PDA

View Full Version : New Malware.j



Empire
2009-11-27, 16:55
McAfee Quarantins "new malware.j" flie named "svchost.exe" but cant seem to remove it as it keeps coming back, also sometimes random sounds play like adds or something....
I've scanned all my pc with McAfee and Norton 360 and nither are sorting it.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:58, on 27/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Users\Jamie\Desktop\Sarah\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0090111
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/en/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\Windows\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5813/mcfscan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: McAfee Application Installer Cleanup (0052601259243633) (0052601259243633mcinstcleanup) - Unknown owner - C:\Windows\TEMP\005260~1.EXE (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9b317fc2835fa) (gupdate1c9b317fc2835fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 15505 bytes

Blade81
2009-12-01, 22:02
Hi,

You should decide if you want to keep McAfee or Norton. It's not recommended to have more than one antivirus program installed in one system.

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Empire
2009-12-05, 20:57
DDS (Ver_09-12-01.01) - NTFSx86
Run by Jamie at 18:42:29.93 on 05/12/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.824 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jamie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.wow-europe.com/en/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0090111
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet

explorer\SkypeIEPlugin.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11

\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PAC7302_Monitor] "c:\windows\pixart\pac7302\Monitor.exe"
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0

\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program

files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\2te8j6si.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow-europe.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-12-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-12-3 482432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2009-12-3 102448]

=============== Created Last 30 ================

2009-12-03 22:47:59 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-03 22:47:59 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-03 22:47:49 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-03 22:47:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-03 22:47:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-03 22:47:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 22:47:38 0 d-----w- c:\program files\Symantec
2009-12-03 22:46:03 0 d-----w- c:\windows\system32\drivers\N360
2009-12-03 22:45:59 0 d-----w- c:\program files\Norton 360
2009-12-03 22:14:52 0 d-----w- c:\programdata\Symantec Temporary Files
2009-12-01 07:44:02 276189014 ----a-w- c:\windows\MEMORY.DMP
2009-11-29 22:14:41 0 d-----w- c:\program files\MSXML 4.0
2009-11-29 17:42:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-29 16:06:35 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-29 12:18:29 0 d-----w- c:\users\jamie\appdata\roaming\Malwarebytes
2009-11-29 12:18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 12:18:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 12:18:11 0 d-----w- c:\programdata\Malwarebytes
2009-11-29 12:18:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 10:33:43 0 d-----w- c:\program files\MSSOAP
2009-11-29 10:33:43 0 d-----w- c:\program files\common files\MSSoap
2009-11-29 10:33:28 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-29 10:33:28 0 d-----w- c:\users\jamie\appdata\roaming\Webroot
2009-11-29 10:33:28 0 d-----w- c:\programdata\Webroot
2009-11-29 10:33:28 0 d-----w- c:\program files\Webroot
2009-11-29 10:27:51 164 ----a-w- c:\windows\install.dat
2009-11-28 21:55:15 0 d-----w- c:\program files\Windows Portable Devices
2009-11-28 21:54:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-28 21:50:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 21:48:36 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-28 21:47:31 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-28 21:47:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-28 21:47:31 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-28 19:22:52 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 19:22:52 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 18:55:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-27 20:28:28 0 d-----w- c:\windows\system32\N360_BACKUP
2009-11-27 13:49:23 0 d---a-w- c:\programdata\TEMP
2009-11-27 10:58:36 0 d-----w- c:\programdata\Symantec
2009-11-26 21:29:19 0 d-----w- c:\windows\49FA793C785E47E993DFBD442B0B45D1.TMP
2009-11-26 16:20:13 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-26 16:14:07 0 d-----w- c:\programdata\Norton
2009-11-26 16:13:59 0 d-----w- c:\programdata\NortonInstaller
2009-11-26 16:13:59 0 d-----w- c:\program files\NortonInstaller
2009-11-26 14:31:06 0 d-----w- c:\users\jamie\appdata\roaming\McAfee
2009-11-24 09:00:54 0 d-----w- c:\program files\s3pe
2009-11-20 18:58:39 0 d-----w- c:\programdata\Electronic Arts
2009-11-20 18:56:48 0 d-----w- c:\program files\Microsoft WSE
2009-11-17 17:21:31 65536 --sha-w- c:\users\jamie\ntuser.dat{0e22a8d7-d397-11de-beb0-0021700a5df4}.TM.blf
2009-11-17 17:21:31 524288 --sha-w- c:\users\jamie\ntuser.dat{0e22a8d7-d397-11de-beb0-

0021700a5df4}.TMContainer00000000000000000002.regtrans-ms
2009-11-17 17:21:31 524288 --sha-w- c:\users\jamie\ntuser.dat{0e22a8d7-d397-11de-beb0-

0021700a5df4}.TMContainer00000000000000000001.regtrans-ms
2009-11-16 11:36:39 0 d-----w- c:\windows\system32\eu-ES
2009-11-16 11:36:39 0 d-----w- c:\windows\system32\ca-ES
2009-11-16 11:36:37 0 d-----w- c:\windows\system32\vi-VN
2009-11-16 10:59:15 0 d-----w- c:\windows\system32\EventProviders
2009-11-12 11:56:02 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 11:55:38 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 13:09:59 800768 ----a-w- c:\windows\system32\advapi32.dll
2009-11-10 13:08:59 79872 ----a-w- c:\windows\system32\authz.dll
2009-11-10 13:07:52 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-11-10 12:25:57 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-06 12:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys

==================== Find3M ====================

2009-12-05 15:57:55 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-05 15:57:40 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-03 22:47:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-03 22:47:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 22:47:42 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-29 01:20:57 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 21:54:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-28 21:17:26 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-28 10:17:34 1688 ----a-w- c:\users\jamie\appdata\roaming\wklnhst.dat
2009-11-16 11:16:27 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-27 22:53:54 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-11 00:24:05 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:46:55.36 ===============

Blade81
2009-12-06, 10:39
Hi,

I couldn't get the attachment open. Could you post attach.txt contents in your reply as plain text, please? Are the original symptoms still left?

Empire
2009-12-08, 19:33
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/01/2009 16:44:59
System Uptime: 12/05/2009 06:33:07 (4980 hours ago)

Motherboard: Dell Inc. | | 0K216C
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 2500/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 103.837 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.817 GiB free.
E: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Avanquest update
BitLord v2.0
Bonjour
Browser Address Error Redirector
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
Combat Arms EU
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Day of Defeat: Source
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
DivX Codec
EA Download Manager
EDocs
FLV Player 2.0 (build 25)
Fraps (remove only)
Gems Swap 1.1.0
Glitchys MES
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
Internet From BT
iTunes
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.8.5 (Full)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Norton 360
Octoshape add-in for Adobe Flash Player
OFx Q3 Version Switch v2.05
OGA Notifier 2.0.0048.0
PC VGA Camer@ Plus
PunkBuster Services
Qtracker
Quake III Arena
Quake III Arena Point Release 1.32
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Shareaza
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.9.0 (remove only)
Skins
Skype™ 3.8
Sony Ericsson Media Manager 1.2
Sony Ericsson PC Suite 4.010.00
Spy Sweeper Core
Steam(TM)
TalkTalk Assist & Go
The Sims™ 3
Tortun 0.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Webroot AntiVirus with Spy Sweeper
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinZip 12.0
World of Warcraft

==== End Of File ===========================

Blade81
2009-12-08, 20:34
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Bitlord
Shareaza


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Empire
2009-12-08, 22:00
ok well the New Malware.j has stopped being picked up by mcafee however very often i now get audio adds playing over my speakers and a few days ago this lasted over 20mins till i reset the pc.

i tryed spy sweeper from webroot although i dont have the money to buy this yet it has found: adware Topsearch, Mal/FakeAvJs-a

Blade81
2009-12-09, 00:10
Hi,

Please follow instructions in my previous post. If you already did, post the requested logs :)

Empire
2009-12-13, 03:01
ComboFix 09-12-11.05 - Jamie 13/12/2009 0:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1974 [GMT 0:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-3733417652-4079258557-882539575-500
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\run.log

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 00:44 . 2009-12-13 00:45 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2009-12-13 00:44 . 2009-12-13 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 19:26 . 2009-12-12 19:38 -------- d-----w- c:\programdata\SITEguard
2009-12-12 19:24 . 2009-12-12 19:24 -------- d-----w- c:\program files\Common Files\iS3
2009-12-12 19:24 . 2009-12-12 23:59 -------- d-----w- c:\programdata\STOPzilla!
2009-12-12 17:11 . 2009-12-03 04:33 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\NAVEX32A.DLL
2009-12-12 17:11 . 2009-12-03 04:33 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\NAVENG.SYS
2009-12-12 17:11 . 2009-12-03 04:33 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\NAVENG32.DLL
2009-12-12 17:11 . 2009-12-03 04:33 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\NAVEX15.SYS
2009-12-12 17:11 . 2009-12-03 04:33 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\ERASER.SYS
2009-12-12 17:11 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\CCERASER.DLL
2009-12-12 17:11 . 2009-12-03 04:33 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\EECTRL.SYS
2009-12-12 17:11 . 2009-12-03 04:33 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091212.004\ECMSVR32.DLL
2009-12-09 08:12 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:12 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 08:12 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 07:00 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 07:00 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 07:00 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 06:57 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 00:31 . 2009-12-09 00:31 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:51 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-12-03 22:51 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-12-03 22:51 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-12-03 22:51 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-12-03 22:51 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-12-03 22:48 . 2009-12-03 22:46 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-03 22:47 . 2009-12-03 22:47 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-03 22:47 . 2009-12-03 22:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-03 22:47 . 2009-12-03 22:47 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-03 22:47 . 2009-12-03 22:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\program files\Symantec
2009-12-03 22:47 . 2009-12-03 22:47 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-03 22:47 . 2009-12-03 22:47 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-03 22:47 . 2009-12-03 22:47 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-03 22:46 . 2009-12-03 22:46 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-03 22:46 . 2009-12-03 22:46 -------- d-----w- c:\windows\system32\drivers\N360
2009-12-03 22:45 . 2009-12-03 22:46 -------- d-----w- c:\program files\Norton 360
2009-12-03 22:31 . 2009-12-03 22:31 -------- d-----w- c:\users\Jamie\AppData\Local\Symantec
2009-12-03 22:14 . 2009-12-03 22:17 82952792 ----a-w- c:\programdata\Symantec Temporary Files\N360S300EN.exe
2009-12-03 22:14 . 2009-12-03 22:14 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-11-29 22:14 . 2009-11-29 22:14 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 17:42 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-29 12:18 . 2009-11-29 12:18 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2009-11-29 12:18 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 12:18 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 12:18 . 2009-11-29 12:18 -------- d-----w- c:\programdata\Malwarebytes
2009-11-29 12:18 . 2009-12-09 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\program files\MSSOAP
2009-11-29 10:33 . 2009-11-29 10:37 -------- d-----w- c:\programdata\Webroot
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\users\Jamie\AppData\Roaming\Webroot
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\program files\Webroot
2009-11-29 10:33 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-29 10:27 . 2009-11-29 10:27 164 ----a-w- c:\windows\install.dat
2009-11-28 21:55 . 2009-11-28 21:55 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-28 21:50 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 21:48 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-28 21:48 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-28 21:48 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-28 21:48 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-28 21:48 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-28 21:48 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-28 21:48 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-28 21:48 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-28 21:48 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-28 21:48 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-28 21:48 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-28 21:48 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-28 21:47 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-28 21:47 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-28 21:47 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-28 21:20 . 2009-11-28 21:20 -------- d-----w- c:\users\Jamie\AppData\Roaming\Media Player Classic
2009-11-28 19:22 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 19:22 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 18:55 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-27 20:28 . 2009-11-27 20:28 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-11-27 13:59 . 2009-11-27 13:59 -------- d-----w- c:\users\Jamie\AppData\Local\Threat Expert
2009-11-27 10:58 . 2009-11-27 10:58 -------- d-----w- c:\programdata\Symantec
2009-11-26 21:29 . 2009-11-26 21:30 -------- d-----w- c:\windows\49FA793C785E47E993DFBD442B0B45D1.TMP
2009-11-26 16:20 . 2009-12-03 22:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-26 16:14 . 2009-12-03 22:45 -------- d-----w- c:\programdata\Norton
2009-11-26 16:13 . 2009-12-03 22:34 -------- d-----w- c:\program files\NortonInstaller
2009-11-26 16:13 . 2009-12-03 22:32 -------- d-----w- c:\programdata\NortonInstaller
2009-11-26 14:31 . 2009-11-26 14:31 -------- d-----w- c:\users\Jamie\AppData\Roaming\McAfee
2009-11-24 09:00 . 2009-11-26 12:17 -------- d-----w- c:\program files\s3pe
2009-11-20 18:58 . 2009-11-29 17:54 -------- d-----w- c:\programdata\Electronic Arts
2009-11-20 18:56 . 2009-11-20 18:56 -------- d-----w- c:\program files\Microsoft WSE
2009-11-20 18:42 . 2009-11-29 17:51 -------- d-----w- c:\program files\Electronic Arts
2009-11-20 15:33 . 2009-11-20 15:33 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-11-20 15:31 . 2009-11-20 15:31 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2009-11-17 18:15 . 2009-11-17 18:15 680 ----a-w- c:\users\Jamie\AppData\Local\d3d9caps.dat
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\ca-ES
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\eu-ES
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\vi-VN
2009-11-16 10:59 . 2009-11-16 10:59 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 00:24 . 2009-02-02 09:44 -------- d-----w- c:\users\Jamie\AppData\Roaming\Skype
2009-12-13 00:23 . 2009-02-02 09:46 -------- d-----w- c:\users\Jamie\AppData\Roaming\skypePM
2009-12-12 23:50 . 2009-12-12 19:35 4968 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-12 23:29 . 2009-04-01 22:18 -------- d-----w- c:\programdata\Google Updater
2009-12-12 19:32 . 2009-05-14 17:36 -------- d-----w- c:\program files\Steam
2009-12-12 18:55 . 2009-01-17 12:28 -------- d-----w- c:\program files\BitLord2
2009-12-09 08:45 . 2009-01-13 14:09 -------- d-----r- c:\program files\World of Warcraft
2009-12-09 08:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 08:09 . 2009-01-10 16:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-08 22:19 . 2009-01-14 10:26 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-08 22:19 . 2009-01-14 10:25 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-08 13:29 . 2009-04-07 14:17 1904 ----a-w- c:\users\Jamie\AppData\Roaming\wklnhst.dat
2009-12-03 22:47 . 2009-12-03 22:47 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-03 22:47 . 2009-12-03 22:47 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-29 17:26 . 2009-01-10 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 01:20 . 2009-11-10 13:09 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 21:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-28 21:54 . 2009-11-28 21:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-28 21:17 . 2009-01-14 10:25 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-27 13:12 . 2009-01-13 16:15 -------- d-----w- c:\program files\mIRC
2009-11-26 21:30 . 2009-04-02 13:37 -------- d-----w- c:\program files\McAfee
2009-11-26 14:30 . 2009-01-10 17:03 -------- d-----w- c:\programdata\McAfee
2009-11-26 14:19 . 2009-01-10 17:02 -------- d-----w- c:\program files\Dell
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-10 12:25 . 2009-01-13 11:24 -------- d-----w- c:\program files\Windows Live
2009-11-08 13:38 . 2009-07-05 20:57 -------- d-----w- c:\program files\QuickTime
2009-11-06 12:00 . 2009-11-06 12:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2009-11-06 12:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2009-11-06 12:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-01 14:00 . 2009-05-14 17:44 -------- d-----w- c:\program files\Common Files\Steam
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-09-27 22:53 . 2009-01-14 10:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-25 02:10 . 2009-11-28 21:49 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-28 21:49 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-28 21:49 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-28 21:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-28 21:49 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-28 21:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-28 21:49 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-28 21:49 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-28 21:49 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-28 21:49 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-28 21:49 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-28 21:49 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-28 21:49 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-28 21:49 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-28 21:49 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-28 21:49 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-28 21:49 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-28 21:49 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-28 21:49 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-28 21:49 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-28 21:49 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-28 21:49 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-28 21:49 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-28 21:49 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-28 21:49 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-28 21:49 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-28 21:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-21 16:09 . 2009-09-21 16:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 09:22 . 2009-04-02 13:38 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-04-02 13:38 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-04-02 13:38 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-01-16 19:04 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-04-02 13:33 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-15 09:08 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-01-11 00:24 . 2009-01-11 00:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 15:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-10 17:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-10 17:02 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-10 17:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):35,45,e8,1f,b2,66,ca,01

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [06/11/2009 12:00 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [03/12/2009 22:47 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [03/12/2009 22:47 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [03/12/2009 22:47 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys [03/12/2009 22:51 343088]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 22:09 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/04/2009 13:39 93320]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [03/12/2009 22:47 117640]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [29/11/2009 10:35 1201640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/12/2009 04:33 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [03/12/2009 22:47 48688]
S2 gupdate1c9b317fc2835fa;Google Update Service (gupdate1c9b317fc2835fa);c:\program files\Google\Update\GoogleUpdate.exe [01/04/2009 22:19 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 12:25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/01/2009 17:02 30192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [14/03/2009 09:47 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [14/03/2009 09:47 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [14/03/2009 09:47 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [14/03/2009 09:47 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [14/03/2009 09:47 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [14/03/2009 09:47 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [14/03/2009 09:47 115752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wow-europe.com/en/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\2te8j6si.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow-europe.com
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 00:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8533E369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a005d24
\Driver\ACPI -> acpi.sys @ 0x80696d68
\Driver\atapi -> ataport.SYS @ 0x829ada2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-13 00:50:37
ComboFix-quarantined-files.txt 2009-12-13 00:50

Pre-Run: 107,799,830,528 bytes free
Post-Run: 107,779,928,064 bytes free

- - End Of File - - FF497F533EC5645EC5D557BDC9D360FD

Blade81
2009-12-13, 11:31
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\program files\BitLord2



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Also, start Malwarebytes' Anti-Malware, go to updates tab and check for new updates. When done, run a quick scan and let MBAM remove its findings. Post back the report.

Empire
2009-12-14, 15:00
ComboFix 09-12-11.05 - Jamie 14/12/2009 12:32:26.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1930 [GMT 0:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
Command switches used :: c:\users\Jamie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitLord2
c:\program files\BitLord2\BitTorrentSearchs.xml.backup
c:\program files\BitLord2\BitTorrentTrackers.xml.backup

.
((((((((((((((((((((((((( Files Created from 2009-11-14 to 2009-12-14 )))))))))))))))))))))))))))))))
.

2009-12-14 12:44 . 2009-12-14 12:46 -------- d-----w- c:\users\Jamie\AppData\Local\temp
2009-12-14 12:44 . 2009-12-14 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-14 03:08 . 2009-12-03 04:33 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\NAVENG.SYS
2009-12-14 03:08 . 2009-12-03 04:33 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\NAVENG32.DLL
2009-12-14 03:08 . 2009-12-03 04:33 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\NAVEX32A.DLL
2009-12-14 03:08 . 2009-12-03 04:33 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\NAVEX15.SYS
2009-12-14 03:08 . 2009-12-03 04:33 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\ERASER.SYS
2009-12-14 03:08 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\CCERASER.DLL
2009-12-14 03:08 . 2009-12-03 04:33 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\EECTRL.SYS
2009-12-14 03:08 . 2009-12-03 04:33 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091213.020\ECMSVR32.DLL
2009-12-14 01:26 . 2009-12-14 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 01:12 . 2009-12-14 01:24 -------- d-----w- c:\users\Jamie\.SunDownloadManager
2009-12-14 01:00 . 2009-12-14 01:00 38784 ----a-w- c:\users\Jamie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 01:00 . 2009-12-14 01:00 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-14 01:00 . 2009-12-14 01:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-14 00:55 . 2009-12-14 00:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 19:26 . 2009-12-12 19:38 -------- d-----w- c:\programdata\SITEguard
2009-12-12 19:24 . 2009-12-12 19:24 -------- d-----w- c:\program files\Common Files\iS3
2009-12-12 19:24 . 2009-12-12 23:59 -------- d-----w- c:\programdata\STOPzilla!
2009-12-09 08:12 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:12 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 08:12 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 07:00 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 07:00 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 07:00 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 06:57 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 00:31 . 2009-12-09 00:31 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:51 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-12-03 22:51 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-12-03 22:51 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-12-03 22:51 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-12-03 22:51 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-12-03 22:48 . 2009-12-03 22:46 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-03 22:47 . 2009-12-03 22:47 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-03 22:47 . 2009-12-03 22:47 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-03 22:47 . 2009-12-03 22:47 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-03 22:47 . 2009-12-03 22:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-03 22:47 . 2009-12-03 22:47 -------- d-----w- c:\program files\Symantec
2009-12-03 22:47 . 2009-12-03 22:47 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-03 22:47 . 2009-12-03 22:47 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-03 22:47 . 2009-12-03 22:47 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-03 22:46 . 2009-12-03 22:46 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-03 22:46 . 2009-12-03 22:46 -------- d-----w- c:\windows\system32\drivers\N360
2009-12-03 22:45 . 2009-12-03 22:46 -------- d-----w- c:\program files\Norton 360
2009-12-03 22:31 . 2009-12-03 22:31 -------- d-----w- c:\users\Jamie\AppData\Local\Symantec
2009-12-03 22:14 . 2009-12-03 22:17 82952792 ----a-w- c:\programdata\Symantec Temporary Files\N360S300EN.exe
2009-12-03 22:14 . 2009-12-03 22:14 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-11-29 22:14 . 2009-11-29 22:14 -------- d-----w- c:\program files\MSXML 4.0
2009-11-29 17:42 . 2006-09-28 16:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-29 12:18 . 2009-11-29 12:18 -------- d-----w- c:\users\Jamie\AppData\Roaming\Malwarebytes
2009-11-29 12:18 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 12:18 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 12:18 . 2009-11-29 12:18 -------- d-----w- c:\programdata\Malwarebytes
2009-11-29 12:18 . 2009-12-09 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\program files\MSSOAP
2009-11-29 10:33 . 2009-11-29 10:37 -------- d-----w- c:\programdata\Webroot
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\users\Jamie\AppData\Roaming\Webroot
2009-11-29 10:33 . 2009-11-29 10:33 -------- d-----w- c:\program files\Webroot
2009-11-29 10:33 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-29 10:27 . 2009-11-29 10:27 164 ----a-w- c:\windows\install.dat
2009-11-28 21:55 . 2009-11-28 21:55 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-28 21:50 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-28 21:48 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-28 21:48 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-28 21:48 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-28 21:48 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-28 21:48 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-28 21:48 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-28 21:48 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-28 21:48 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-28 21:48 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-28 21:48 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-28 21:48 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-28 21:48 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-28 21:47 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-28 21:47 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-28 21:47 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-28 21:20 . 2009-11-28 21:20 -------- d-----w- c:\users\Jamie\AppData\Roaming\Media Player Classic
2009-11-28 19:22 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-28 19:22 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-28 18:55 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-27 20:28 . 2009-11-27 20:28 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-11-27 13:59 . 2009-11-27 13:59 -------- d-----w- c:\users\Jamie\AppData\Local\Threat Expert
2009-11-27 10:58 . 2009-11-27 10:58 -------- d-----w- c:\programdata\Symantec
2009-11-26 21:29 . 2009-11-26 21:30 -------- d-----w- c:\windows\49FA793C785E47E993DFBD442B0B45D1.TMP
2009-11-26 16:20 . 2009-12-03 22:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-26 16:14 . 2009-12-03 22:45 -------- d-----w- c:\programdata\Norton
2009-11-26 16:13 . 2009-12-03 22:34 -------- d-----w- c:\program files\NortonInstaller
2009-11-26 16:13 . 2009-12-03 22:32 -------- d-----w- c:\programdata\NortonInstaller
2009-11-26 14:31 . 2009-11-26 14:31 -------- d-----w- c:\users\Jamie\AppData\Roaming\McAfee
2009-11-24 09:00 . 2009-11-26 12:17 -------- d-----w- c:\program files\s3pe
2009-11-20 18:58 . 2009-11-29 17:54 -------- d-----w- c:\programdata\Electronic Arts
2009-11-20 18:56 . 2009-11-20 18:56 -------- d-----w- c:\program files\Microsoft WSE
2009-11-20 18:42 . 2009-11-29 17:51 -------- d-----w- c:\program files\Electronic Arts
2009-11-20 15:33 . 2009-11-20 15:33 625728 ----a-w- c:\programdata\id Software\QuakeLive\npquakezero.dll
2009-11-20 15:31 . 2009-11-20 15:31 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2009-11-17 18:15 . 2009-11-17 18:15 680 ----a-w- c:\users\Jamie\AppData\Local\d3d9caps.dat
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\ca-ES
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\eu-ES
2009-11-16 11:36 . 2009-11-16 11:37 -------- d-----w- c:\windows\system32\vi-VN
2009-11-16 10:59 . 2009-11-16 10:59 -------- d-----w- c:\windows\system32\EventProviders
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\Patch8311\hub.scr
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\tmp5fbc.tmp\hub.scr
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\tmp5fbc.tmp\cur.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-14 01:37 . 2009-01-10 16:55 -------- d-----w- c:\program files\Java
2009-12-14 00:30 . 2009-04-01 22:18 -------- d-----w- c:\programdata\Google Updater
2009-12-14 00:15 . 2009-02-02 09:44 -------- d-----w- c:\users\Jamie\AppData\Roaming\Skype
2009-12-14 00:02 . 2009-02-02 09:46 -------- d-----w- c:\users\Jamie\AppData\Roaming\skypePM
2009-12-13 22:44 . 2009-01-14 10:26 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-13 22:44 . 2009-01-14 10:25 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 23:50 . 2009-12-12 19:35 4968 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-12 19:32 . 2009-05-14 17:36 -------- d-----w- c:\program files\Steam
2009-12-09 08:45 . 2009-01-13 14:09 -------- d-----r- c:\program files\World of Warcraft
2009-12-09 08:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-08 13:29 . 2009-04-07 14:17 1904 ----a-w- c:\users\Jamie\AppData\Roaming\wklnhst.dat
2009-12-03 22:47 . 2009-12-03 22:47 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-03 22:47 . 2009-12-03 22:47 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-29 17:26 . 2009-01-10 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 01:20 . 2009-11-10 13:09 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-28 21:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-28 21:54 . 2009-11-28 21:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-28 21:17 . 2009-01-14 10:25 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-27 13:12 . 2009-01-13 16:15 -------- d-----w- c:\program files\mIRC
2009-11-26 21:30 . 2009-04-02 13:37 -------- d-----w- c:\program files\McAfee
2009-11-26 14:30 . 2009-01-10 17:03 -------- d-----w- c:\programdata\McAfee
2009-11-26 14:19 . 2009-01-10 17:02 -------- d-----w- c:\program files\Dell
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-16 11:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-10 12:25 . 2009-01-13 11:24 -------- d-----w- c:\program files\Windows Live
2009-11-08 13:38 . 2009-07-05 20:57 -------- d-----w- c:\program files\QuickTime
2009-11-06 12:00 . 2009-11-06 12:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2009-11-06 12:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2009-11-06 12:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-01 14:00 . 2009-05-14 17:44 -------- d-----w- c:\program files\Common Files\Steam
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-09-27 22:53 . 2009-01-14 10:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-25 02:10 . 2009-11-28 21:49 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-28 21:49 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-28 21:49 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-28 21:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-28 21:49 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-28 21:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-28 21:49 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-28 21:49 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-28 21:49 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-28 21:49 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-28 21:49 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-28 21:49 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-28 21:49 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-28 21:49 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-28 21:49 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-28 21:49 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-28 21:49 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-28 21:49 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-28 21:49 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-28 21:49 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-28 21:49 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-28 21:49 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-28 21:49 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-28 21:49 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-28 21:49 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-28 21:49 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-28 21:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-21 16:09 . 2009-09-21 16:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 09:22 . 2009-04-02 13:38 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-04-02 13:38 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-04-02 13:38 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-01-16 19:04 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-04-02 13:33 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-01-11 00:24 . 2009-01-11 00:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 15:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-14 149280]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-10 17:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-10 17:02 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-10 17:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):35,45,e8,1f,b2,66,ca,01

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [06/11/2009 12:00 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [03/12/2009 22:47 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [03/12/2009 22:47 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [03/12/2009 22:47 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys [03/12/2009 22:51 343088]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [23/09/2008 22:09 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [02/04/2009 13:39 93320]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [03/12/2009 22:47 117640]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\supportsoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [29/11/2009 10:35 1201640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/12/2009 04:33 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [03/12/2009 22:47 48688]
S2 gupdate1c9b317fc2835fa;Google Update Service (gupdate1c9b317fc2835fa);c:\program files\Google\Update\GoogleUpdate.exe [01/04/2009 22:19 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 12:25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/01/2009 17:02 30192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [14/03/2009 09:47 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [14/03/2009 09:47 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [14/03/2009 09:47 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [14/03/2009 09:47 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [14/03/2009 09:47 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [14/03/2009 09:47 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [14/03/2009 09:47 115752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wow-europe.com/en/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\2te8j6si.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wow-europe.com
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-14 12:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8533E369]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a041d24
\Driver\ACPI -> acpi.sys @ 0x806a0d68
\Driver\atapi -> ataport.SYS @ 0x829a7a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-14 12:52:38
ComboFix-quarantined-files.txt 2009-12-14 12:52
ComboFix2.txt 2009-12-13 00:50

Pre-Run: 116,219,174,912 bytes free
Post-Run: 116,365,832,192 bytes free

- - End Of File - - BCE70EA3E4935F3164A8DC2E7111FE70

Empire
2009-12-14, 19:07
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, December 14, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 14, 2009 12:35:21
Records in database: 3370395
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Program Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows

Scan statistics:
Objects scanned: 131943
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:09:03


File name / Threat / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

Blade81
2009-12-15, 11:21
Did you run a scan with updated MBAM yet?

Empire
2009-12-21, 13:06
Sorry it's a bit late i had issues with my pc not wanting to start up but it seems fixed now, also i used Spybot - Search & Destroy after getting it back on and it's removed 11 bugs.



Malwarebytes' Anti-Malware 1.42
Database version: 3399
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21/12/2009 11:01:38
mbam-log-2009-12-21 (11-01-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 290647
Time elapsed: 9 hour(s), 17 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\SelfDel.bat (Malware.Trace) -> No action taken.

Blade81
2009-12-21, 15:58
Hi,

Post a fresh dds log and let me know how's the system running now.

Blade81
2009-12-28, 16:36
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.