View Full Version : toseeka.com, icityfind.com, myclickcheck.su removal
My browser keeps re-directing me to those sites and I don't know how to fix this.
Sites- toseeka.com, icityfind.com, myclickcheck.su
Thanks!
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by AJC at 18:27:54.88 on 07/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3327.2645 [GMT -4:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
H:\Windows\system32\wininit.exe
H:\Windows\system32\lsm.exe
H:\Windows\system32\svchost.exe -k DcomLaunch
H:\Windows\system32\svchost.exe -k RPCSS
H:\Program Files\Microsoft Security Essentials\MsMpEng.exe
H:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
H:\Windows\system32\svchost.exe -k netsvcs
H:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
H:\Windows\system32\svchost.exe -k LocalService
H:\Windows\system32\svchost.exe -k NetworkService
H:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
H:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
H:\Windows\Explorer.EXE
H:\Windows\system32\ctfmon.exe
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Users\AJC\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Windows\system32\DllHost.exe
H:\Users\AJC\Desktop\dds.scr
H:\Windows\system32\conhost.exe
H:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - h:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - h:\program files\askbardis\bar\bin\askBar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Google Update] "h:\users\ajc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "x:\program files\steam\steam.exe" -silent
uRun: [AdobeBridge]
mRun: [SaiVolume] h:\program files\saitek\cyborgkeyboard\SaiVolume.exe
mRun: [EvtMgr6] h:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [StartCCC] "h:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSSE] "h:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRunOnce: [MessengerPlusLiveUninstall] "h:\users\ajc\appdata\local\temp\MsgPlusUninstall.exe" /Cleanup
dRun: [XBV6RD5SZF] h:\windows\temp\Yvh.exe
StartupFolder: h:\users\ajc\appdata\roaming\micros~1\windows\startm~1\programs\startup\zcinem~1.lnk - h:\users\ajc\appdata\roaming\microsoft\installer\{3d1a8e16-10a6-43e0-90be-0a0474a637a7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: C696E6B6379737 = 64.71.255.198
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - h:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
================= FIREFOX ===================
FF - ProfilePath - h:\users\ajc\appdata\roaming\mozilla\firefox\profiles\dsgmzn05.default\
FF - prefs.js: browser.startup.homepage - Custom Value
FF - plugin: h:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: h:\program files\google\picasa3\npPicasa3.dll
FF - plugin: h:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: h:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: h:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: h:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: h:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: h:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: h:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: h:\users\ajc\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\users\ajc\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: h:\users\ajc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: h:\users\ajc\appdata\roaming\mozilla\plugins\npoctoshape.dll
============= SERVICES / DRIVERS ===============
R1 vwififlt;Virtual WiFi Filter Driver;h:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;h:\windows\system32\drivers\netr73.sys [2010-2-24 562464]
R3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\drivers\Rt86win7.sys [2009-12-19 249888]
R3 SaiK0728;SaiK0728;h:\windows\system32\drivers\SaiK0728.sys [2008-1-21 104960]
S1 MpFilter;Microsoft Malware Protection Driver;h:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S2 AMD External Events Utility;AMD External Events Utility;h:\windows\system32\atiesrxx.exe [2010-7-6 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz132;cpuz132;h:\windows\system32\drivers\cpuz132_x32.sys [2010-2-1 12672]
S2 cpuz134;cpuz134;h:\windows\system32\drivers\cpuz134_x32.sys [2010-7-9 20328]
S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S2 SBSDWSCService;SBSD Security Center Service;h:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-2 1153368]
S3 amdkmdag;amdkmdag;h:\windows\system32\drivers\atikmdag.sys [2010-7-6 5882368]
S3 amdkmdap;amdkmdap;h:\windows\system32\drivers\atikmpag.sys [2010-7-6 210944]
S3 ATP;Comodo EasyVPN Miniport Driver;h:\windows\system32\drivers\cmdatp.sys [2010-5-8 17816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;h:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);h:\windows\system32\drivers\vrtaucbl.sys [2010-3-30 42496]
S3 MpNWMon;Microsoft Malware Protection Network Driver;h:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 StorSvc;Storage Service;h:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;h:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);h:\windows\system32\drivers\tap0901t.sys [2010-1-28 27136]
S3 TeamViewer5;TeamViewer 5;h:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
S3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;h:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver;h:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-8-22 18448]
S4 CrdphService;COMODO EasyVPN VNC Service;h:\program files\comodo\easyvpn\crdphService.exe [2010-3-29 491768]
S4 EasyVpnAdpt;COMODO EasyVPN Service;h:\program files\comodo\easyvpn\Vpnservice.exe [2010-3-29 45304]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;h:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;h:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);h:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 TunngleService;TunngleService;h:\program files\tunngle\TnglCtrl.exe [2010-1-28 704760]
=============== Created Last 30 ================
2010-09-07 19:16:16 0 d-----w- h:\windows\system32\appmgmt
2010-09-06 23:16:01 0 d-----w- h:\program files\Rockstar Games
2010-09-05 18:53:34 6656 ----a-w- h:\windows\system32\drivers\obrareqh.sys
2010-09-03 18:18:23 6656 ----a-w- h:\windows\system32\drivers\dulwxisb.sys
2010-09-02 23:53:28 0 d-----w- h:\users\ajc\appdata\roaming\ADBD422F993C28275135701D667A2E2F
2010-09-02 22:57:42 0 d-----w- h:\users\ajc\appdata\roaming\Malwarebytes
2010-09-02 22:57:33 0 d-----w- h:\programdata\Malwarebytes
2010-09-02 22:45:23 0 d-----w- h:\users\ajc\appdata\roaming\D5E2400660A9D7B06C129E93FC8A3E44
2010-09-02 22:27:22 0 d-sh--w- h:\users\ajc\.COMMgr
2010-08-26 18:09:22 0 d-----w- h:\users\ajc\appdata\roaming\fltk.org
2010-08-25 16:38:12 571904 ----a-w- h:\windows\system32\oleaut32.dll
2010-08-24 21:24:04 0 d-----w- h:\program files\Mozilla Firefox 4.0 Beta 4
2010-08-22 19:21:10 0 d-----w- h:\program files\Bethesda Softworks
2010-08-21 21:01:24 21840 ----atw- h:\windows\system32\SIntfNT.dll
2010-08-21 21:01:24 17212 ----atw- h:\windows\system32\SIntf32.dll
2010-08-21 21:01:23 12067 ----atw- h:\windows\system32\SIntf16.dll
2010-08-21 20:59:56 17829 ----a-w- h:\windows\DIIUnin.dat
2010-08-21 20:59:54 94208 ----a-w- h:\windows\DIIUnin.exe
2010-08-21 20:59:54 2829 ----a-w- h:\windows\DIIUnin.pif
2010-08-21 20:49:11 0 d-----w- h:\program files\Diablo II
2010-08-21 00:54:17 506368 ----a-w- h:\windows\system32\sqlite3.dll
2010-08-21 00:43:46 0 d-----w- h:\users\ajc\appdata\roaming\Rainmeter
2010-08-21 00:40:31 0 d-----w- h:\program files\Rainmeter
2010-08-19 22:43:08 65536 --sha-w- h:\users\ajc\ntuser.dat{1073172f-abe3-11df-96d5-002354521ff4}.TM.blf
2010-08-19 22:43:08 524288 --sha-w- h:\users\ajc\ntuser.dat{1073172f-abe3-11df-96d5-002354521ff4}.TMContainer00000000000000000002.regtrans-ms
2010-08-19 22:43:08 524288 --sha-w- h:\users\ajc\ntuser.dat{1073172f-abe3-11df-96d5-002354521ff4}.TMContainer00000000000000000001.regtrans-ms
2010-08-19 22:15:57 0 d-----w- h:\program files\Microsoft Security Essentials
2010-08-19 18:04:55 5 ----a-w- H:\zrpt.xml
2010-08-19 18:04:42 0 d-----w- h:\users\ajc\appdata\roaming\A7F0474077622C0165891DA251AB6CCB
2010-08-16 16:56:07 0 d-----w- h:\program files\HLDJ
2010-08-14 16:57:31 0 d-----w- h:\users\ajc\appdata\roaming\GameTuts
2010-08-14 15:55:55 0 d-----w- h:\program files\VLC
2010-08-11 00:17:57 0 d-----w- h:\program files\RAR Password Recovery Magic
==================== Find3M ====================
2010-08-30 23:19:01 218808 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-08-30 22:25:55 137256 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2010-07-31 16:45:59 286720 ----a-w- h:\windows\iun507.exe
2010-07-29 06:30:49 197632 ----a-w- h:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- h:\windows\system32\iccvid.dll
2010-07-07 01:55:08 15461888 ----a-w- h:\windows\system32\atioglxx.dll
2010-07-07 01:54:16 143360 ----a-w- h:\windows\system32\atiapfxx.exe
2010-07-07 01:54:08 513024 ----a-w- h:\windows\system32\aticfx32.dll
2010-07-07 01:51:30 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51:10 380928 ----a-w- h:\windows\system32\atieclxx.exe
2010-07-07 01:50:42 176128 ----a-w- h:\windows\system32\atiesrxx.exe
2010-07-07 01:49:42 159744 ----a-w- h:\windows\system32\atitmmxx.dll
2010-07-07 01:49:28 356352 ----a-w- h:\windows\system32\atipdlxx.dll
2010-07-07 01:49:18 278528 ----a-w- h:\windows\system32\Oemdspif.dll
2010-07-07 01:49:12 11776 ----a-w- h:\windows\system32\atimuixx.dll
2010-07-07 01:49:06 43520 ----a-w- h:\windows\system32\ati2edxx.dll
2010-07-07 01:46:26 3826688 ----a-w- h:\windows\system32\atidxx32.dll
2010-07-07 01:29:24 46080 ----a-w- h:\windows\system32\aticalrt.dll
2010-07-07 01:29:14 44032 ----a-w- h:\windows\system32\aticalcl.dll
2010-07-07 01:28:20 3975680 ----a-w- h:\windows\system32\atiumdag.dll
2010-07-07 01:27:58 4323840 ----a-w- h:\windows\system32\aticaldd.dll
2010-07-07 01:24:32 50176 ----a-w- h:\windows\system32\coinst.dll
2010-07-07 01:23:14 3058688 ----a-w- h:\windows\system32\atiumdva.dll
2010-07-07 01:16:00 237568 ----a-w- h:\windows\system32\atiadlxx.dll
2010-07-07 01:15:50 12800 ----a-w- h:\windows\system32\atiglpxx.dll
2010-07-07 01:15:46 16896 ----a-w- h:\windows\system32\atigktxx.dll
2010-07-07 01:14:58 30208 ----a-w- h:\windows\system32\atiuxpag.dll
2010-07-07 01:14:44 22528 ----a-w- h:\windows\system32\atiu9pag.dll
2010-07-07 01:11:06 52736 ----a-w- h:\windows\system32\atimpc32.dll
2010-07-07 01:11:06 52736 ----a-w- h:\windows\system32\amdpcom32.dll
2010-06-30 06:25:31 978432 ----a-w- h:\windows\system32\wininet.dll
2010-06-20 16:12:27 87608 ----a-w- h:\users\ajc\appdata\roaming\inst.exe
2010-06-20 16:12:27 47360 ----a-w- h:\users\ajc\appdata\roaming\pcouffin.sys
2010-06-19 06:33:29 3955080 ----a-w- h:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- h:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- h:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- h:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- h:\windows\system32\schannel.dll
2010-06-15 22:28:58 2857 ----a-w- h:\windows\system32\atipblag.dat
2010-03-20 01:59:20 40019 ----a-w- h:\program files\LICENSE.txt
2010-03-20 01:56:04 27136 ----a-w- h:\program files\pythonw.exe
2010-03-20 01:53:26 26624 ----a-w- h:\program files\python.exe
2010-03-20 01:52:16 49664 ----a-w- h:\program files\w9xpopen.exe
2010-03-19 20:51:58 56188 ----a-w- h:\program files\README.txt
2010-03-19 20:51:54 165575 ----a-w- h:\program files\NEWS.txt
2009-07-14 04:56:42 31548 ----a-w- h:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- h:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- h:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- h:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- h:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- h:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- h:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- h:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- h:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- h:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- h:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 18:28:32.50 ===============
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply
Thanks peku006
As I posted this it redirected me to one of those sites again :(
ComboFix 10-09-09.04 - AJC 11/09/2010 11:40:19.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3327.2379 [GMT -4:00]
Running from: h:\users\AJC\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\users\AJC\.COMMgr
h:\users\AJC\AppData\Local\Windows Server
h:\users\AJC\AppData\Local\Windows Server\server.dat
h:\users\AJC\AppData\Local\Windows Server\uses32.dat
h:\users\AJC\AppData\Roaming\A7F0474077622C0165891DA251AB6CCB
h:\users\AJC\AppData\Roaming\A7F0474077622C0165891DA251AB6CCB\enemies-names.txt
h:\users\AJC\AppData\Roaming\A7F0474077622C0165891DA251AB6CCB\local.ini
h:\users\AJC\AppData\Roaming\ADBD422F993C28275135701D667A2E2F
h:\users\AJC\AppData\Roaming\ADBD422F993C28275135701D667A2E2F\enemies-names.txt
h:\users\AJC\AppData\Roaming\ADBD422F993C28275135701D667A2E2F\local.ini
h:\users\AJC\AppData\Roaming\D5E2400660A9D7B06C129E93FC8A3E44
h:\users\AJC\AppData\Roaming\D5E2400660A9D7B06C129E93FC8A3E44\enemies-names.txt
h:\users\AJC\AppData\Roaming\D5E2400660A9D7B06C129E93FC8A3E44\local.ini
h:\users\AJC\AppData\Roaming\D5E2400660A9D7B06C129E93FC8A3E44\mediafix70700en02.exe
h:\users\AJC\AppData\Roaming\inst.exe
h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
h:\users\AJC\AppData\Roaming\SQLite3.dll
h:\windows\system32\Winlogon
I:\install.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-11 15:33 . 2010-09-11 15:34 -------- d-----w- H:\32788R22FWJFW
2010-09-07 22:14 . 2010-09-07 22:15 -------- d-----w- h:\program files\ERUNT
2010-09-06 23:16 . 2010-09-06 23:16 -------- d-----w- h:\program files\Rockstar Games
2010-09-05 18:53 . 2010-09-05 18:53 6656 ----a-w- h:\windows\system32\drivers\obrareqh.sys
2010-09-03 18:35 . 2010-09-03 18:35 46852 ----a-w- h:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-03 18:18 . 2010-09-03 18:18 6656 ----a-w- h:\windows\system32\drivers\dulwxisb.sys
2010-09-02 23:05 . 2010-09-02 23:05 143360 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B169B5C-01D5-04C7-85AB-1FEB88F9D72C}-sdra64.exe
2010-09-02 22:57 . 2010-09-02 22:57 -------- d-----w- h:\users\AJC\AppData\Roaming\Malwarebytes
2010-09-02 22:57 . 2010-09-02 22:57 -------- d-----w- h:\programdata\Malwarebytes
2010-09-02 22:51 . 2010-09-02 22:51 143360 ----a-w- h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{691005D0-A85C-481A-AEC3-3BC0EEF22938}-sdra64.exe
2010-08-28 17:37 . 2010-07-16 09:38 836096 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\pmv307a-1007160-0-libOctoshapeClient.dll
2010-08-28 17:37 . 2010-02-17 16:19 71960 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
2010-08-28 17:37 . 2010-02-17 16:19 420352 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll
2010-08-28 17:37 . 2010-02-17 16:19 124184 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-apoctoshape.dll
2010-08-26 18:09 . 2010-08-26 18:09 -------- d-----w- h:\users\AJC\AppData\Roaming\fltk.org
2010-08-25 16:38 . 2010-04-07 07:10 571904 ----a-w- h:\windows\system32\oleaut32.dll
2010-08-24 21:24 . 2010-08-24 21:24 -------- d-----w- h:\program files\Mozilla Firefox 4.0 Beta 4
2010-08-22 23:14 . 2010-08-28 20:13 -------- d-----w- h:\users\AJC\AppData\Roaming\vlc
2010-08-22 19:45 . 2010-08-22 19:18 147456 ----a-w- h:\users\AJC\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- h:\users\AJC\AppData\Roaming\InstallShield Installation Information
2010-08-22 19:21 . 2008-08-15 18:31 121064 ----a-r- h:\users\AJC\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- h:\program files\Bethesda Softworks
2010-08-21 21:01 . 2010-08-21 21:02 21840 ----atw- h:\windows\system32\SIntfNT.dll
2010-08-21 21:01 . 2010-08-21 21:02 17212 ----atw- h:\windows\system32\SIntf32.dll
2010-08-21 21:01 . 2010-08-21 21:02 12067 ----atw- h:\windows\system32\SIntf16.dll
2010-08-21 20:59 . 2010-08-21 20:59 17829 ----a-w- h:\windows\DIIUnin.dat
2010-08-21 20:59 . 2010-08-21 20:59 94208 ----a-w- h:\windows\DIIUnin.exe
2010-08-21 20:59 . 2010-08-21 20:59 2829 ----a-w- h:\windows\DIIUnin.pif
2010-08-21 20:49 . 2010-08-21 20:59 -------- d-----w- h:\program files\Diablo II
2010-08-21 00:54 . 2010-01-06 17:13 506368 ----a-w- h:\windows\system32\sqlite3.dll
2010-08-21 00:43 . 2010-08-21 00:50 -------- d-----w- h:\users\AJC\AppData\Roaming\Rainmeter
2010-08-21 00:40 . 2010-08-21 00:40 -------- d-----w- h:\program files\Rainmeter
2010-08-19 23:30 . 2010-08-19 23:30 -------- d-----w- h:\users\AJC\AppData\Local\PITTSKATERG
2010-08-19 22:15 . 2010-08-19 22:50 -------- d-----w- h:\program files\Microsoft Security Essentials
2010-08-16 16:56 . 2010-09-06 18:16 -------- d-----w- h:\program files\HLDJ
2010-08-14 16:57 . 2010-08-14 16:57 -------- d-----w- h:\users\AJC\AppData\Roaming\GameTuts
2010-08-14 16:38 . 2010-08-14 16:38 -------- d-----w- h:\users\AJC\AppData\Local\GameTuts
2010-08-14 16:35 . 2010-09-02 23:25 -------- d-----w- h:\users\AJC\AppData\Local\_
2010-08-14 15:55 . 2010-08-22 22:47 -------- d-----w- h:\program files\VLC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 19:19 . 2010-01-29 04:41 0 ----a-w- h:\windows\system32\Access.dat
2010-09-07 19:16 . 2010-03-05 02:15 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2010-09-07 19:09 . 2010-07-08 02:59 -------- d-----w- h:\program files\UDK
2010-09-07 19:08 . 2010-03-07 02:18 -------- d-----w- h:\users\AJC\AppData\Roaming\HLSW
2010-09-07 18:13 . 2010-04-17 15:54 -------- d-----w- h:\program files\FRAPS
2010-09-06 23:16 . 2010-01-03 23:58 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-09-06 23:15 . 2010-01-03 01:08 -------- d-----w- h:\users\AJC\AppData\Roaming\uTorrent
2010-09-04 01:05 . 2010-01-03 01:00 -------- d-----w- h:\users\AJC\AppData\Roaming\Skype
2010-09-03 20:04 . 2010-01-03 01:01 -------- d-----w- h:\users\AJC\AppData\Roaming\skypePM
2010-09-01 18:40 . 2010-02-26 00:23 -------- d-----w- h:\users\AJC\AppData\Roaming\Audacity
2010-08-30 23:19 . 2010-01-03 22:54 218808 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-08-30 22:25 . 2010-01-03 22:55 137256 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2010-08-29 21:05 . 2010-01-03 01:08 -------- d-----w- h:\program files\uTorrent
2010-08-29 01:58 . 2010-01-03 01:06 -------- d-----w- h:\users\AJC\AppData\Roaming\Media Player Classic
2010-08-27 16:52 . 2010-07-31 23:12 62464 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-08-27 16:52 . 2010-07-31 23:12 59392 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-08-27 16:52 . 2010-07-31 23:12 273920 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-08-27 16:52 . 2010-07-31 23:12 195072 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-08-27 16:52 . 2010-07-31 23:12 193024 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-08-27 16:52 . 2010-07-31 23:12 108032 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-08-27 16:52 . 2010-07-31 23:12 65024 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-08-27 16:52 . 2010-07-31 23:12 61952 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-08-27 16:52 . 2010-08-01 16:44 -------- d-----w- h:\program files\MineCraft
2010-08-27 16:36 . 2010-01-03 00:58 -------- d-----w- h:\program files\Google
2010-08-23 23:57 . 2010-03-02 22:04 -------- d-----w- h:\program files\Opera
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Sidebar
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Portable Devices
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Photo Viewer
2010-08-20 02:41 . 2010-01-03 01:09 -------- d-----w- h:\users\AJC\AppData\Roaming\Winamp
2010-08-20 02:40 . 2010-06-25 23:38 -------- d-----w- h:\programdata\Panda Security
2010-08-20 00:27 . 2010-04-18 16:22 -------- d-----w- h:\users\AJC\AppData\Roaming\TeraCopy
2010-08-19 22:53 . 2010-05-05 22:04 -------- d-----w- h:\program files\Rigs of Rods
2010-08-19 22:52 . 2010-03-10 21:19 -------- d-----w- h:\program files\Panda Security
2010-08-19 22:47 . 2010-07-07 14:37 -------- d-----w- h:\program files\Mozilla Firefox 4.0 Beta 1
2010-08-11 22:30 . 2010-01-05 23:11 -------- d-----w- h:\programdata\Microsoft Help
2010-08-11 00:17 . 2010-08-11 00:17 -------- d-----w- h:\program files\RAR Password Recovery Magic
2010-08-09 01:03 . 2010-03-07 00:28 -------- d-----w- h:\users\AJC\AppData\Roaming\FileZilla
2010-08-07 02:17 . 2010-07-28 22:18 -------- d-----w- h:\program files\Common Files\Blizzard Entertainment
2010-08-07 01:03 . 2010-08-07 00:32 -------- d-----w- h:\users\AJC\AppData\Roaming\foobar2000
2010-08-07 00:46 . 2010-08-07 00:32 -------- d-----w- h:\program files\foobar2000
2010-08-04 18:15 . 2010-01-12 02:26 -------- d-----w- h:\program files\Starcraft
2010-08-02 15:16 . 2010-08-02 15:15 -------- d-----w- h:\program files\iTunes
2010-08-02 15:15 . 2010-08-02 15:15 -------- d-----w- h:\program files\iPod
2010-08-02 15:15 . 2010-02-02 01:46 -------- d-----w- h:\program files\Common Files\Apple
2010-08-02 15:13 . 2010-08-02 15:13 73000 ----a-w- h:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-31 23:13 . 2010-01-23 03:16 -------- d-----w- h:\users\AJC\AppData\Roaming\.minecraft
2010-07-31 21:20 . 2010-06-23 00:29 -------- d-----w- h:\users\AJC\AppData\Roaming\dvdcss
2010-07-31 16:45 . 2010-07-31 16:46 286720 ----a-w- h:\windows\iun507.exe
2010-07-29 06:30 . 2010-08-11 17:05 197632 ----a-w- h:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 17:05 82944 ----a-w- h:\windows\system32\iccvid.dll
2010-07-29 00:01 . 2010-07-29 00:01 -------- d-----w- h:\programdata\ATI
2010-07-29 00:00 . 2010-02-06 03:39 -------- d-----w- h:\program files\ATI Technologies
2010-07-28 22:53 . 2010-07-28 22:18 -------- d-----w- h:\programdata\Blizzard Entertainment
2010-07-23 18:34 . 2010-07-23 18:33 205984 ----a-w- h:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-07-23 18:34 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft Visual Studio 10.0
2010-07-23 17:48 . 2010-07-23 17:44 -------- d-----w- h:\program files\Microsoft SQL Server
2010-07-23 17:47 . 2010-07-23 17:47 -------- d-----w- h:\program files\Microsoft Visual Studio 9.0
2010-07-23 17:46 . 2010-01-05 23:12 -------- d-----w- h:\program files\Microsoft.NET
2010-07-23 17:44 . 2010-07-23 17:44 -------- d-----w- h:\program files\Microsoft Synchronization Services
2010-07-23 17:44 . 2010-01-09 02:24 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition
2010-07-23 17:43 . 2010-07-23 17:43 112832 ----a-w- h:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft Help Viewer
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft SDKs
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Common Files\Merge Modules
2010-07-23 17:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\MSBuild
2010-07-20 01:32 . 2010-07-20 01:32 10134 ----a-r- h:\users\AJC\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-07-20 01:32 . 2010-07-20 01:32 -------- d-----w- h:\program files\AMD
2010-07-18 17:28 . 2010-01-03 01:09 -------- d-----w- h:\program files\Winamp
2010-07-18 17:27 . 2010-01-03 01:09 -------- d-----w- h:\program files\Winamp Detect
2010-07-15 12:41 . 2010-05-09 23:32 -------- d-----w- h:\users\AJC\AppData\Roaming\OpenDNS Updater
2010-07-09 17:18 . 2010-07-09 17:00 20328 ----a-w- h:\windows\system32\drivers\cpuz134_x32.sys
2010-07-07 14:37 . 2010-07-07 14:37 0 ----a-w- h:\windows\nsreg.dat
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- h:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- h:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- h:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2009-12-11 20:35 513024 ----a-w- h:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- h:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- h:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- h:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- h:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- h:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- h:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- h:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2009-11-25 03:12 3826688 ----a-w- h:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- h:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- h:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- h:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- h:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2009-12-11 20:11 50176 ----a-w- h:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- h:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- h:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- h:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- h:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- h:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2009-12-11 19:50 30208 ----a-w- h:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-05-05 01:22 22528 ----a-w- h:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- h:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- h:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- h:\windows\system32\amdpcom32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- h:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- h:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- h:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-16 135664]
"Steam"="x:\program files\steam\steam.exe" [2010-08-24 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiVolume"="h:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"EvtMgr6"="h:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"MSSE"="h:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Z Cinema.lnk - h:\users\AJC\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe [2010-5-18 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- h:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=h:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=h:\windows\pss\Rainmeter.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=h:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
h:\windows\system32\WinLogon\WinLogon [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
h:\windows\system32\WinLogon\WinLogon [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- h:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- h:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- h:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 17:53 77824 ----a-w- h:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 16:51 202024 ----a-w- h:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-13 21:17 323392 ----a-w- h:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo EasyVPN]
2010-04-14 05:18 5087480 ----a-w- h:\program files\COMODO\EasyVPN\EasyVPN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- h:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- h:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- h:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2010-03-24 14:42 6657312 ----a-w- h:\program files\Livestream Procaster\Procaster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 13:25 1828136 ----a-w- h:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- h:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 ----a-w- h:\program files\OpenDNS Updater\OpenDNSUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2008-01-18 22:35 233472 ----a-w- h:\program files\Saitek\SD6\Software\ProfilerU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- h:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2008-01-18 22:36 131072 ----a-w- h:\program files\Saitek\SD6\Software\SaiMfd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- h:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- h:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- h:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 19:27 762736 ----a-w- h:\windows\vVX1000.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 ATP;Comodo EasyVPN Miniport Driver;h:\windows\system32\DRIVERS\cmdatp.sys [2010-03-26 17816]
R3 GarenaPEngine;GarenaPEngine;h:\users\AJC\AppData\Local\Temp\PWHAB38.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;h:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 SwitchBoard;Adobe SwitchBoard;h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);h:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TeamViewer5;TeamViewer 5;h:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;h:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 CrdphService;COMODO EasyVPN VNC Service;h:\program files\COMODO\EasyVPN\crdphService.exe [2010-03-29 491768]
R4 EasyVpnAdpt;COMODO EasyVPN Service;h:\program files\COMODO\EasyVPN\Vpnservice.exe [2010-03-29 45304]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;h:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;h:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;h:\windows\system32\Drivers\sptd.sys [2010-06-24 721904]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);h:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 TunngleService;TunngleService;h:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S1 VBoxDrv;VirtualBox Service;h:\windows\system32\DRIVERS\VBoxDrv.sys [2010-05-10 123856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;h:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-05-10 41680]
S1 vwififlt;Virtual WiFi Filter Driver;h:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;h:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 cpuz134;cpuz134;h:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;h:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;h:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);h:\windows\system32\DRIVERS\vrtaucbl.sys [2007-05-15 42496]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;h:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]
S3 SaiK0728;SaiK0728;h:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 104960]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;h:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-05-10 99728]
S3 VBoxNetFlt;VBoxNetFlt Service;h:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-05-10 110608]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver;h:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-08-22 18448]
.
Contents of the 'Scheduled Tasks' folder
2010-09-11 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-03 02:37]
2010-09-11 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-07 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-06 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463480951-1125009390-1434497464-1001Core.job
- h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-11 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463480951-1125009390-1434497464-1001UA.job
- h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: C696E6B6379737 = 64.71.255.198
FF - ProfilePath - h:\users\AJC\AppData\Roaming\Mozilla\Firefox\Profiles\dsgmzn05.default\
FF - prefs.js: browser.startup.homepage - Custom Value
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: h:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: h:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: h:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: h:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: h:\users\AJC\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-PSUNMain - h:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
MSConfigStartUp-SUPERAntiSpyware - h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-WinampAgent - h:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\h:\users\AJC\AppData\Local\Temp\PWHAB38.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2463480951-1125009390-1434497464-1001\Software\SecuROM\License information*]
"datasecu"=hex:6f,14,a2,74,0c,6e,08,41,4e,a9,2d,bd,8c,ab,84,2c,51,59,93,b4,c9,
0b,7a,f6,61,05,e2,9f,5d,2c,e6,f6,58,0f,93,45,e1,df,f6,db,66,a2,8a,9b,b7,3f,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-11 11:53:17
ComboFix-quarantined-files.txt 2010-09-11 15:53
Pre-Run: 108,786,421,760 bytes free
Post-Run: 108,739,534,848 bytes free
- - End Of File - - F967BCDE1E8A11CA510E3E2D1D45EC3D
Hi AJC01
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
FrostWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
After that:
Run CFScript
Open Notepad and copy/paste the text in the box into the window:
File::
H:\32788R22FWJFW
h:\windows\system32\drivers\obrareqh.sys
h:\windows\system32\drivers\dulwxisb.sys
h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B169B5C-01D5-04C7-85AB-1FEB88F9D72C}-sdra64.exe
h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{691005D0-A85C-481A-AEC3-3BC0EEF22938}-sdra64.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8162357c-90b6-4fe2-8c0d-7bed545d809b}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Download and Run Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop. If needed...Tutorial w/screenshots (http://thespykiller.co.uk/index.php/topic,5946.0.html)
Alternate download sites available here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or here (http://www.besttechie.net/tools/mbam-setup.exe).
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Problems downloading the updates? Manually download them from here (http://malwarebytes.gt500.org/mbam-rules.exe) and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
ComboFix 10-09-09.04 - AJC 12/09/2010 11:13:12.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.3327.2181 [GMT -4:00]
Running from: h:\users\AJC\Desktop\ComboFix.exe
Command switches used :: h:\users\AJC\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
FILE ::
"H:\32788R22FWJFW"
"h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{691005D0-A85C-481A-AEC3-3BC0EEF22938}-sdra64.exe"
"h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B169B5C-01D5-04C7-85AB-1FEB88F9D72C}-sdra64.exe"
"h:\windows\system32\drivers\dulwxisb.sys"
"h:\windows\system32\drivers\obrareqh.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{691005D0-A85C-481A-AEC3-3BC0EEF22938}-sdra64.exe
h:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6B169B5C-01D5-04C7-85AB-1FEB88F9D72C}-sdra64.exe
h:\windows\system32\drivers\dulwxisb.sys
h:\windows\system32\drivers\obrareqh.sys
.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.
2010-09-12 15:21 . 2010-09-12 15:22 -------- d-----w- h:\users\AJC\AppData\Local\temp
2010-09-12 15:21 . 2010-09-12 15:21 -------- d-----w- h:\users\Public\AppData\Local\temp
2010-09-12 15:21 . 2010-09-12 15:21 -------- d-----w- h:\users\Mcx1-AJC-PC\AppData\Local\temp
2010-09-12 15:21 . 2010-09-12 15:21 -------- d-----w- h:\users\Default\AppData\Local\temp
2010-09-07 22:14 . 2010-09-07 22:15 -------- d-----w- h:\program files\ERUNT
2010-09-06 23:16 . 2010-09-06 23:16 -------- d-----w- h:\program files\Rockstar Games
2010-09-03 18:35 . 2010-09-03 18:35 46852 ----a-w- h:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-02 22:57 . 2010-09-02 22:57 -------- d-----w- h:\users\AJC\AppData\Roaming\Malwarebytes
2010-09-02 22:57 . 2010-09-02 22:57 -------- d-----w- h:\programdata\Malwarebytes
2010-08-28 17:37 . 2010-07-16 09:38 836096 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\pmv307a-1007160-0-libOctoshapeClient.dll
2010-08-28 17:37 . 2010-02-17 16:19 71960 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
2010-08-28 17:37 . 2010-02-17 16:19 420352 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll
2010-08-28 17:37 . 2010-02-17 16:19 124184 ----a-w- h:\users\AJC\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-apoctoshape.dll
2010-08-26 18:09 . 2010-08-26 18:09 -------- d-----w- h:\users\AJC\AppData\Roaming\fltk.org
2010-08-25 16:38 . 2010-04-07 07:10 571904 ----a-w- h:\windows\system32\oleaut32.dll
2010-08-24 21:24 . 2010-08-24 21:24 -------- d-----w- h:\program files\Mozilla Firefox 4.0 Beta 4
2010-08-22 23:14 . 2010-08-28 20:13 -------- d-----w- h:\users\AJC\AppData\Roaming\vlc
2010-08-22 19:45 . 2010-08-22 19:18 147456 ----a-w- h:\users\AJC\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- h:\users\AJC\AppData\Roaming\InstallShield Installation Information
2010-08-22 19:21 . 2008-08-15 18:31 121064 ----a-r- h:\users\AJC\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe
2010-08-22 19:21 . 2010-08-22 19:21 -------- d-----w- h:\program files\Bethesda Softworks
2010-08-21 21:01 . 2010-08-21 21:02 21840 ----atw- h:\windows\system32\SIntfNT.dll
2010-08-21 21:01 . 2010-08-21 21:02 17212 ----atw- h:\windows\system32\SIntf32.dll
2010-08-21 21:01 . 2010-08-21 21:02 12067 ----atw- h:\windows\system32\SIntf16.dll
2010-08-21 20:59 . 2010-08-21 20:59 17829 ----a-w- h:\windows\DIIUnin.dat
2010-08-21 20:59 . 2010-08-21 20:59 94208 ----a-w- h:\windows\DIIUnin.exe
2010-08-21 20:59 . 2010-08-21 20:59 2829 ----a-w- h:\windows\DIIUnin.pif
2010-08-21 20:49 . 2010-08-21 20:59 -------- d-----w- h:\program files\Diablo II
2010-08-21 00:54 . 2010-01-06 17:13 506368 ----a-w- h:\windows\system32\sqlite3.dll
2010-08-21 00:43 . 2010-08-21 00:50 -------- d-----w- h:\users\AJC\AppData\Roaming\Rainmeter
2010-08-21 00:40 . 2010-08-21 00:40 -------- d-----w- h:\program files\Rainmeter
2010-08-19 23:30 . 2010-08-19 23:30 -------- d-----w- h:\users\AJC\AppData\Local\PITTSKATERG
2010-08-19 22:15 . 2010-08-19 22:50 -------- d-----w- h:\program files\Microsoft Security Essentials
2010-08-16 16:56 . 2010-09-06 18:16 -------- d-----w- h:\program files\HLDJ
2010-08-14 16:57 . 2010-08-14 16:57 -------- d-----w- h:\users\AJC\AppData\Roaming\GameTuts
2010-08-14 16:38 . 2010-08-14 16:38 -------- d-----w- h:\users\AJC\AppData\Local\GameTuts
2010-08-14 16:35 . 2010-09-02 23:25 -------- d-----w- h:\users\AJC\AppData\Local\_
2010-08-14 15:55 . 2010-08-22 22:47 -------- d-----w- h:\program files\VLC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 15:53 . 2010-04-17 15:54 -------- d-----w- h:\program files\FRAPS
2010-09-07 19:19 . 2010-01-29 04:41 0 ----a-w- h:\windows\system32\Access.dat
2010-09-07 19:16 . 2010-03-05 02:15 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2010-09-07 19:09 . 2010-07-08 02:59 -------- d-----w- h:\program files\UDK
2010-09-07 19:08 . 2010-03-07 02:18 -------- d-----w- h:\users\AJC\AppData\Roaming\HLSW
2010-09-06 23:16 . 2010-01-03 23:58 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-09-04 01:05 . 2010-01-03 01:00 -------- d-----w- h:\users\AJC\AppData\Roaming\Skype
2010-09-03 20:04 . 2010-01-03 01:01 -------- d-----w- h:\users\AJC\AppData\Roaming\skypePM
2010-09-01 18:40 . 2010-02-26 00:23 -------- d-----w- h:\users\AJC\AppData\Roaming\Audacity
2010-08-30 23:19 . 2010-01-03 22:54 218808 ----a-w- h:\windows\system32\PnkBstrB.exe
2010-08-30 22:25 . 2010-01-03 22:55 137256 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2010-08-29 01:58 . 2010-01-03 01:06 -------- d-----w- h:\users\AJC\AppData\Roaming\Media Player Classic
2010-08-27 16:52 . 2010-07-31 23:12 62464 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-08-27 16:52 . 2010-07-31 23:12 59392 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
2010-08-27 16:52 . 2010-07-31 23:12 273920 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-08-27 16:52 . 2010-07-31 23:12 195072 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-08-27 16:52 . 2010-07-31 23:12 193024 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
2010-08-27 16:52 . 2010-07-31 23:12 108032 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
2010-08-27 16:52 . 2010-07-31 23:12 65024 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-08-27 16:52 . 2010-07-31 23:12 61952 ----a-w- h:\users\AJC\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
2010-08-27 16:52 . 2010-08-01 16:44 -------- d-----w- h:\program files\MineCraft
2010-08-27 16:36 . 2010-01-03 00:58 -------- d-----w- h:\program files\Google
2010-08-23 23:57 . 2010-03-02 22:04 -------- d-----w- h:\program files\Opera
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Sidebar
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Portable Devices
2010-08-20 02:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\Windows Photo Viewer
2010-08-20 02:41 . 2010-01-03 01:09 -------- d-----w- h:\users\AJC\AppData\Roaming\Winamp
2010-08-20 02:40 . 2010-06-25 23:38 -------- d-----w- h:\programdata\Panda Security
2010-08-20 00:27 . 2010-04-18 16:22 -------- d-----w- h:\users\AJC\AppData\Roaming\TeraCopy
2010-08-19 22:53 . 2010-05-05 22:04 -------- d-----w- h:\program files\Rigs of Rods
2010-08-19 22:52 . 2010-03-10 21:19 -------- d-----w- h:\program files\Panda Security
2010-08-19 22:47 . 2010-07-07 14:37 -------- d-----w- h:\program files\Mozilla Firefox 4.0 Beta 1
2010-08-11 22:30 . 2010-01-05 23:11 -------- d-----w- h:\programdata\Microsoft Help
2010-08-11 00:17 . 2010-08-11 00:17 -------- d-----w- h:\program files\RAR Password Recovery Magic
2010-08-09 01:03 . 2010-03-07 00:28 -------- d-----w- h:\users\AJC\AppData\Roaming\FileZilla
2010-08-07 02:17 . 2010-07-28 22:18 -------- d-----w- h:\program files\Common Files\Blizzard Entertainment
2010-08-07 01:03 . 2010-08-07 00:32 -------- d-----w- h:\users\AJC\AppData\Roaming\foobar2000
2010-08-07 00:46 . 2010-08-07 00:32 -------- d-----w- h:\program files\foobar2000
2010-08-04 18:15 . 2010-01-12 02:26 -------- d-----w- h:\program files\Starcraft
2010-08-02 15:16 . 2010-08-02 15:15 -------- d-----w- h:\program files\iTunes
2010-08-02 15:15 . 2010-08-02 15:15 -------- d-----w- h:\program files\iPod
2010-08-02 15:15 . 2010-02-02 01:46 -------- d-----w- h:\program files\Common Files\Apple
2010-08-02 15:13 . 2010-08-02 15:13 73000 ----a-w- h:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-31 23:13 . 2010-01-23 03:16 -------- d-----w- h:\users\AJC\AppData\Roaming\.minecraft
2010-07-31 21:20 . 2010-06-23 00:29 -------- d-----w- h:\users\AJC\AppData\Roaming\dvdcss
2010-07-31 16:45 . 2010-07-31 16:46 286720 ----a-w- h:\windows\iun507.exe
2010-07-29 06:30 . 2010-08-11 17:05 197632 ----a-w- h:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 17:05 82944 ----a-w- h:\windows\system32\iccvid.dll
2010-07-29 00:01 . 2010-07-29 00:01 -------- d-----w- h:\programdata\ATI
2010-07-29 00:00 . 2010-02-06 03:39 -------- d-----w- h:\program files\ATI Technologies
2010-07-28 22:53 . 2010-07-28 22:18 -------- d-----w- h:\programdata\Blizzard Entertainment
2010-07-23 18:34 . 2010-07-23 18:33 205984 ----a-w- h:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-07-23 18:34 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft Visual Studio 10.0
2010-07-23 17:48 . 2010-07-23 17:44 -------- d-----w- h:\program files\Microsoft SQL Server
2010-07-23 17:47 . 2010-07-23 17:47 -------- d-----w- h:\program files\Microsoft Visual Studio 9.0
2010-07-23 17:46 . 2010-01-05 23:12 -------- d-----w- h:\program files\Microsoft.NET
2010-07-23 17:44 . 2010-07-23 17:44 -------- d-----w- h:\program files\Microsoft Synchronization Services
2010-07-23 17:44 . 2010-01-09 02:24 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition
2010-07-23 17:43 . 2010-07-23 17:43 112832 ----a-w- h:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft Help Viewer
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Microsoft SDKs
2010-07-23 17:41 . 2010-07-23 17:41 -------- d-----w- h:\program files\Common Files\Merge Modules
2010-07-23 17:41 . 2009-07-14 04:52 -------- d-----w- h:\program files\MSBuild
2010-07-20 01:32 . 2010-07-20 01:32 10134 ----a-r- h:\users\AJC\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-07-20 01:32 . 2010-07-20 01:32 -------- d-----w- h:\program files\AMD
2010-07-18 17:28 . 2010-01-03 01:09 -------- d-----w- h:\program files\Winamp
2010-07-18 17:27 . 2010-01-03 01:09 -------- d-----w- h:\program files\Winamp Detect
2010-07-15 12:41 . 2010-05-09 23:32 -------- d-----w- h:\users\AJC\AppData\Roaming\OpenDNS Updater
2010-07-09 17:18 . 2010-07-09 17:00 20328 ----a-w- h:\windows\system32\drivers\cpuz134_x32.sys
2010-07-07 14:37 . 2010-07-07 14:37 0 ----a-w- h:\windows\nsreg.dat
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- h:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- h:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- h:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2009-12-11 20:35 513024 ----a-w- h:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- h:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- h:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- h:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- h:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- h:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- h:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- h:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2009-11-25 03:12 3826688 ----a-w- h:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- h:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- h:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- h:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- h:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2009-12-11 20:11 50176 ----a-w- h:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- h:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- h:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- h:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- h:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- h:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2009-12-11 19:50 30208 ----a-w- h:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-05-05 01:22 22528 ----a-w- h:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- h:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- h:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- h:\windows\system32\amdpcom32.dll
2010-06-30 06:25 . 2010-08-11 17:05 978432 ----a-w- h:\windows\system32\wininet.dll
2010-06-24 17:49 . 2010-06-24 17:49 721904 ----a-w- h:\windows\system32\drivers\sptd.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- h:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- h:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-09-11_15.51.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 00:36 . 2010-09-12 15:05 52046 h:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-01-03 00:36 . 2010-09-11 15:37 52046 h:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-01-03 02:59 . 2010-09-11 15:35 65536 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-03 02:59 . 2010-09-12 15:03 65536 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 16:26 . 2010-09-11 15:52 32768 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-09-06 16:26 . 2010-09-06 16:13 32768 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-09-12 15:03 98304 h:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-11 15:35 98304 h:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:05 16384 h:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:38 16384 h:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:05 32768 h:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:38 32768 h:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:38 16384 h:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:05 16384 h:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:04 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:35 16384 h:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-04 20:25 . 2010-09-11 15:39 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-04 20:25 . 2010-09-12 15:12 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-04 20:25 . 2010-09-11 15:39 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-04 20:25 . 2010-09-12 15:12 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-04 20:25 . 2010-09-11 15:39 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-04 20:25 . 2010-09-12 15:12 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:39 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:12 32768 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-03 00:09 . 2010-09-11 15:35 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 00:09 . 2010-09-12 15:04 16384 h:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-11 15:35 . 2010-09-11 15:35 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-12 15:03 . 2010-09-12 15:03 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-11 15:35 . 2010-09-11 15:35 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-12 15:03 . 2010-09-12 15:03 2048 h:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-03 00:08 . 2010-09-11 15:36 262144 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-03 00:08 . 2010-09-11 15:52 262144 h:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:03 . 2010-09-12 15:18 7077888 h:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-09-06 16:27 7077888 h:\windows\System32\SMI\Store\Machine\schema.dat
- 2010-01-03 02:59 . 2010-09-11 15:35 1818624 h:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 02:59 . 2010-09-12 15:03 1818624 h:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 17:58 333192 ----a-w- h:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "h:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 85768 ----a-w- h:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-16 135664]
"Steam"="x:\program files\steam\steam.exe" [2010-08-24 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiVolume"="h:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 126976]
"EvtMgr6"="h:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"MSSE"="h:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Z Cinema.lnk - h:\users\AJC\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe [2010-5-18 172032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- h:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=h:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=h:\windows\pss\Rainmeter.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\H:^Users^AJC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=h:\users\AJC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=h:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
h:\windows\system32\WinLogon\WinLogon [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
h:\windows\system32\WinLogon\WinLogon [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- h:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- h:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- h:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 17:53 77824 ----a-w- h:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 16:51 202024 ----a-w- h:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo EasyVPN]
2010-04-14 05:18 5087480 ----a-w- h:\program files\COMODO\EasyVPN\EasyVPN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- h:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- h:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- h:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2010-03-24 14:42 6657312 ----a-w- h:\program files\Livestream Procaster\Procaster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 15:16 1820040 ----a-w- h:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 13:25 1828136 ----a-w- h:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- h:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 ----a-w- h:\program files\OpenDNS Updater\OpenDNSUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
2008-01-18 22:35 233472 ----a-w- h:\program files\Saitek\SD6\Software\ProfilerU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- h:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
2008-01-18 22:36 131072 ----a-w- h:\program files\Saitek\SD6\Software\SaiMfd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- h:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- h:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 17:37 517096 ----a-w- h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- h:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 19:27 762736 ----a-w- h:\windows\vVX1000.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
R3 ATP;Comodo EasyVPN Miniport Driver;h:\windows\system32\DRIVERS\cmdatp.sys [2010-03-26 17816]
R3 GarenaPEngine;GarenaPEngine;h:\users\AJC\AppData\Local\Temp\PWHAB38.tmp [x]
R3 SwitchBoard;Adobe SwitchBoard;h:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);h:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TeamViewer5;TeamViewer 5;h:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R3 WatAdminSvc;Windows Activation Technologies Service;h:\windows\system32\Wat\WatAdminSvc.exe [2010-02-23 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;h:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 CrdphService;COMODO EasyVPN VNC Service;h:\program files\COMODO\EasyVPN\crdphService.exe [2010-03-29 491768]
R4 EasyVpnAdpt;COMODO EasyVPN Service;h:\program files\COMODO\EasyVPN\Vpnservice.exe [2010-03-29 45304]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;h:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;h:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;h:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;h:\windows\system32\Drivers\sptd.sys [2010-06-24 721904]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);h:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 TunngleService;TunngleService;h:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S1 VBoxDrv;VirtualBox Service;h:\windows\system32\DRIVERS\VBoxDrv.sys [2010-05-10 123856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;h:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-05-10 41680]
S1 vwififlt;Virtual WiFi Filter Driver;h:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;h:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 cpuz134;cpuz134;h:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 SBSDWSCService;SBSD Security Center Service;h:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;h:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;h:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);h:\windows\system32\DRIVERS\vrtaucbl.sys [2007-05-15 42496]
S3 MpNWMon;Microsoft Malware Protection Network Driver;h:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;h:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
S3 RTL8167;Realtek 8167 NT Driver;h:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]
S3 SaiK0728;SaiK0728;h:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 104960]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;h:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-05-10 99728]
S3 VBoxNetFlt;VBoxNetFlt Service;h:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-05-10 110608]
S3 ZCinema_TSHD;ZCinema TruSurround HD driver;h:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-08-22 18448]
.
Contents of the 'Scheduled Tasks' folder
2010-09-12 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-03 02:37]
2010-09-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-11 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-06 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463480951-1125009390-1434497464-1001Core.job
- h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
2010-09-11 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2463480951-1125009390-1434497464-1001UA.job
- h:\users\AJC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: C696E6B6379737 = 64.71.255.198
FF - ProfilePath - h:\users\AJC\AppData\Roaming\Mozilla\Firefox\Profiles\dsgmzn05.default\
FF - prefs.js: browser.startup.homepage - Custom Value
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: h:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: h:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: h:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: h:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: h:\users\AJC\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: h:\users\AJC\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BitTorrent DNA - h:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\h:\users\AJC\AppData\Local\Temp\PWHAB38.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2463480951-1125009390-1434497464-1001\Software\SecuROM\License information*]
"datasecu"=hex:6f,14,a2,74,0c,6e,08,41,4e,a9,2d,bd,8c,ab,84,2c,51,59,93,b4,c9,
0b,7a,f6,61,05,e2,9f,5d,2c,e6,f6,58,0f,93,45,e1,df,f6,db,66,a2,8a,9b,b7,3f,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-12 11:24:26
ComboFix-quarantined-files.txt 2010-09-12 15:24
ComboFix2.txt 2010-09-11 15:53
Pre-Run: 108,911,943,680 bytes free
Post-Run: 108,850,900,992 bytes free
- - End Of File - - AFF614601E33ABCCAFCF3784E859A97E
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4600
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/09/2010 12:59:14 PM
mbam-log-2010-09-12 (12-59-14).txt
Scan type: Full scan (H:\|)
Objects scanned: 341782
Time elapsed: 1 hour(s), 13 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
H:\Qoobox\Quarantine\H\Users\AJC\AppData\Roaming\D5E2400660A9D7B06C129E93FC8A3E44\mediafix70700en02.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Users\AJC\Downloads\Torrent Downloaded\Adobe Dreamweaver CS4\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1a3682d0-7880aabc (Trojan.Downloader) -> Quarantined and deleted successfully.
Hi AJC01
CKScanner
Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
Double-click on the CKScanner.exe icon... then click the Search For Files button.
When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
A text file will be created on your desktop named "ckfiles.txt"
Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
Please copy/paste the contents of ckfiles.txt in your next reply.
Thanks peku006
I'm not sure if the program is working. There is no hourglass or scanning bar and only this shows up when I save to a text file-
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
Hi AJC01
Do you still get redirected ?
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/onlinescan/)
Then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Thanks peku006
I only got to 10% before the program froze up and I tried to get it to work but after several times of trying I gave up but this is the log file-
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=215881ca5ab0134b968314eb4ef6547b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-13 11:52:31
# local_time=2010-09-13 07:52:31 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776573 100 100 0 13932348 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=11901
# found=0
# cleaned=0
# scan_time=1001
Also, No I on't seem to be getting re-directed but I have only used the browser for a very short amount of time.
Hi AJC01
Let´s try this........
Kaspersky Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Hold down Control then click on the following link to open a new window to Kaspersky Online Scan (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan. * This will take a while. Please be patient *.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
This online tutorial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan
Thanks peku006
Due to a lack of response, this topic is now closed
If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh DDS log, and wait for a new helper.
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)