-12-12 21:44 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-11-06 15:19 6515784 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-13 10:24 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-18 09:13 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"PinnacleUpdateSvc"=2 (0x2)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Steam\\steamapps\\bennosbabe28\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Documents and Settings\\Stephen\\Desktop\\spotify.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\bennosbabe28\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [04/08/2005 05:51 26112]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09/08/2008 14:42 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [02/01/2010 08:14 108880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [02/01/2010 08:14 1201640]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [15/04/2009 15:13 146312]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [03/12/2003 11:47 185216]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [26/11/2003 18:06 13532]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [14/04/2008 12:00 3584]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/01/2010 12:45 1684736]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [30/11/2009 09:30 7680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [30/11/2009 09:35 110080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-01-06 c:\windows\Tasks\User_Feed_Synchronization-{C509AE1B-132E-416B-BBE4-D5C8E985E63C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:mark@ocsmusic.com
FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\q9xbnans.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 17:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-448539723-1177238915-1008\Software\SecuROM\License information*]
"datasecu"=hex:39,e3,c1,58,92,97,df,f7,cf,93,ee,e2,45,64,54,ef,47,c7,83,09,e4,
d3,fc,46,44,06,97,61,c5,51,9d,e2,64,6f,f3,a5,5c,cb,f3,f7,ef,de,b8,fd,a5,b2,\
"rkeysecu"=hex:b3,63,35,0c,d0,1b,29,1f,0b,4d,22,c5,a9,03,97,e6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\WlNotify.dll
.
Completion time: 2010-01-06 17:04:45
ComboFix-quarantined-files.txt 2010-01-06 17:04
ComboFix2.txt 2010-01-05 11:15

Pre-Run: 23,303,397,376 bytes free
Post-Run: 23,268,515,840 bytes free

- - End Of File - - 33ADF089868084F5FBCE7DE296B46D37


Malwarebytes' Anti-Malware 1.43
Database version: 3501
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/01/2010 16:22:10
mbam-log-2010-01-06 (16-21-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186856
Time elapsed: 30 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\oleaut32V.dll.vir (Redir.NewServerSearch) -> No action taken.
C:\System Volume Information\_restore{4FCA5814-4FB5-4DC4-A546-782E2E97F8FA}\RP30\A0020668.dll (Redir.NewServerSearch) -> No action taken.
C:\System Volume Information\_restore{4FCA5814-4FB5-4DC4-A546-782E2E97F8FA}\RP30\A0020689.sys (Malware.Trace) -> No action taken.

#14 Scouse29

Scouse29
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 January 2010 - 12:25 PM

I also noticed that utorrent has been affected by the last scan, can you explain why please, thanks again

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 AM

Posted 06 January 2010 - 02:35 PM

Hello,

Your logs indicated that you had uTorrent and Limewire installed.

I asked you to remove them here
http://www.bleepingcomputer.com/forums/ind...t&p=1566094

I asked you if you removed them here
http://www.bleepingcomputer.com/forums/ind...t&p=1566094

You indicated you did remove them here

Hi thanks for your help, I have done as you requested

http://www.bleepingcomputer.com/forums/ind...t&p=1566480

Based on that I finished removing what I resumed was leftovers. Closing open ports that could be a portal to reinfection.

In case you were not aware....

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

==========

I wanted to answer your question. If you would like me to continue helping you please let me know. I will not contnue to help you if you will not abide by requests that I clearly outlined here
http://www.bleepingcomputer.com/forums/ind...t&p=1556915

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.


I do not want to debate the issue of the safety or dangers of P2P. I do not want debate the removal of the P2P programs as I was clearly under the impression that you removed these programs as you indicated in your prior posts.

I am sorry for any misunderstanding. :( My goal was to donate my time and expertize to help you.

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users