View Full Version : DNSChanger Infection on Router & Computer
TomB1988
2009-07-03, 14:22
Hi there,
I have been trying (and failing) to remove a DNSChanger from my home network. We use 3 computers hooked up to a router (wireless on 2, wired on 1). So far I have disconnected the two wireless computers, and only have the wired one left connected. I have taken these steps so far:
I disconnected the computer from the router, ran Malwarebytes Anti-Malware (it found a DNSChanger so I removed it). I then restarted the computer and ran the scan again, it found no malware.
I then reset our router to its default configuration.
Following this I reconnected the computer to the router and set up all the settings (including changing the router access password).
After all this the symptoms still exist (searches in google open in a new tab on a 'random' web page, many websites do not work at all including http://www.bbc.co.uk a lot of the time).
I am running Windows Vista 32 on this computer, and will keep only this one connected to the router.
Any help would be appreciated, thanks.
Tom.
After reading the 'Read before you post' thread it appears my first task is to run Spybot S&D. Unfortunately this DNSChanger seems to be blocking my access to the Spybot S&D site, so I don't know how to proceed from here.
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
TomB1988
2009-07-05, 15:16
Contents of DDS.txt:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Tom at 13:09:47.32 on 05/07/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.1869 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bbc.co.uk/football
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\tom\appdata\local\temp\{374a98e1-22ce-497e-9ce1-6e7706400c64}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://collegio-cam.pittstate.edu/kxhcm10.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {5928DC5C-CD63-4BB0-B18E-90B3770BB43E} = 85.255.112.189,85.255.112.94
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/football
FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2008-9-15 53307]
=============== Created Last 30 ================
2009-07-02 15:43 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-23 20:39 62 a------- c:\windows\GPM2MICP.INI
2009-06-23 18:10 92,208 a----r-- c:\windows\system\WING.DLL
2009-06-23 18:10 188,960 a----r-- c:\windows\system32\WINGDE.DLL
2009-06-23 18:10 92,208 a----r-- c:\windows\system32\WING.DLL
2009-06-23 18:10 12,800 a----r-- c:\windows\system32\WING32.DLL
2009-06-23 18:10 6,736 a----r-- c:\windows\system32\WINGDIB.DRV
2009-06-23 18:10 5,024 a----r-- c:\windows\system32\WINGPAL.WND
2009-06-23 18:10 1,966 a----r-- c:\windows\system32\DVA.386
2009-06-23 18:10 104 a----r-- c:\windows\system32\GPM2MICP.INI
2009-06-23 18:09 12,800 a------- c:\windows\system\WING32.DLL
2009-06-14 23:02 428,032 a------- c:\windows\system32\EncDec.dll
2009-06-14 23:02 292,352 a------- c:\windows\system32\psisdecd.dll
2009-06-14 23:02 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-06-14 23:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 23:02 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 23:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-14 23:02 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-14 23:02 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-06 05:51 <DIR> --d----- c:\program files\THQ
==================== Find3M ====================
2009-05-02 12:08 233,893 a------- c:\windows\RTL Racing Team Manager Uninstaller.exe
2009-04-24 17:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 17:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 17:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 17:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 17:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 14:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 13:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 14:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 13:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 13:04 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-11 16:06 174 a--sh--- c:\program files\desktop.ini
2008-12-11 13:15 31 a------- c:\users\tom\jagex_runescape_preferences.dat
2008-11-19 16:03 22,328 a------- c:\users\tom\appdata\roaming\PnkBstrK.sys
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstor.dat
2008-10-02 13:11 51,200 a------- c:\windows\inf\infpub.dat
2008-06-12 19:04 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-05 13:21 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-06-05 13:21 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-06-05 13:21 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-02-21 20:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:10:47.42 ===============
Contents of Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/06/2008 12:29:06
System Uptime: 07/05/2009 12:38:05 (1417 hours ago)
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2393/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 596 GiB total, 222.057 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
3DMark06
4oD
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Age of Chivalry
AGEIA PhysX v6.10.25
Azureus Vuze
Baldur's Gate(TM) II - Shadows of Amn(TM)
Battleground Europe: WWIIOL
Blizkrieg II: Liberation
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Close Combat Invasion Normandy
Close Combat IV
Counter-Strike
Crystal Reports Basic for Visual Studio 2008
Day of Defeat
Deadliest Catch Alaskan Storm
Dell Resource CD
Dystopia
Euro Truck Simulator
Evil Islands
Fallout 3
Fallout2
Far Cry 2
FM Modifier 2.25
Football Manager 2007
Football Manager 2008
Football Manager 2009
Football Manager 2009 Demo
Football Manager Live
Fortress Forever 2.3
Google Earth
Google Toolbar for Internet Explorer
GRID
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
Hotfix for Office (KB950278)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Java DB 10.4.1.3
Java(TM) 6 Update 10
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 10
Linksys Wireless-G USB Network Adapter
Malwarebytes' Anti-Malware
MATLAB Student R2008b
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft Close Combat: A Bridge Too Far
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
mIRC
Motherboard Monitor 5
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Natural Selection 3.2
NetBeans IDE 6.5
NVIDIA Drivers
Oblivion
OpenAL
OpenOffice.org 2.4
Pacific Poker
Peggle Extreme
Peggle Nights Deluxe 1.00
PlayGATE Setup
Portal
Premier Manager 97
ProtectDisc Driver, Version 11
PunkBuster Services
Rail Simulator
Railroad Tycoon II
RealPlayer
RivaTuner v2.24
RollerCoaster Tycoon® 3
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
RTL Racing Team Manager
S.T.A.L.K.E.R. - Shadow of Chernobyl
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Ship Simulator 2008
SigmaTel Audio
Sonic CinePlayer Decoder Pack
SopCast 3.0.3
SPORE™
SQL Server System CLR Types
Steam
Synergy
Team Fortress 2
Team Fortress Classic
Theory Interactive
TmNationsForever
TVUPlayer 2.4.1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (kb970012)
VC Runtimes MSI
Veetle TV Player 0.9.14
Ventrilo Client
VideoLAN VLC media player 0.8.6h
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinRAR archiver
Worms Armageddon - New Edition
X3 Terran Conflict v1.0.1
==== End Of File ===========================
Linksys Wireless-G USB Network Adapter
Hi,
Does this correspondent system have the adapter plugged in? You have to uninstall that software and reinstall later.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
You said that had resetted router earlier. Did you change its password to stronger from the default one? Was the resetting done by pressing some reset -button for 15 seconds or so or by some other way?
TomB1988
2009-07-05, 18:01
Hi Blade,
Thankyou for helping me.
I have uninstalled Linksys Wireless-G USB Network Adapter.
Yes I reset the router by holding down a very small button for 10 seconds, then connected to it and changed the password to a new one.
Contents of ComboFix.txt:
ComboFix 09-07-04.05 - Tom 05/07/2009 15:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.1788 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-05 14:44 . 2009-07-05 14:44 -------- d-----w- c:\users\Tom\AppData\Local\temp
2009-07-02 14:43 . 2009-07-02 14:43 -------- d-----w- c:\program files\RivaTuner v2.24
2009-06-23 17:10 . 2006-10-09 08:00 92208 ----a-r- c:\windows\system\WING.DLL
2009-06-23 17:10 . 2006-10-09 08:00 92208 ----a-r- c:\windows\system32\WING.DLL
2009-06-23 17:10 . 2006-10-09 08:00 188960 ----a-r- c:\windows\system32\WINGDE.DLL
2009-06-23 17:10 . 2006-10-09 08:00 12800 ----a-r- c:\windows\system32\WING32.DLL
2009-06-23 17:10 . 2006-10-09 08:00 6736 ----a-r- c:\windows\system32\WINGDIB.DRV
2009-06-23 17:09 . 2006-10-09 08:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-06-14 22:02 . 2009-04-30 12:42 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 22:02 . 2009-04-30 12:52 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 22:02 . 2009-04-30 12:44 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-06-06 04:51 . 2009-06-06 04:51 -------- d-----w- c:\program files\THQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 14:44 . 2008-09-19 19:39 -------- d-----w- c:\programdata\Kontiki
2009-07-05 12:34 . 2008-06-05 12:25 -------- d-----w- c:\program files\Steam
2009-07-02 13:45 . 2008-06-05 12:25 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:42 . 2008-07-09 12:17 1 ----a-w- c:\users\Tom\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-26 14:42 . 2008-07-09 12:16 -------- d-----w- c:\users\Tom\AppData\Roaming\OpenOffice.org2
2009-06-25 12:28 . 2008-06-08 17:10 -------- d-----w- c:\users\Tom\AppData\Roaming\Azureus
2009-06-15 06:34 . 2008-11-13 22:30 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 10:56 . 2008-06-09 19:07 -------- d-----w- c:\users\Tom\AppData\Roaming\mIRC
2009-06-11 10:48 . 2008-06-09 19:07 -------- d-----w- c:\program files\mIRC
2009-06-04 15:53 . 2009-06-04 15:49 -------- d-----w- c:\program files\Notrium
2009-05-22 08:05 . 2009-05-22 08:05 1878984 ----a-w- c:\users\Tom\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-14 10:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 20:34 . 2009-03-18 16:24 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-13 18:37 . 2009-05-13 18:37 5588312 ----a-w- c:\users\Tom\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
2009-05-13 18:37 . 2009-05-13 18:37 -------- d-----w- c:\users\Tom\AppData\Roaming\TVU networks
2009-05-12 18:57 . 2008-09-19 20:24 -------- d-----w- c:\programdata\TrackMania
2009-05-08 21:57 . 2009-05-08 21:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-08 21:56 . 2009-05-08 21:56 -------- d-----w- c:\program files\Common Files\Real
2009-05-08 21:56 . 2009-05-08 21:56 -------- d-----w- c:\program files\Real
2009-05-02 11:08 . 2009-05-02 11:08 233893 ----a-w- c:\windows\RTL Racing Team Manager Uninstaller.exe
2009-04-24 16:22 . 2009-06-10 10:29 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-10 10:29 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-10 10:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-10 10:29 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-10 10:29 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-10 10:29 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-23 13:01 . 2009-06-10 10:29 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-10 10:29 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-10 10:29 2028032 ----a-w- c:\windows\system32\win32k.sys
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-19 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8D3A722-F468-4E25-91F0-E0F6E1B3632A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5DFE67E4-ABC5-4CD2-8172-F7DD4E2CFD7A}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"UDP Query User{1867C0BA-EBAC-432F-A452-4C4065ED7F36}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"TCP Query User{F4F6A2BB-360C-4E54-A8EB-1C06F3945FD5}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{B07EF57C-EF0A-4888-97F7-ADE6ED5A915B}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{98C20382-4180-4E64-8237-7D4E9FF8A312}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{CD16A39F-E32C-4626-A8DF-919CD5C39C22}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{39332BFF-C79C-466E-A951-72755EDD15A5}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{536783F4-BCFD-480D-A35C-4686CADAC805}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{5305FEA8-4B79-4E9A-AA21-C028E1D89629}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{DAB539A6-9520-4AE6-8BEF-ED478C47255D}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{EC86C692-FB3A-4E76-8567-CBD336CAB3F3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5C0E3160-29E5-4377-B035-2542850E46CD}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{50AF2714-046B-4B6B-A1E9-02C2260B45D6}c:\\program files\\steam\\steamapps\\owenfranklin\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\owenfranklin\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{161216BB-737C-4F7C-8A2D-8FB8719F1B8C}c:\\program files\\steam\\steamapps\\owenfranklin\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\owenfranklin\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{6E9AAD9B-45AC-48AE-BD9F-6CB449878041}c:\\program files\\steam\\steamapps\\owenfranklin\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\owenfranklin\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{B3D13A9F-110C-47A2-9A78-3712746439F4}c:\\program files\\steam\\steamapps\\owenfranklin\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\owenfranklin\counter-strike\hl.exe:Half-Life Launcher
"{A53F963D-4D33-42A2-9F4B-597CA7D44709}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{C58CCC6E-5F0D-4939-9AE1-AB27CB7A2D2F}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{6CA99DED-A5E4-4AB3-AB39-5AA91970D4C0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C5673D3F-1161-412D-96B1-E41A68C99054}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B6EBE8CD-E4DB-420D-834B-0ED7290186E6}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{C475BB12-92F2-479D-8824-879F08AD5531}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{54F1FBF8-076C-4016-902E-526437704F8F}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{EE8AA125-A71D-4CC0-97D3-1DA620C4BEF8}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{009C9172-B1C4-43F0-98FE-03EC0AD03D13}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{582D3E23-C8D9-42A3-81B6-0FC5FB233F6B}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{03029C39-234B-4627-8C54-B7897CDB3E36}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{424A691C-7CA4-4817-9C4F-1528BB4C2E04}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7DEAF100-AA1E-4CAD-98ED-1F621E61FFD6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{180943DA-3F48-42E7-B7BE-7F32D2094970}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{596E5F01-7F43-49CC-AE9E-3A0A4CFB1CBC}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0198FDF3-943C-4C6D-8730-9D687DD5A2B7}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{B9E63BA5-2254-4346-9956-FA39CD416CD2}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\zombie panic! source\hl2.exe:hl2
"UDP Query User{5C3A9CC9-A4A6-466F-A469-CB0F34D38407}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\zombie panic! source\hl2.exe:hl2
"TCP Query User{26E8A4A1-277C-4A3E-AC9F-B4B3FEC47904}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\team fortress 2\hl2.exe:hl2
"UDP Query User{2420FCD9-85CB-4A24-A91C-90B6B716EA30}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\team fortress 2\hl2.exe:hl2
"TCP Query User{683340ED-0CD9-46A6-895B-461DA8F63340}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\day of defeat source\hl2.exe:hl2
"UDP Query User{D20A957E-1702-4009-AEED-F7EFEF083E87}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\day of defeat source\hl2.exe:hl2
"TCP Query User{5F270A57-F1EF-449B-91E4-C5C736F8DC5A}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\age of chivalry\hl2.exe:hl2
"UDP Query User{C324EF3C-9796-48EC-9888-50EE0CA87B37}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\age of chivalry\hl2.exe:hl2
"TCP Query User{B20829D9-F19F-476E-90D1-0154D144F32F}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"UDP Query User{00AC615C-4E2F-4B06-AEB8-9D0B05E17B9F}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"TCP Query User{1350F6D5-3802-4563-858D-6BF96EA126B6}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"UDP Query User{066DCE93-1D49-403F-86F7-CA72EFFC4121}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"TCP Query User{C0E1273F-5C3E-4CA9-B55D-DCD3E521B873}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{04531EE0-3700-4861-BD60-7245178A3F8E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{DCA2F104-9BC9-41BA-AA77-3BE357E138E9}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{A48389E4-88A0-442E-BC74-695850DF16D6}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{B833F7EE-E1D5-48A6-8EEF-1A4FB93C326C}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E1B64EDE-99A8-48E4-BCCC-275684D97997}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{036BF004-AD41-4E89-9512-2338A74F14FA}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{06016DBC-DE40-4571-BA16-0F33922899F9}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{F61B76C3-32BE-46D6-B7DB-4ACFF9360580}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{055145C5-8944-43A6-8E82-5B1C017A52AD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{098976B8-8EFE-495E-8D13-16DDD2263A7B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8AA44FA3-97A8-4BDB-9339-18024FC58731}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D92F2FD6-C78A-4246-9D8C-44AA7352F623}c:\\games\\left 4 dead\\left4dead.exe"= UDP:c:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{1A433098-5998-4BA2-AB3C-C9762D2BF8E1}c:\\games\\left 4 dead\\left4dead.exe"= TCP:c:\games\left 4 dead\left4dead.exe:left4dead
"TCP Query User{838CE665-59F5-453A-B504-549D985BAA2F}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= UDP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"UDP Query User{58FD46A4-63C0-4EF8-8759-015501E50459}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= TCP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"TCP Query User{26F4191A-7409-4B49-90DA-66BFAB8FB0E4}c:\\users\\tom\\documents\\azureus downloads\\[pc] codename panzers phase one [dopeman]\\panzers - phase1\\panzers - phase1\\run\\panzers.exe"= UDP:c:\users\tom\documents\azureus downloads\[pc] codename panzers phase one [dopeman]\panzers - phase1\panzers - phase1\run\panzers.exe:panzers.exe
"UDP Query User{A7F3A2AA-0CBC-4BC1-8493-9993FCFC8D49}c:\\users\\tom\\documents\\azureus downloads\\[pc] codename panzers phase one [dopeman]\\panzers - phase1\\panzers - phase1\\run\\panzers.exe"= TCP:c:\users\tom\documents\azureus downloads\[pc] codename panzers phase one [dopeman]\panzers - phase1\panzers - phase1\run\panzers.exe:panzers.exe
"TCP Query User{A7F93224-9C8B-4C3D-AA69-4ACC3F1BA96A}c:\\program files\\ssi\\close combat invasion normandy\\cc5.exe"= UDP:c:\program files\ssi\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"UDP Query User{96EC033D-428D-4822-A716-E0DF22CD33FD}c:\\program files\\ssi\\close combat invasion normandy\\cc5.exe"= TCP:c:\program files\ssi\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"TCP Query User{9F4146CF-05FA-41F9-B53C-4815E8FFFA62}c:\\program files\\evil islands\\game.exe"= UDP:c:\program files\evil islands\game.exe:game
"UDP Query User{83B2CC42-4D13-46BE-8FB0-CB181F214733}c:\\program files\\evil islands\\game.exe"= TCP:c:\program files\evil islands\game.exe:game
"TCP Query User{6D0DFA3C-726E-4F81-A8FC-90BD97D53687}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{26EBC299-4E18-4769-9003-5EA579E9D833}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{103F1A6F-42C1-41A0-9A69-C529E7EE54AF}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{8FD310F7-3E0E-402D-9E38-E5040D5417AC}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{875969BF-515C-4BC4-AB8F-BCC4C4A5702E}"= Disabled:UDP:c:\program files\Steam\steamapps\common\football manager 2009 demo\fm.exe:Football Manager 2009 Demo
"{6BD322DC-E6CB-4658-BC98-4D039DCCFA35}"= Disabled:TCP:c:\program files\Steam\steamapps\common\football manager 2009 demo\fm.exe:Football Manager 2009 Demo
"TCP Query User{89E3F291-C285-44B2-AF30-B79DAFA77A9F}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{B75D7FB6-A19A-40FD-902C-A15FE9B9DAE1}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{85D7F9FC-5FC1-41DA-913D-D5BEF1FD1152}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{0195F003-E22C-4965-967F-3719C5BE2D4C}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B7A758DC-0816-4EAF-8770-0CA37A6F9363}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{430F6BB2-A4EF-49F0-82BD-676A06B4594E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{6A6DC9A8-DFD7-4502-8835-08E3CD9389FE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E5402EEE-FE54-4586-8427-257D7449CC3B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{E394F479-9D76-450F-807E-0242438A872B}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"UDP Query User{CBAC7DF9-D0CC-4AD0-BDBD-78AECEC38D92}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"{9188ED74-0B68-434E-AD1C-79C588B26BC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{90007DAD-9E32-4B15-9433-E7593DDD5D93}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{270FBCAD-C7D3-4B10-A526-2035E7594949}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F9CBFD75-056E-4375-B85D-70B490962579}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8912A1BF-CFE5-42F1-9489-030B5205945E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EEF313DE-B1FB-40B8-A401-9C57BCF9A580}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{23B5246A-3D52-4C18-A5E8-579D56BE0BFD}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{7F5FE0DF-8EA5-44B5-9044-CBAF1694C4A9}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{D0A52A77-37C2-4945-96B5-F3F4EFD9908F}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{3A843C85-D08D-4C1E-9F81-A8D5485D63EA}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"UDP Query User{C873C6AC-6279-4265-BEF8-114C6604551E}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"TCP Query User{3CD3476D-369B-424B-8FE2-E8E6F0286F64}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"UDP Query User{91E333D3-F4C0-4666-A2DC-08118940A027}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"TCP Query User{3C5FCBB4-C324-427E-A05E-9DA596C16315}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"UDP Query User{166C7FB6-83FE-4895-9CFC-5891AD016113}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"TCP Query User{C1CD81EE-737C-407A-B566-7ABCC8B67D0B}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"UDP Query User{7F1DF483-7AE6-4939-8FCC-6618D73C2095}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"TCP Query User{EC903FEF-4EDB-4AEB-A23F-FD129B5153C6}c:\\program files\\steam\\steamapps\\tommyb1988\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\source sdk base\hl2.exe:hl2
"UDP Query User{09165E37-DFBD-49AB-B885-20B5A3CA8638}c:\\program files\\steam\\steamapps\\tommyb1988\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\source sdk base\hl2.exe:hl2
"TCP Query User{202B73B2-854E-4213-A5FB-3CEC7B71F8BF}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{7593A9B3-C441-4442-9D20-51C819E172A8}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{BCBD6E5C-8EF9-427B-9D78-4C0855ED636F}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{ADD71DE7-D718-440D-90AB-159249F533EE}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{DC3F8D67-3F86-45F1-BA8F-37811D19EED6}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A041A2A8-7FC3-48EA-A54D-1C7D0DA4F9AA}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{96AE371A-228F-4E29-B5CA-36975B99D7D6}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6782A4C0-5C4F-484B-8994-AD8E4C1CCA2B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 acedrv11;acedrv11;c:\windows\System32\drivers\ACEDRV11.sys [23/01/2008 09:19 501560]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [15/09/2008 18:45 53307]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/football
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://collegio-cam.pittstate.edu/kxhcm10.ocx
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\42purft2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/football
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\42purft2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 15:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"GameDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2008\\"
"HistoryDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2008\\FM Genie Scout 2008\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2008\\data\\updates\\update-802\\db\\802\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2008\\games\\suttonutd.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"Currency"=dword:00000056
"WindowHeight"=dword:0000025f
"WindowWidth"=dword:00000400
"WindowLeft"=dword:00000148
"WindowTop"=dword:000000de
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Tom\\AppData\\Local\\Temp\\Rar$EX00.769\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Tom\\Documents\\Sports Interactive\\Football Manager 2009\\games\\sanmarino.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="94-AE00-EEFF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
"GraphStep"=dword:00000000
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,df,00,93,39,42,e4,2d,b5,c6,eb,08,a2,53,1f,13,f3,36,0e,88,71,aa,79,
ba,15,9c,b7,bb,f6,db,da,f0,a7,63,6d,32,38,fa,90,7e,42,3c,29,e0,30,31,5b,30,\
"??"=hex:7d,33,27,78,ac,8b,ac,7c,21,e2,c1,2a,90,6d,db,f3
.
Completion time: 2009-07-05 15:47
ComboFix-quarantined-files.txt 2009-07-05 14:47
Pre-Run: 240,764,858,368 bytes free
Post-Run: 242,839,597,056 bytes free
1777 --- E O F --- 2009-06-29 15:11
Contents of new DDS.txt :
DDS (Ver_09-06-26.01) - NTFSx86
Run by Tom at 15:53:49.76 on 05/07/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.2100 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\Tom\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bbc.co.uk/football
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\tom\appdata\local\temp\{374a98e1-22ce-497e-9ce1-6e7706400c64}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://collegio-cam.pittstate.edu/kxhcm10.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/football
FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;"c:\program files\linksys wireless-g usb wireless network monitor\wlservice.exe" "wusb54gsv2.exe" --> c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [?]
=============== Created Last 30 ================
2009-07-05 15:45 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-05 15:40 161,792 a------- c:\windows\SWREG.exe
2009-07-05 15:40 155,136 a------- c:\windows\PEV.exe
2009-07-05 15:40 98,816 a------- c:\windows\sed.exe
2009-07-02 15:43 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-23 20:39 62 a------- c:\windows\GPM2MICP.INI
2009-06-23 18:10 92,208 a----r-- c:\windows\system\WING.DLL
2009-06-23 18:10 188,960 a----r-- c:\windows\system32\WINGDE.DLL
2009-06-23 18:10 92,208 a----r-- c:\windows\system32\WING.DLL
2009-06-23 18:10 12,800 a----r-- c:\windows\system32\WING32.DLL
2009-06-23 18:10 6,736 a----r-- c:\windows\system32\WINGDIB.DRV
2009-06-23 18:10 5,024 a----r-- c:\windows\system32\WINGPAL.WND
2009-06-23 18:10 1,966 a----r-- c:\windows\system32\DVA.386
2009-06-23 18:10 104 a----r-- c:\windows\system32\GPM2MICP.INI
2009-06-23 18:09 12,800 a------- c:\windows\system\WING32.DLL
2009-06-14 23:02 428,032 a------- c:\windows\system32\EncDec.dll
2009-06-14 23:02 292,352 a------- c:\windows\system32\psisdecd.dll
2009-06-14 23:02 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-06-14 23:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 23:02 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 23:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-14 23:02 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-14 23:02 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-06 05:51 <DIR> --d----- c:\program files\THQ
==================== Find3M ====================
2009-05-02 12:08 233,893 a------- c:\windows\RTL Racing Team Manager Uninstaller.exe
2009-04-24 17:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 17:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 17:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 17:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 17:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 14:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 13:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 14:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 13:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 13:04 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-11 16:06 174 a--sh--- c:\program files\desktop.ini
2008-12-11 13:15 31 a------- c:\users\tom\jagex_runescape_preferences.dat
2008-11-19 16:03 22,328 a------- c:\users\tom\appdata\roaming\PnkBstrK.sys
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstor.dat
2008-10-02 13:11 51,200 a------- c:\windows\inf\infpub.dat
2008-06-12 19:04 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 20:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:55:23.31 ===============
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Azureus
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\users\Tom\AppData\Roaming\Azureus
c:\program files\azureus
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{98C20382-4180-4E64-8237-7D4E9FF8A312}c:\\program files\\azureus\\azureus.exe"=-
"UDP Query User{CD16A39F-E32C-4626-A8DF-919CD5C39C22}c:\\program files\\azureus\\azureus.exe"=-
"TCP Query User{EEF313DE-B1FB-40B8-A401-9C57BCF9A580}c:\\program files\\azureus\\azureus.exe"=-
"UDP Query User{23B5246A-3D52-4C18-A5E8-579D56BE0BFD}c:\\program files\\azureus\\azureus.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one (9.1 + 9.1.2 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 14 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
You should also update these programs:
Mozilla Firefox (get the latest 3.5 version)
VideoLAN VLC media player
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Are you still having the issue with DNS changer?
TomB1988
2009-07-05, 20:59
Firstly I could not run the online scanner because it got stuck at 'updating' and I could not 'Run as administrator' for some reason.
I completed the other steps and here are the logs:
The new DDS.txt:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Tom at 18:49:06.21 on 05/07/2009
Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.1977 [GMT 1:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Tom\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.bbc.co.uk/football
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\tom\appdata\local\temp\{374a98e1-22ce-497e-9ce1-6e7706400c64}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://collegio-cam.pittstate.edu/kxhcm10.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/football
FF - plugin: c:\program files\mozilla firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\42purft2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;"c:\program files\linksys wireless-g usb wireless network monitor\wlservice.exe" "wusb54gsv2.exe" --> c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [?]
=============== Created Last 30 ================
2009-07-05 18:12 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-05 18:05 <DIR> --ds---- C:\ComboFix
2009-07-05 15:40 161,792 a------- c:\windows\SWREG.exe
2009-07-05 15:40 155,136 a------- c:\windows\PEV.exe
2009-07-05 15:40 98,816 a------- c:\windows\sed.exe
2009-07-02 15:43 <DIR> --d----- c:\program files\RivaTuner v2.24
2009-06-23 20:39 62 a------- c:\windows\GPM2MICP.INI
2009-06-23 18:10 92,208 a----r-- c:\windows\system\WING.DLL
2009-06-23 18:10 188,960 a----r-- c:\windows\system32\WINGDE.DLL
2009-06-23 18:10 92,208 a----r-- c:\windows\system32\WING.DLL
2009-06-23 18:10 12,800 a----r-- c:\windows\system32\WING32.DLL
2009-06-23 18:10 6,736 a----r-- c:\windows\system32\WINGDIB.DRV
2009-06-23 18:10 5,024 a----r-- c:\windows\system32\WINGPAL.WND
2009-06-23 18:10 1,966 a----r-- c:\windows\system32\DVA.386
2009-06-23 18:10 104 a----r-- c:\windows\system32\GPM2MICP.INI
2009-06-23 18:09 12,800 a------- c:\windows\system\WING32.DLL
2009-06-14 23:02 428,032 a------- c:\windows\system32\EncDec.dll
2009-06-14 23:02 292,352 a------- c:\windows\system32\psisdecd.dll
2009-06-14 23:02 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-06-14 23:02 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 23:02 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 23:02 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-14 23:02 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-06-14 23:02 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-06-06 05:51 <DIR> --d----- c:\program files\THQ
==================== Find3M ====================
2009-07-05 18:03 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-02 12:08 233,893 a------- c:\windows\RTL Racing Team Manager Uninstaller.exe
2009-04-24 17:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 17:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 17:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 17:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 17:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 14:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 13:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 14:01 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 13:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 13:04 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-11 16:06 174 a--sh--- c:\program files\desktop.ini
2008-12-11 13:15 31 a------- c:\users\tom\jagex_runescape_preferences.dat
2008-11-19 16:03 22,328 a------- c:\users\tom\appdata\roaming\PnkBstrK.sys
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-02 13:11 86,016 a------- c:\windows\inf\infstor.dat
2008-10-02 13:11 51,200 a------- c:\windows\inf\infpub.dat
2008-06-12 19:04 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 20:49 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 18:49:51.95 ===============
The new ComboFix log:
ComboFix 09-07-04.05 - Tom 05/07/2009 18:06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3069.1527 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\azureus
c:\program files\azureus\plugins\azemp\azmplay.exe.bak
c:\program files\azureus\plugins\azemp\cp1250-a.raw.bak
c:\program files\azureus\plugins\azemp\cp1250-b.raw.bak
c:\program files\azureus\plugins\azemp\font.desc.bak
c:\program files\azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\azureus\plugins\azemp\plugin.properties_2.0.16
c:\program files\azureus\plugins\azemp\plugin.properties_2.0.28
c:\program files\azureus\plugins\azemp\plugin.properties_2.0.30
c:\program files\azureus\plugins\azemp\plugin.properties_2.0.32
c:\program files\azureus\plugins\azemp\plugin.properties_2.0.34
c:\program files\azureus\plugins\azemp\plugin.properties_2.1.02
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.17.jar
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.17.zip
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\azureus\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\azureus\plugins\azupnpav\plugin.properties_0.2.17
c:\program files\azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\program files\azureus\plugins\azupnpav\plugin.properties_0.2.5
c:\users\Tom\AppData\Roaming\Azureus
c:\users\Tom\AppData\Roaming\Azureus\.certs
c:\users\Tom\AppData\Roaming\Azureus\.keystore
c:\users\Tom\AppData\Roaming\Azureus\.lock
c:\users\Tom\AppData\Roaming\Azureus\active\26F303346F3D953BED460443D214C276E37AD906.dat
c:\users\Tom\AppData\Roaming\Azureus\active\26F303346F3D953BED460443D214C276E37AD906.dat.bak
c:\users\Tom\AppData\Roaming\Azureus\active\cache.dat
c:\users\Tom\AppData\Roaming\Azureus\azureus.config
c:\users\Tom\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Tom\AppData\Roaming\Azureus\azureus.statistics
c:\users\Tom\AppData\Roaming\Azureus\azureus.statistics.bad
c:\users\Tom\AppData\Roaming\Azureus\azureus.statistics.bad1
c:\users\Tom\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Tom\AppData\Roaming\Azureus\azureus.statistics.bak.bad
c:\users\Tom\AppData\Roaming\Azureus\banips.config
c:\users\Tom\AppData\Roaming\Azureus\banips.config.bak
c:\users\Tom\AppData\Roaming\Azureus\cnetworks.config
c:\users\Tom\AppData\Roaming\Azureus\devices.config
c:\users\Tom\AppData\Roaming\Azureus\devices.config.bak
c:\users\Tom\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\general.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\net3\addresses.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\net3\contacts.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\net3\diverse.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\net3\version.dat
c:\users\Tom\AppData\Roaming\Azureus\dht\version.dat
c:\users\Tom\AppData\Roaming\Azureus\downloads.config
c:\users\Tom\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Tom\AppData\Roaming\Azureus\friends.config
c:\users\Tom\AppData\Roaming\Azureus\friends.config.bak
c:\users\Tom\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Tom\AppData\Roaming\Azureus\logs\alerts_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\AutoSpeed_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\clientid_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\CNetworks_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\Devices_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\Friends_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\Friends_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\MetaSearch_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\NetStatus_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\seltrace_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\seltrace_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\SpeedMan_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\Subscriptions_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\thread_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\thread_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.ads_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.CMsgr_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.Friends_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.Friends_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.PMsgr_2.log
c:\users\Tom\AppData\Roaming\Azureus\logs\v3.Stream_1.log
c:\users\Tom\AppData\Roaming\Azureus\metasearch.config
c:\users\Tom\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Tom\AppData\Roaming\Azureus\net\pm_2856.dat
c:\users\Tom\AppData\Roaming\Azureus\net\pm_5089.dat
c:\users\Tom\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Tom\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Tom\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Tom\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Tom\AppData\Roaming\Azureus\subs\02251A3847ED88653629.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\047969C2F30A401262F9.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\04C5EE008E353478F7DD.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\23F3760A461D59A5B8A2.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\2791A2CC767453FE809B.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\2DF43E7396E6157D8CE5.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\361DCC324433367F12A6.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\3FCA4D1D4D009F8AA8A0.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\447229A3A371779E8871.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\48E8217C8F6D56B788DD.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\494DB665D52CE930E652.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\4E2C3C2A5F4FCEA9E199.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\581765478D3517627C73.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\6C9C7A85CFABBD566CDB.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\75073EF5A9EA448FA71D.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\AD8051E73A76B5270EC8.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\ED7A4A68D27A7C72BABE.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\users\Tom\AppData\Roaming\Azureus\subs\F2F733158445FA5EE38D.vuze
c:\users\Tom\AppData\Roaming\Azureus\subscriptions.config
c:\users\Tom\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Tom\AppData\Roaming\Azureus\tables.config
c:\users\Tom\AppData\Roaming\Azureus\tables.config.bak
c:\users\Tom\AppData\Roaming\Azureus\timingstats.dat
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48449.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48450.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48451.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48452.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48453.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48454.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48455.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48456.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48457.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48458.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48459.tmp
c:\users\Tom\AppData\Roaming\Azureus\tmp\AZU48460.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt] 1fc271f52d0d8500f38d609da80bbf37364d9ee1.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt] Kate Nash - Made Of Bricks [2007](mp3).torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt] KT_Tunstall_-_Drastic_Fantastic_(2007).3894860.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt] KT_Tunstall_-_Eye_To_The_Telescope_[Deluxe_Edition_2006]_[Pop]_[.3601641.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt] McFly - RadioACTIVE Deluxe Edition.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[isoHunt]_Baldur's_Gate_II_-_SoA_+_ToB_expansion_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[PC]_Codename_Panzers_Phase_One_[dopeman].3688896.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\[www.globalbolly.com]_Football_Manager_2008_(PC)_+_crack[globalbolly.com]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\__SHIPSIM2008___Ship_Simulator_2008___working_serial.3749544.TPB_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\_=Demonoid.com=_-Kanye_West_The_College_Dropout_2004_FLAC_lossless_5661992.552 [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\_McFly___All_The_Greatest_Hits__2007___Mp3_.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\14841 [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\All 7 Harry Potter Books as read by Stephen Fry [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Alphabeat - This Is Alphabeat [2008][CD+SkidVid_Xvid+Cov] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Ash.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Ashes_To_Ashes_Series_2_-_Original_Soundtrack [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU16874.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU24184.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU24290.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU24404.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU26646.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU28760.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU31126.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU32460.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU32463.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU40097.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU41717.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU42183.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU42185.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU42632.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU43746.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU43867.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU46874.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU46877.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU5409.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU54633.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU60280.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU64476.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\AZU65533.tmp
c:\users\Tom\AppData\Roaming\Azureus\torrents\Biffy_Clyro___Puzzle.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Blitzkrieg_2_Liberation_[English]_[PC].4506501.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Bloc_Party_-_3_Albums_[CHANNEL_NEO].4050033.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Championship_manager_01_02.TPB_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Chase_And_Status-More_Than_Alot-2008-DV8 [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Chase_And_Status-More_Than_Alot-2008-DV8_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Close Combat Series [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Coldplay.Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Deadliest.Catch.Alaskan.Storm-AVENGED_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Dirty_Pretty_Things_-_Romance_At_Short_Notice_(2008)_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Duffy_-_Rockferry_[2008][CD_2_SkidVid_XviD_Cov]192Kbps.4054204.TPB_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Dumb and Dumber[1994]DVDRip[Eng]-NuMy [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Elbow - Complete Discography by pandaking [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Elbow_-_The_Seldom_Seen_Kid_(2008)_[320_Kbs]_by_pandaking_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Elbow___Complete_Discography_by_pandaking.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Euro Truck Simulator 2008 ^English^ [spark13] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Evil Islands [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Extratorrent_com_Chase_And_Status-More_Than_Alot-2008-DV8TheSurgeons_org.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Fallout_2.3850655.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Fallout_2_.iso_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Fallout_3-RELOADED_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Far.Cry.2-Razor1911_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\fm2008_802_boxed-pc.exe.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Foo_Fighters_-_Discography_(7_Albums).3946222.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Football_Manager_2007_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\football_manager_2007_razor1911 [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Football_Manager_2008_(8.0.2_No-Cd_Crack.4094425.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\FOOTBALL_MANAGER_2009.4508949.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Football_Manager_2009_Patch_9.2.0_New_Crack_(No_Bug).4602798.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\FS2004_-_Flight_Simulator_2004_ISO_-_Full_Game_-_Repack_By_108.3542624.TPB_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\GabriellaCilmi-LessonsToBeLearned[2008][CD+SkidVid_XviD+Cov]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Global_Gathering_08[dnbtracker.org]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\GreenDay_-_Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Hard-Fi_-_Stars_Of_CCTV_[2005][CD+Vid+Cov]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Harry Potter and the Deathly Hallows Read By Stephen Fry [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Incubus - Monuments And Melodies [CD Rip] [All Cov+2CD] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Incubus.3924254.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Jimmy Eat World - Bleed American [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kasabian - Empire [2006][CD+Vid+Cov] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kasabian - Kasabian [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kasabian - West Rider Pauper Lunatic Asylum [mp3-160-2009] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Katy_Perry_-_One_Of_The_Boys_[2008][CD_2_SkidVid_XviD_Cov]320Kbp.4283861.TPB.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kings Of Leon- Only By The Night 2008+covers (lcfc1) [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kings Of Leon - Aha Shake Heartbreak [2004] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Kinks-The Ultimate Collection (Darkside_RG) [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Left.4.Dead.Full-Rip.Skullptura_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Lily Allen - Alright, Still [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Little_Boots_-_Hands_(2009) [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Lostprophets_-_Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\McFly___All_The_Greatest_Hits__2007___Mp3_.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\McFly___RadioACTIVE__2008____Rock.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\McFly___RadioACTIVE_Deluxe_Edition.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\My_Songs_08_2CD_[www.torrentlocomotive.com].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\My_Songs_2008_(2CD)_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Now_Thats_What_I_Call_Music_70_(with_covers)_a_DHZ.Inc_Release_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Oasis.Dig.Out.Your.Soul.2008[tRg Music Release] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Oasis_Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Paolo_Nutini_-_Sunny_Side_Up [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Peggle Nights Deluxe [h33t] [aNDYpANDY] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Premier_Manager_97.rar_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Prodigy-Invaders Must Die[DE][2009][2CD+2 SkidVid_XviD+Cov] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Queens_Of_The_Stone_Age_-_Discography_-_4_CDs.zip_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Race.Driver.GRID-RELOADED.4209933.TPB_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Rage_Against_the_Machine_Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Rail_Simulator-HATRED_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\RCT3 [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\RTL.RACING.TEAM.MANAGER-POSTMORTEM (www.softzone.org) [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\S.T.A.L.K.E.R.Shadow.of.Chernobyl-ViTALiTY.3641873.TPB [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Sid.Meiers.Railroads-RELOADED[www.moviex.info]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Snowpatrol_-_Eyes_Open_-_2006.3538780.TPB[1] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Spore-RELOADED [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Tenacious_D_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\The Kooks - Inside In Inside Out(I Guana.Inc release) [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\The_Elder_Scrolls_4__Oblivion.3833478.TPB [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\The_Script__The_Script__2008__CD_SkidVid_XviD_Cov_.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\the_verve_-_urban_hymns_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\The_Verve___Forth__2008__CD_SkidVid_XviD_Cov_320Kbps.torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\The_Very_Best_Of_The_Who_-_My_Generation_(MP3@320Kbps)_[h33t][Foo]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Tool_-_Complete_Discography_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Ultimate_Tycoon_Collection_-_Game__27_-_Railroad_Tycoon_3_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Ultimate_Tycoon_Collection_Game__26_Railroad_Tycoon_2_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\VA-High_Contrast_Watch_The_Ride-2008-VOLTAGE.rar_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Weezer_-_Weezer_(The_Red_Album)_[2008]_-_Rock_[www.torrentazos.com]_[mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\Worms Armageddon - New Edition [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\torrents\X3 Terran Conflict CloneDVD[www.TmasGames.com] [mininova].torrent
c:\users\Tom\AppData\Roaming\Azureus\tracker.config
c:\users\Tom\AppData\Roaming\Azureus\tracker.config.bad
c:\users\Tom\AppData\Roaming\Azureus\tracker.config.bad1
c:\users\Tom\AppData\Roaming\Azureus\tracker.config.bak
c:\users\Tom\AppData\Roaming\Azureus\tracker.config.bak.bad
c:\users\Tom\AppData\Roaming\Azureus\unsentdata.config
c:\users\Tom\AppData\Roaming\Azureus\unsentdata.config.bak
c:\users\Tom\AppData\Roaming\Azureus\update.log
c:\users\Tom\AppData\Roaming\Azureus\update.properties
c:\users\Tom\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\Tom\AppData\Roaming\Azureus\v3.Friends.dat.bak
c:\users\Tom\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Tom\AppData\Roaming\Azureus\VuzeActivities.config.bak
.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-05 17:10 . 2009-07-05 17:10 -------- d-----w- c:\users\Tom\AppData\Local\temp
2009-07-02 14:43 . 2009-07-02 14:43 -------- d-----w- c:\program files\RivaTuner v2.24
2009-06-23 17:10 . 2006-10-09 08:00 92208 ----a-r- c:\windows\system\WING.DLL
2009-06-23 17:10 . 2006-10-09 08:00 92208 ----a-r- c:\windows\system32\WING.DLL
2009-06-23 17:10 . 2006-10-09 08:00 188960 ----a-r- c:\windows\system32\WINGDE.DLL
2009-06-23 17:10 . 2006-10-09 08:00 12800 ----a-r- c:\windows\system32\WING32.DLL
2009-06-23 17:10 . 2006-10-09 08:00 6736 ----a-r- c:\windows\system32\WINGDIB.DRV
2009-06-23 17:09 . 2006-10-09 08:00 12800 ----a-w- c:\windows\system\WING32.DLL
2009-06-14 22:02 . 2009-04-30 12:42 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 22:02 . 2009-04-30 12:52 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 22:02 . 2009-04-30 12:44 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-06-06 04:51 . 2009-06-06 04:51 -------- d-----w- c:\program files\THQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 17:09 . 2008-09-19 19:39 -------- d-----w- c:\programdata\Kontiki
2009-07-05 17:03 . 2008-11-24 15:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 17:03 . 2008-07-09 12:14 -------- d-----w- c:\program files\Java
2009-07-05 16:27 . 2008-06-05 16:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-05 14:53 . 2008-06-05 12:25 -------- d-----w- c:\program files\Steam
2009-07-05 14:50 . 2008-06-05 11:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 13:45 . 2008-06-05 12:25 -------- d-----w- c:\program files\Common Files\Steam
2009-06-26 14:42 . 2008-07-09 12:17 1 ----a-w- c:\users\Tom\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-06-26 14:42 . 2008-07-09 12:16 -------- d-----w- c:\users\Tom\AppData\Roaming\OpenOffice.org2
2009-06-15 06:34 . 2008-11-13 22:30 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 10:56 . 2008-06-09 19:07 -------- d-----w- c:\users\Tom\AppData\Roaming\mIRC
2009-06-11 10:48 . 2008-06-09 19:07 -------- d-----w- c:\program files\mIRC
2009-06-04 15:53 . 2009-06-04 15:49 -------- d-----w- c:\program files\Notrium
2009-05-22 08:05 . 2009-05-22 08:05 1878984 ----a-w- c:\users\Tom\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-14 10:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 20:34 . 2009-03-18 16:24 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-13 18:37 . 2009-05-13 18:37 5588312 ----a-w- c:\users\Tom\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
2009-05-13 18:37 . 2009-05-13 18:37 -------- d-----w- c:\users\Tom\AppData\Roaming\TVU networks
2009-05-12 18:57 . 2008-09-19 20:24 -------- d-----w- c:\programdata\TrackMania
2009-05-08 21:57 . 2009-05-08 21:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-08 21:56 . 2009-05-08 21:56 -------- d-----w- c:\program files\Common Files\Real
2009-05-08 21:56 . 2009-05-08 21:56 -------- d-----w- c:\program files\Real
2009-05-02 11:08 . 2009-05-02 11:08 233893 ----a-w- c:\windows\RTL Racing Team Manager Uninstaller.exe
2009-04-24 16:22 . 2009-06-10 10:29 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-10 10:29 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-10 10:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-10 10:29 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-10 10:29 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-10 10:29 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-23 13:01 . 2009-06-10 10:29 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-10 10:29 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-10 10:29 2028032 ----a-w- c:\windows\system32\win32k.sys
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-05_14.44.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-05 11:53 . 2009-07-05 14:54 34596 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-05 14:54 82828 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-05 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-07-05 14:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-07-05 14:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-05 16:08 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-05 14:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-05 16:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-05 14:52 . 2009-07-05 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-05 11:38 . 2009-07-05 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-05 11:38 . 2009-07-05 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-05 14:52 . 2009-07-05 14:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-24 15:32 . 2008-11-24 15:32 148888 c:\windows\System32\javaws.exe
+ 2008-11-24 15:32 . 2009-07-05 17:03 148888 c:\windows\System32\javaws.exe
+ 2008-11-24 15:32 . 2009-07-05 17:03 144792 c:\windows\System32\javaw.exe
- 2008-11-24 15:32 . 2008-11-24 15:32 144792 c:\windows\System32\javaw.exe
+ 2008-11-24 15:32 . 2009-07-05 17:03 144792 c:\windows\System32\java.exe
- 2008-11-24 15:32 . 2008-11-24 15:32 144792 c:\windows\System32\java.exe
+ 2009-01-18 15:05 . 2009-01-18 15:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-05 17:03 . 2009-07-05 17:03 1563648 c:\windows\Installer\7523e9.msi
+ 2009-07-05 16:32 . 2009-07-05 16:32 6653952 c:\windows\Installer\75216a.msp
+ 2009-07-05 16:28 . 2009-07-05 16:28 3938816 c:\windows\Installer\5677c2.msi
+ 2008-12-18 15:48 . 2008-12-18 15:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-26 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-19 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-19 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8D3A722-F468-4E25-91F0-E0F6E1B3632A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5DFE67E4-ABC5-4CD2-8172-F7DD4E2CFD7A}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"UDP Query User{1867C0BA-EBAC-432F-A452-4C4065ED7F36}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"TCP Query User{F4F6A2BB-360C-4E54-A8EB-1C06F3945FD5}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{B07EF57C-EF0A-4888-97F7-ADE6ED5A915B}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{39332BFF-C79C-466E-A951-72755EDD15A5}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{536783F4-BCFD-480D-A35C-4686CADAC805}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{5305FEA8-4B79-4E9A-AA21-C028E1D89629}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{DAB539A6-9520-4AE6-8BEF-ED478C47255D}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{EC86C692-FB3A-4E76-8567-CBD336CAB3F3}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{5C0E3160-29E5-4377-B035-2542850E46CD}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{50AF2714-046B-4B6B-A1E9-02C2260B45D6}c:\\program files\\steam\\steamapps\\owenfranklin\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\owenfranklin\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{161216BB-737C-4F7C-8A2D-8FB8719F1B8C}c:\\program files\\steam\\steamapps\\owenfranklin\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\owenfranklin\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{6E9AAD9B-45AC-48AE-BD9F-6CB449878041}c:\\program files\\steam\\steamapps\\owenfranklin\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\owenfranklin\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{B3D13A9F-110C-47A2-9A78-3712746439F4}c:\\program files\\steam\\steamapps\\owenfranklin\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\owenfranklin\counter-strike\hl.exe:Half-Life Launcher
"{A53F963D-4D33-42A2-9F4B-597CA7D44709}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{C58CCC6E-5F0D-4939-9AE1-AB27CB7A2D2F}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"TCP Query User{6CA99DED-A5E4-4AB3-AB39-5AA91970D4C0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C5673D3F-1161-412D-96B1-E41A68C99054}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B6EBE8CD-E4DB-420D-834B-0ED7290186E6}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{C475BB12-92F2-479D-8824-879F08AD5531}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{54F1FBF8-076C-4016-902E-526437704F8F}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{EE8AA125-A71D-4CC0-97D3-1DA620C4BEF8}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{009C9172-B1C4-43F0-98FE-03EC0AD03D13}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{582D3E23-C8D9-42A3-81B6-0FC5FB233F6B}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{03029C39-234B-4627-8C54-B7897CDB3E36}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{424A691C-7CA4-4817-9C4F-1528BB4C2E04}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7DEAF100-AA1E-4CAD-98ED-1F621E61FFD6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{180943DA-3F48-42E7-B7BE-7F32D2094970}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{596E5F01-7F43-49CC-AE9E-3A0A4CFB1CBC}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0198FDF3-943C-4C6D-8730-9D687DD5A2B7}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{B9E63BA5-2254-4346-9956-FA39CD416CD2}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\zombie panic! source\hl2.exe:hl2
"UDP Query User{5C3A9CC9-A4A6-466F-A469-CB0F34D38407}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\zombie panic! source\hl2.exe:hl2
"TCP Query User{26E8A4A1-277C-4A3E-AC9F-B4B3FEC47904}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\team fortress 2\hl2.exe:hl2
"UDP Query User{2420FCD9-85CB-4A24-A91C-90B6B716EA30}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\team fortress 2\hl2.exe:hl2
"TCP Query User{683340ED-0CD9-46A6-895B-461DA8F63340}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\day of defeat source\hl2.exe:hl2
"UDP Query User{D20A957E-1702-4009-AEED-F7EFEF083E87}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\day of defeat source\hl2.exe:hl2
"TCP Query User{5F270A57-F1EF-449B-91E4-C5C736F8DC5A}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\alliwantiscakeandlove\age of chivalry\hl2.exe:hl2
"UDP Query User{C324EF3C-9796-48EC-9888-50EE0CA87B37}c:\\program files\\steam\\steamapps\\alliwantiscakeandlove\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\alliwantiscakeandlove\age of chivalry\hl2.exe:hl2
"TCP Query User{B20829D9-F19F-476E-90D1-0154D144F32F}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"UDP Query User{00AC615C-4E2F-4B06-AEB8-9D0B05E17B9F}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"TCP Query User{1350F6D5-3802-4563-858D-6BF96EA126B6}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"UDP Query User{066DCE93-1D49-403F-86F7-CA72EFFC4121}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"TCP Query User{C0E1273F-5C3E-4CA9-B55D-DCD3E521B873}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{04531EE0-3700-4861-BD60-7245178A3F8E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{DCA2F104-9BC9-41BA-AA77-3BE357E138E9}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{A48389E4-88A0-442E-BC74-695850DF16D6}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{B833F7EE-E1D5-48A6-8EEF-1A4FB93C326C}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E1B64EDE-99A8-48E4-BCCC-275684D97997}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{036BF004-AD41-4E89-9512-2338A74F14FA}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{06016DBC-DE40-4571-BA16-0F33922899F9}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{F61B76C3-32BE-46D6-B7DB-4ACFF9360580}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{055145C5-8944-43A6-8E82-5B1C017A52AD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{098976B8-8EFE-495E-8D13-16DDD2263A7B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8AA44FA3-97A8-4BDB-9339-18024FC58731}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D92F2FD6-C78A-4246-9D8C-44AA7352F623}c:\\games\\left 4 dead\\left4dead.exe"= UDP:c:\games\left 4 dead\left4dead.exe:left4dead
"UDP Query User{1A433098-5998-4BA2-AB3C-C9762D2BF8E1}c:\\games\\left 4 dead\\left4dead.exe"= TCP:c:\games\left 4 dead\left4dead.exe:left4dead
"TCP Query User{838CE665-59F5-453A-B504-549D985BAA2F}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= UDP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"UDP Query User{58FD46A4-63C0-4EF8-8759-015501E50459}c:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= TCP:c:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"TCP Query User{26F4191A-7409-4B49-90DA-66BFAB8FB0E4}c:\\users\\tom\\documents\\azureus downloads\\[pc] codename panzers phase one [dopeman]\\panzers - phase1\\panzers - phase1\\run\\panzers.exe"= UDP:c:\users\tom\documents\azureus downloads\[pc] codename panzers phase one [dopeman]\panzers - phase1\panzers - phase1\run\panzers.exe:panzers.exe
"UDP Query User{A7F3A2AA-0CBC-4BC1-8493-9993FCFC8D49}c:\\users\\tom\\documents\\azureus downloads\\[pc] codename panzers phase one [dopeman]\\panzers - phase1\\panzers - phase1\\run\\panzers.exe"= TCP:c:\users\tom\documents\azureus downloads\[pc] codename panzers phase one [dopeman]\panzers - phase1\panzers - phase1\run\panzers.exe:panzers.exe
"TCP Query User{A7F93224-9C8B-4C3D-AA69-4ACC3F1BA96A}c:\\program files\\ssi\\close combat invasion normandy\\cc5.exe"= UDP:c:\program files\ssi\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"UDP Query User{96EC033D-428D-4822-A716-E0DF22CD33FD}c:\\program files\\ssi\\close combat invasion normandy\\cc5.exe"= TCP:c:\program files\ssi\close combat invasion normandy\cc5.exe:Close Combat(tm)V: Invasion Normandy
"TCP Query User{9F4146CF-05FA-41F9-B53C-4815E8FFFA62}c:\\program files\\evil islands\\game.exe"= UDP:c:\program files\evil islands\game.exe:game
"UDP Query User{83B2CC42-4D13-46BE-8FB0-CB181F214733}c:\\program files\\evil islands\\game.exe"= TCP:c:\program files\evil islands\game.exe:game
"TCP Query User{6D0DFA3C-726E-4F81-A8FC-90BD97D53687}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{26EBC299-4E18-4769-9003-5EA579E9D833}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{103F1A6F-42C1-41A0-9A69-C529E7EE54AF}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{8FD310F7-3E0E-402D-9E38-E5040D5417AC}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{875969BF-515C-4BC4-AB8F-BCC4C4A5702E}"= Disabled:UDP:c:\program files\Steam\steamapps\common\football manager 2009 demo\fm.exe:Football Manager 2009 Demo
"{6BD322DC-E6CB-4658-BC98-4D039DCCFA35}"= Disabled:TCP:c:\program files\Steam\steamapps\common\football manager 2009 demo\fm.exe:Football Manager 2009 Demo
"TCP Query User{89E3F291-C285-44B2-AF30-B79DAFA77A9F}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{B75D7FB6-A19A-40FD-902C-A15FE9B9DAE1}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{85D7F9FC-5FC1-41DA-913D-D5BEF1FD1152}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{0195F003-E22C-4965-967F-3719C5BE2D4C}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B7A758DC-0816-4EAF-8770-0CA37A6F9363}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{430F6BB2-A4EF-49F0-82BD-676A06B4594E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{6A6DC9A8-DFD7-4502-8835-08E3CD9389FE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E5402EEE-FE54-4586-8427-257D7449CC3B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{E394F479-9D76-450F-807E-0242438A872B}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"UDP Query User{CBAC7DF9-D0CC-4AD0-BDBD-78AECEC38D92}c:\\program files\\steam\\steamapps\\tommyb1988\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\zombie panic! source\hl2.exe:hl2
"{9188ED74-0B68-434E-AD1C-79C588B26BC9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{90007DAD-9E32-4B15-9433-E7593DDD5D93}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{270FBCAD-C7D3-4B10-A526-2035E7594949}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F9CBFD75-056E-4375-B85D-70B490962579}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8912A1BF-CFE5-42F1-9489-030B5205945E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7F5FE0DF-8EA5-44B5-9044-CBAF1694C4A9}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{D0A52A77-37C2-4945-96B5-F3F4EFD9908F}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{3A843C85-D08D-4C1E-9F81-A8D5485D63EA}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"UDP Query User{C873C6AC-6279-4265-BEF8-114C6604551E}c:\\program files\\steam\\steamapps\\tommyb1988\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\team fortress 2\hl2.exe:hl2
"TCP Query User{3CD3476D-369B-424B-8FE2-E8E6F0286F64}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"UDP Query User{91E333D3-F4C0-4666-A2DC-08118940A027}c:\\program files\\steam\\steamapps\\tommyb1988\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\half-life\hl.exe:Half-Life Launcher
"TCP Query User{3C5FCBB4-C324-427E-A05E-9DA596C16315}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"UDP Query User{166C7FB6-83FE-4895-9CFC-5891AD016113}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"TCP Query User{C1CD81EE-737C-407A-B566-7ABCC8B67D0B}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"UDP Query User{7F1DF483-7AE6-4939-8FCC-6618D73C2095}c:\\program files\\steam\\steamapps\\tommyb1988\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\dystopia\hl2.exe:hl2
"TCP Query User{EC903FEF-4EDB-4AEB-A23F-FD129B5153C6}c:\\program files\\steam\\steamapps\\tommyb1988\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\tommyb1988\source sdk base\hl2.exe:hl2
"UDP Query User{09165E37-DFBD-49AB-B885-20B5A3CA8638}c:\\program files\\steam\\steamapps\\tommyb1988\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\tommyb1988\source sdk base\hl2.exe:hl2
"TCP Query User{202B73B2-854E-4213-A5FB-3CEC7B71F8BF}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{7593A9B3-C441-4442-9D20-51C819E172A8}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{96AE371A-228F-4E29-B5CA-36975B99D7D6}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6782A4C0-5C4F-484B-8994-AD8E4C1CCA2B}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 acedrv11;acedrv11;c:\windows\System32\drivers\ACEDRV11.sys [23/01/2008 09:19 501560]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;"c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe" --> c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/football
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://collegio-cam.pittstate.edu/kxhcm10.ocx
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\42purft2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/football
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPplaynet.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\42purft2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 18:10
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
[HKEY_USERS\S-1-5-21-3244221537-1901451940-2186761688-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,df,00,93,39,42,e4,2d,b5,c6,eb,08,a2,53,1f,13,f3,36,0e,88,71,aa,79,
ba,15,9c,b7,bb,f6,db,da,f0,a7,63,6d,32,38,fa,90,7e,42,3c,29,e0,30,31,5b,30,\
"??"=hex:7d,33,27,78,ac,8b,ac,7c,21,e2,c1,2a,90,6d,db,f3
.
Completion time: 2009-07-05 18:12
ComboFix-quarantined-files.txt 2009-07-05 17:11
ComboFix2.txt 2009-07-05 14:47
Pre-Run: 242,178,936,832 bytes free
Post-Run: 242,184,593,408 bytes free
2085 --- E O F --- 2009-06-29 15:11
[B][U]
PS: I am still having the DNSChanger problem.
TomB1988
2009-07-07, 19:54
Hi there, I am still having this problem, I do not want it to slip off into inactivity. I think the main problem lies with my router as I can clean my computer, restart it then it will be infected by the router again.
Hi,
Sorry that I didn't reply earlier. Notifications let me down on this one.
You haven't uninstalled vulnerable Java 6 Update 7 yet. Please do it now.
Have you had any other computer connected to the router than just this one we're fixing? You have to keep all other systems off the router since it's possible one of these other systems carry DNS changer infection which hacks router again after its reset to factory defaults.
Creating & executing batch file
-------------------------------
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
ipconfig /all >c:\ipsettings.txt
Double-click on fixes.bat file to execute it. Please attach c:\ipsettings.txt file to your reply.
TomB1988
2009-07-08, 13:41
Java 6 Update 7 has now been uninstalled.
Contents of ipsettings.txt:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Tom-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-26-1D-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b935:7ab:4828:4e8b%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 July 2009 11:26:41
Lease Expires . . . . . . . . . . : 09 July 2009 11:26:41
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167779593
DNS Servers . . . . . . . . . . . : 85.255.112.189
85.255.112.94
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5928DC5C-CD63-4BB0-B18E-90B3770BB43E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.5%11(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 85.255.112.189
85.255.112.94
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:109c:21df:a3fc:5100(Preferred)
Link-local IPv6 Address . . . . . : fe80::109c:21df:a3fc:5100%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Hi,
Two connections seem to have bad DNS server addresses:
Ethernet adapter Local Area Connection
Tunnel adapter Local Area Connection* 6
Is that tunnel adapter connected to some device? It's better to disable that connection from network settings.
Please make sure that all systems are disconnected from router. Then reset it to factory defaults like you did earlier. After that connect this system (make sure that tunnel adapter connection is disabled) we have been dealing with and use it to logon to router and change its password to strong one. If you leave it to default or set weak one infection will change settings again.
When done, run the batch again to create new ipsettings results. Post it back here.
TomB1988
2009-07-08, 14:43
Ok I did all that you said, but I could not disable Tunnel adapter Local Area Connection* 6. All I see in network connections is Local Area Connection, and if I disable that it means I cannot connect to the router.
Here is the new ipsettings.txt if it helps:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Tom-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-26-1D-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b935:7ab:4828:4e8b%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 July 2009 12:30:08
Lease Expires . . . . . . . . . . : 09 July 2009 12:30:08
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167779593
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.5%14(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
TomB1988
2009-07-08, 14:46
Strangely enough since this reboot I can no longer access http://www.google.com but i can access google.co.uk.
Hi,
Seems that tunnel connection was somehow related to router as well since the ip settings are back correct again. Good. You carried on router password change too, right?
How did this operation differ from your earlier attempt to reset router?
TomB1988
2009-07-08, 15:44
The first thing I did once connecting to the router was change the password to a stronger one.
I reset the router in the same way I did in the first place, pressing the reset button with a pen for 10 seconds.
But now you did change the password after router reset, right? Cos if you didn't then the reset would wipe the password change and you would end up with lousy default one again.
Please make sure you have strong password now in the router and see if dns changer issue still arises. As said earlier, it's possible that some of your other systems is infected with dns changer too. Have you run any scanners on those other systems?
TomB1988
2009-07-08, 15:55
Yes i changed it after I reset the router.
The other computers are currently turned off.
Ok. You should check those other systems one by one now. If issues arise then new topic must be created. We follow one system per one thread policy.
Does this one we've been cleaning work ok with the router now?
TomB1988
2009-07-08, 16:05
It work's with the router, but the DNSChanger problem still exists. I will have a look on the other systems now.
Hi,
How were the other systems?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.