Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware redirects my google links

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware redirects my google links

Unread postby Cypher » January 5th, 2010, 8:21 am

Hi xmokaonlyx.
This is proving tricky lets try something different.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    :Files
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger4.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger5.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger6.zip
    C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger7.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger4.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger5.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger6.zip
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger7.zip
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    Next.

    I need you to try TDSSKiller again.
    Please read this instructions carefully.

    • Double-click the TDSSKiller Folder on your desktop.
    • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
    • Next Highlight and copy the text in the codebox below.
      Code: Select all
      "%userprofile%\Desktop\TDSSKiller.exe" -v
    • Click on Start > All programs > Accessories > Run.... and paste the text above into the Open: line and click OK.
    • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
    • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
    • a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt.
    • To find the log click Start then Computer then Vista ( C:).
    • Please post the contents of that log in your next reply.


    Logs/Information to Post in your Next Reply

    • OTM log.
    • TDSSKiller log.
    • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 6th, 2010, 5:22 am

All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger4.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger5.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger6.zip not found.
File/Folder C:\ProgramData\Spybot - Search & Destroy\Recovery\RevealerKeylogger7.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger1.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger2.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger4.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger5.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger6.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\RevealerKeylogger7.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CAllen
->Temp folder emptied: 93000 bytes
->Temporary Internet Files folder emptied: 24714687 bytes
->Java cache emptied: 1952268 bytes
->FireFox cache emptied: 29643713 bytes
->Google Chrome cache emptied: 6554479 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 38197 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 28796603 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 333923 bytes

Total Files Cleaned = 88.00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01062010_040602

Files moved on Reboot...
C:\Users\CAllen\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 6th, 2010, 5:24 am

04:20:08:059 1916 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
04:20:08:059 1916 ================================================================================
04:20:08:059 1916 SystemInfo:

04:20:08:059 1916 OS Version: 6.0.6002 ServicePack: 2.0
04:20:08:059 1916 Product type: Workstation
04:20:08:059 1916 ComputerName: CALLEN-PC
04:20:08:075 1916 UserName: CAllen
04:20:08:075 1916 Windows directory: C:\Windows
04:20:08:075 1916 Processor architecture: Intel x86
04:20:08:075 1916 Number of processors: 2
04:20:08:075 1916 Page size: 0x1000
04:20:08:075 1916 Boot type: Normal boot
04:20:08:075 1916 ================================================================================
04:20:08:075 1916 main: Driver KLMD successfully unloaded
04:20:08:590 1916 ForceUnloadDriver: NtUnloadDriver error 2
04:20:08:590 1916 ForceUnloadDriver: NtUnloadDriver error 2
04:20:08:590 1916 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0
04:20:08:590 1916 main: Driver KLMD successfully dropped
04:20:08:605 1916 main: Driver KLMD successfully loaded
04:20:08:605 1916
Scanning Registry ...
04:20:08:605 1916 ScanServices: Searching service UACd.sys
04:20:08:605 1916 ScanServices: Open/Create key error 2
04:20:08:605 1916 ScanServices: Searching service TDSSserv.sys
04:20:08:605 1916 ScanServices: Open/Create key error 2
04:20:08:605 1916 ScanServices: Searching service gaopdxserv.sys
04:20:08:605 1916 ScanServices: Open/Create key error 2
04:20:08:605 1916 ScanServices: Searching service gxvxcserv.sys
04:20:08:605 1916 ScanServices: Open/Create key error 2
04:20:08:605 1916 ScanServices: Searching service MSIVXserv.sys
04:20:08:605 1916 ScanServices: Open/Create key error 2
04:20:08:605 1916 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 81E43000
04:20:08:605 1916 UnhookRegistry: Kernel local addr: 1CD0000
04:20:08:605 1916 UnhookRegistry: KeServiceDescriptorTable addr: 1E07B00
04:20:08:621 1916 UnhookRegistry: KiServiceTable addr: 1D7C82C
04:20:08:621 1916 UnhookRegistry: NtEnumerateKey service number (local): 85
04:20:08:621 1916 UnhookRegistry: NtEnumerateKey local addr: 1ECD0BA
04:20:08:621 1916 KLMD_OpenDevice: Trying to open KLMD device
04:20:08:621 1916 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
04:20:08:621 1916 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x81E8BD19[0x4]
04:20:08:621 1916 UnhookRegistry: NtEnumerateKey service number (kernel): 85
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x81EEFA40[0x4]
04:20:08:621 1916 UnhookRegistry: NtEnumerateKey real addr: 820400BA
04:20:08:621 1916 UnhookRegistry: NtEnumerateKey calc addr: 820400BA
04:20:08:621 1916 UnhookRegistry: No SDT hooks found on NtEnumerateKey
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x820400BA[0xA]
04:20:08:621 1916 UnhookRegistry: No splicing found on NtEnumerateKey
04:20:08:621 1916
Scanning Kernel memory ...
04:20:08:621 1916 KLMD_OpenDevice: Trying to open KLMD device
04:20:08:621 1916 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
04:20:08:621 1916 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
04:20:08:621 1916 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 854B8978
04:20:08:621 1916 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
04:20:08:621 1916 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85A9FAC8
04:20:08:621 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A9FAC8
04:20:08:621 1916 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8529C4C0
04:20:08:621 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8529C4C0
04:20:08:621 1916 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8529C030
04:20:08:621 1916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8529C030
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x8529C030[0x38]
04:20:08:621 1916 DetectCureTDL3: DRIVER_OBJECT addr: 84925770
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x84925770[0xA8]
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x84925720[0x208]
04:20:08:621 1916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
04:20:08:621 1916 DetectCureTDL3: IrpHandler (0) addr: 8073F140
04:20:08:621 1916 DetectCureTDL3: IrpHandler (1) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (2) addr: 8073F140
04:20:08:621 1916 DetectCureTDL3: IrpHandler (3) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (4) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (5) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (6) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (7) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (8) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (9) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (10) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (11) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (12) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (13) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (14) addr: 8072DA5A
04:20:08:621 1916 DetectCureTDL3: IrpHandler (15) addr: 8072DA2C
04:20:08:621 1916 DetectCureTDL3: IrpHandler (16) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (17) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (18) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (19) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (20) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (21) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (22) addr: 8072DA88
04:20:08:621 1916 DetectCureTDL3: IrpHandler (23) addr: 8073AB70
04:20:08:621 1916 DetectCureTDL3: IrpHandler (24) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (25) addr: 81E6B9D2
04:20:08:621 1916 DetectCureTDL3: IrpHandler (26) addr: 81E6B9D2
04:20:08:621 1916 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
04:20:08:621 1916 KLMD_ReadMem: DeviceIoControl error 1
04:20:08:621 1916 TDL3_StartIoHookDetect: Unable to get StartIo handler code
04:20:08:621 1916 TDL3_FileDetect: Processing driver: atapi
04:20:08:621 1916 TDL3_FileDetect: Similar paths for origin and cured (C:\Windows\system32\drivers\atapi.tsk)! Generate new path
04:20:08:621 1916 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.tsk, C:\Windows\system32\Drivers\atapi.ts0, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.ts0
04:20:08:621 1916 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.tsk
04:20:08:621 1916 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.tsk
04:20:08:652 1916
Completed

Results:
04:20:08:652 1916 Infected objects in memory: 0
04:20:08:652 1916 Cured objects in memory: 0
04:20:08:652 1916 Infected objects on disk: 0
04:20:08:652 1916 Objects on disk cured on reboot: 0
04:20:08:652 1916 Objects on disk deleted on reboot: 0
04:20:08:652 1916 Registry nodes deleted on reboot: 0
04:20:08:652 1916
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby Cypher » January 6th, 2010, 2:01 pm

Hi xmokaonlyx.
Good work thank you.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind 
    atapi.sys 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 6th, 2010, 5:54 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:49 on 06/01/2010 by CAllen (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys "
No files found.

-=End Of File=-
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 6th, 2010, 6:15 pm

I believe I have a new virus!!, I keep hearing and seeing random advertisements on my comp, whats going on!?
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby Cypher » January 7th, 2010, 12:10 pm

Hi xmokaonlyx.
I keep hearing and seeing random advertisements on my comp, whats going on!?

Has this just started to happen recently?

As you can't didable Norton i need you to uninstall it as it's blocking tools we need to use.
I will get you to install a different AV in the meantime.


Please download one of these free Anti-virus products below and save it to your desktop, Do not install it yet.

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Next.


Norton Removal Tool

Please go to the Norton Removal Tool main page Here
  • Under Choose your product: click on the link for the version of Norton you have.
  • look for Download and run the Norton Removal Tool.
  • Please Download and run the Norton Removal Tool then Reboot your computer.

Next.

Please rerun combofix and post the results in your next reply.

Next.

Please install the AV you saved to your Desktop.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 7th, 2010, 8:20 pm

This virus wont let me run the programs I downloaded at all I think, every time I run it a window opens saying this file cannot be executed because its infected and ask to activate anti-spyware which justs opens IE to to a site to buy virus remover program. this happend yesterday after I tried reinstalling one of the programs you asked me to get before. its called Anti-Virus live and its really annoying.
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 7th, 2010, 8:24 pm

It wont let me open up any other apps like Itunes either, im my firefox open and running because I am afraid that next time I turn on my comp I will not be able to open this to get here as my IE is infected as well now.
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby Cypher » January 8th, 2010, 7:31 am

Hi xmokaonlyx.
It seems you have picked up a new infection while we were cleaning your PC.
I need you to limit your use of your PC until we can get you clean.

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Right-click on Rkill And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please rerun combofix and post the results in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • combofix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 8th, 2010, 3:27 pm

I wasnt able to get the Malware byte running because every time I try to run the program it tells me Error Code 707 (3,0), I was able to get combofix so here is the log.



ComboFix 10-01-04.01 - CAllen 01/08/2010 14:06:19.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2016 [GMT -5:00]
Running from: c:\users\CAllen\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\CAllen\AppData\Local\urujgg
c:\users\CAllen\AppData\Local\urujgg\lulvsysguard.exe
c:\windows\system32\drivers\H8SRTyhcdmhtvcb.sys
c:\windows\system32\H8SRTcjjreymvqr.dat
c:\windows\system32\H8SRTepbvvxusay.dll
c:\windows\system32\H8SRTiwqpsvtcon.dll
c:\windows\system32\H8SRTiyuniplnic.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 19:15 . 2010-01-08 19:18 -------- d-----w- c:\users\CAllen\AppData\Local\temp
2010-01-08 19:15 . 2010-01-08 19:15 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-01-08 19:15 . 2010-01-08 19:15 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-01-08 19:15 . 2010-01-08 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 18:55 . 2010-01-08 18:55 -------- d-----w- C:\32788R22FWJFW
2010-01-08 00:07 . 2010-01-08 00:07 -------- d-----w- c:\users\CAllen\AppData\Local\Adobe
2010-01-06 08:58 . 2010-01-06 08:58 -------- d-----w- C:\_OTM
2010-01-06 08:48 . 2010-01-08 00:37 857 ----a-w- c:\windows\system32\krl32mainweq.dll
2010-01-04 16:58 . 2010-01-04 16:58 -------- d-----w- c:\users\CAllen\AppData\Local\Apple
2010-01-04 01:27 . 2010-01-05 01:31 -------- d-----w- c:\users\CAllen\AppData\Local\Apple Computer
2010-01-03 21:39 . 2010-01-03 21:39 -------- d-----w- c:\program files\ESET
2010-01-02 06:11 . 2010-01-02 06:11 -------- d-----w- c:\progra~2\NortonInstaller
2010-01-02 00:33 . 2010-01-08 18:48 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-31 19:42 . 2009-12-31 19:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\gtk-2.0
2009-12-31 01:18 . 2009-12-31 01:18 77312 ----a-w- C:\mbr.exe
2009-12-28 16:48 . 2009-12-28 16:50 -------- d-----w- c:\users\CAllen\AppData\Roaming\ICAClient
2009-12-28 16:47 . 2009-12-28 16:47 -------- d-----w- c:\users\CAllen\AppData\Local\Citrix
2009-12-28 04:57 . 2009-12-28 04:57 -------- d-----w- c:\program files\ERUNT
2009-12-25 20:21 . 2009-12-25 20:21 -------- d-----w- C:\rsit
2009-12-20 20:20 . 2009-12-20 20:20 -------- d-----w- c:\program files\Trend Micro
2009-12-20 00:31 . 2009-12-20 00:31 -------- d-----w- c:\windows\Sun
2009-12-19 19:20 . 2009-12-20 00:33 6148384 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\progra~2\ParetoLogic
2009-12-19 17:47 . 2009-12-19 17:48 -------- d-----w- c:\progra~2\Radialpoint
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\users\CAllen\AppData\Roaming\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\windows\bin
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Motive
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\Verizon Broadband Firefox Toolbar
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\verizon_broad
2009-12-19 17:35 . 2009-12-19 17:35 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-12-19 15:54 . 2009-12-28 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 15:54 . 2009-12-28 04:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-12-15 00:19 . 2010-01-02 06:12 -------- d-----w- c:\progra~2\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\progra~2\Symantec
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 08:46 . 2009-01-04 02:23 -------- d-----w- c:\users\CAllen\AppData\Roaming\uTorrent
2010-01-03 21:08 . 2008-07-19 04:31 -------- d-----w- c:\program files\DivX
2010-01-02 06:09 . 2008-07-19 04:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 05:54 . 2009-12-05 22:15 -------- d-----w- c:\users\CAllen\AppData\Roaming\.purple
2009-12-31 22:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-31 19:39 . 2009-12-31 19:39 1791 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2009-12-31 19:38 . 2009-12-31 19:38 1691 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2009-12-29 00:13 . 2009-12-29 00:13 19944 ----a-w- c:\windows\system32\drivers\atapi.tsk
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2009-12-20 00:33 . 2009-12-19 19:20 84464 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 17:48 . 2008-07-18 14:44 -------- d-----w- c:\program files\Verizon
2009-12-19 15:08 . 2009-09-10 16:52 -------- d-----w- c:\program files\QuickTime
2009-12-09 17:59 . 2008-02-29 05:15 -------- d-----w- c:\progra~2\Microsoft Help
2009-12-08 04:24 . 2008-07-04 03:22 680 ----a-w- c:\users\CAllen\AppData\Local\d3d9caps.dat
2009-12-05 22:15 . 2009-12-05 22:15 -------- d-----w- c:\program files\Pidgin
2009-12-05 22:14 . 2009-12-05 22:14 -------- d-----w- c:\program files\Common Files\GTK
2009-12-01 03:55 . 2008-06-23 21:57 27430 ----a-w- c:\users\CAllen\AppData\Roaming\nvModes.dat
2009-12-01 03:41 . 2009-12-01 03:41 -------- d-----w- c:\users\CAllen\AppData\Roaming\PlayFirst
2009-12-01 03:39 . 2008-04-27 04:36 -------- d-----w- c:\progra~2\WildTangent
2009-11-30 05:48 . 2009-11-30 05:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\Propellerhead Software
2009-11-30 05:48 . 2009-11-30 05:48 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-11-30 05:48 . 2009-11-30 05:48 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-11-30 05:48 . 2009-11-30 05:48 -------- d-----w- c:\progra~2\Propellerhead Software
2009-11-30 05:41 . 2009-11-30 05:41 -------- d-----w- c:\program files\Propellerhead
2009-11-30 05:12 . 2008-02-29 05:19 -------- d-----w- c:\program files\Sling Media
2009-11-10 19:04 . 2009-11-10 19:04 -------- d-----w- c:\program files\CDisplay
2009-11-09 12:31 . 2009-12-09 17:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 17:59 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 17:59 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 06:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 01:42 . 2009-10-03 05:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 04:05 . 2009-02-21 02:37 384 ----a-w- c:\users\CAllen\AppData\Roaming\wklnhst.dat
2009-10-29 09:17 . 2009-11-25 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11 . 2009-12-08 23:10 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-08 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll
.

------- Sigcheck -------

[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2009-04-11 06:32 . 6980A71E8A6C7E2FB976FD71E36E3222 . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-07-13 14:36 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,df,45,f0,19,5d,ca,01

R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/19/2009 12:47 PM 668912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKCU-Run-nppexcfw - c:\users\CAllen\AppData\Local\urujgg\lulvsysguard.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-01-08 14:24:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-08 19:24
ComboFix2.txt 2009-12-28 05:20

Pre-Run: 75,778,686,976 bytes free
Post-Run: 75,920,306,176 bytes free

- - End Of File - - 4734B00BB7AD59D32B03A58326DD0906
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby Cypher » January 8th, 2010, 4:57 pm

Hi xmokaonlyx.
Did you uninstall Norton?

Please continue with the instructions below.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    Folder::
    C:\32788R22FWJFW
    File::
    c:\windows\system32\krl32mainweq.dll
    FCopy::
    c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys | c:\windows\system32\drivers\atapi.sys
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

Please try to run Malwarebytes' Anti-Malware now.



Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Malwarebytes log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 9th, 2010, 6:16 pm

Im really sorry if this is annoying but Im still unable to run Malware Anibyte. Here is the combofix log.




ComboFix 10-01-04.01 - CAllen 01/09/2010 17:04:31.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2067 [GMT -5:00]
Running from: c:\users\CAllen\Desktop\ComboFix.exe
Command switches used :: c:\users\CAllen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\krl32mainweq.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\krl32mainweq.dll

.
--------------- FCopy ---------------

c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-09 22:11 . 2010-01-09 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-09 22:11 . 2010-01-09 22:11 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-01-09 22:11 . 2010-01-09 22:11 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-01-09 22:11 . 2010-01-09 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 19:15 . 2010-01-09 22:11 -------- d-----w- c:\users\CAllen\AppData\Local\temp
2010-01-08 00:07 . 2010-01-08 00:07 -------- d-----w- c:\users\CAllen\AppData\Local\Adobe
2010-01-06 08:58 . 2010-01-06 08:58 -------- d-----w- C:\_OTM
2010-01-04 16:58 . 2010-01-04 16:58 -------- d-----w- c:\users\CAllen\AppData\Local\Apple
2010-01-04 01:27 . 2010-01-05 01:31 -------- d-----w- c:\users\CAllen\AppData\Local\Apple Computer
2010-01-03 21:39 . 2010-01-03 21:39 -------- d-----w- c:\program files\ESET
2010-01-02 06:11 . 2010-01-02 06:11 -------- d-----w- c:\progra~2\NortonInstaller
2010-01-02 00:33 . 2010-01-08 18:48 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-31 19:42 . 2009-12-31 19:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\gtk-2.0
2009-12-31 19:39 . 2009-12-31 19:39 1791 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2009-12-31 19:38 . 2009-12-31 19:38 1691 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2009-12-31 01:18 . 2009-12-31 01:18 77312 ----a-w- C:\mbr.exe
2009-12-28 16:48 . 2009-12-28 16:50 -------- d-----w- c:\users\CAllen\AppData\Roaming\ICAClient
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2009-12-28 16:47 . 2009-12-28 16:47 -------- d-----w- c:\users\CAllen\AppData\Local\Citrix
2009-12-28 04:57 . 2009-12-28 04:57 -------- d-----w- c:\program files\ERUNT
2009-12-25 20:21 . 2009-12-25 20:21 -------- d-----w- C:\rsit
2009-12-20 20:20 . 2009-12-20 20:20 -------- d-----w- c:\program files\Trend Micro
2009-12-20 00:31 . 2009-12-20 00:31 -------- d-----w- c:\windows\Sun
2009-12-19 19:20 . 2009-12-20 00:33 6148384 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\progra~2\ParetoLogic
2009-12-19 17:47 . 2009-12-19 17:48 -------- d-----w- c:\progra~2\Radialpoint
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\users\CAllen\AppData\Roaming\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\windows\bin
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Motive
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\Verizon Broadband Firefox Toolbar
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\verizon_broad
2009-12-19 17:35 . 2009-12-19 17:35 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-12-19 15:54 . 2009-12-28 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 15:54 . 2009-12-28 04:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-12-15 00:19 . 2010-01-02 06:12 -------- d-----w- c:\progra~2\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\progra~2\Symantec
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 08:46 . 2009-01-04 02:23 -------- d-----w- c:\users\CAllen\AppData\Roaming\uTorrent
2010-01-03 21:08 . 2008-07-19 04:31 -------- d-----w- c:\program files\DivX
2010-01-02 06:09 . 2008-07-19 04:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 05:54 . 2009-12-05 22:15 -------- d-----w- c:\users\CAllen\AppData\Roaming\.purple
2009-12-31 22:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-29 00:13 . 2009-12-29 00:13 19944 ----a-w- c:\windows\system32\drivers\atapi.tsk
2009-12-20 00:33 . 2009-12-19 19:20 84464 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 17:48 . 2008-07-18 14:44 -------- d-----w- c:\program files\Verizon
2009-12-19 15:08 . 2009-09-10 16:52 -------- d-----w- c:\program files\QuickTime
2009-12-09 17:59 . 2008-02-29 05:15 -------- d-----w- c:\progra~2\Microsoft Help
2009-12-08 04:24 . 2008-07-04 03:22 680 ----a-w- c:\users\CAllen\AppData\Local\d3d9caps.dat
2009-12-05 22:15 . 2009-12-05 22:15 -------- d-----w- c:\program files\Pidgin
2009-12-05 22:14 . 2009-12-05 22:14 -------- d-----w- c:\program files\Common Files\GTK
2009-12-01 03:55 . 2008-06-23 21:57 27430 ----a-w- c:\users\CAllen\AppData\Roaming\nvModes.dat
2009-12-01 03:41 . 2009-12-01 03:41 -------- d-----w- c:\users\CAllen\AppData\Roaming\PlayFirst
2009-12-01 03:39 . 2008-04-27 04:36 -------- d-----w- c:\progra~2\WildTangent
2009-11-30 05:48 . 2009-11-30 05:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\Propellerhead Software
2009-11-30 05:48 . 2009-11-30 05:48 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-11-30 05:48 . 2009-11-30 05:48 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-11-30 05:48 . 2009-11-30 05:48 -------- d-----w- c:\progra~2\Propellerhead Software
2009-11-30 05:41 . 2009-11-30 05:41 -------- d-----w- c:\program files\Propellerhead
2009-11-30 05:12 . 2008-02-29 05:19 -------- d-----w- c:\program files\Sling Media
2009-11-09 12:31 . 2009-12-09 17:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 17:59 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 17:59 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 06:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 01:42 . 2009-10-03 05:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 04:05 . 2009-02-21 02:37 384 ----a-w- c:\users\CAllen\AppData\Roaming\wklnhst.dat
2009-10-29 09:17 . 2009-11-25 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11 . 2009-12-08 23:10 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-08 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-28_05.16.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-08 18:51 . 2010-01-08 18:51 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2010-01-08 18:51 . 2010-01-08 18:51 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2008-01-21 01:58 . 2010-01-09 21:59 58976 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-09 21:59 91102 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 04:38 . 2010-01-09 21:59 13936 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1860400135-879163118-3456586307-1000_UserData.bin
- 2008-06-03 04:38 . 2009-12-28 04:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 04:38 . 2010-01-09 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 04:38 . 2010-01-09 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 04:38 . 2010-01-09 22:00 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-26 12:49 . 2009-12-27 05:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-26 12:49 . 2010-01-08 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-26 12:49 . 2010-01-08 22:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-26 12:49 . 2009-12-27 05:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-26 12:49 . 2010-01-08 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-26 12:49 . 2009-12-27 05:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 16:12 . 2010-01-08 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-25 16:12 . 2009-12-25 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 16:12 . 2010-01-08 21:25 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 16:12 . 2009-12-25 19:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 16:12 . 2009-12-25 19:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 16:12 . 2010-01-08 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-05 04:56 . 2010-01-06 09:25 26192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-12-28 04:50 . 2009-12-28 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-09 21:57 . 2010-01-09 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-28 04:50 . 2009-12-28 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-09 21:57 . 2010-01-09 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-08 18:51 . 2010-01-08 18:51 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2008-06-05 03:57 . 2010-01-09 11:02 317882 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-12-28 04:55 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-09 22:02 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-28 04:55 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-09 22:02 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 12:47 . 2009-11-11 18:26 308808 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2010-01-01 20:58 308808 c:\windows\System32\FNTCACHE.DAT
+ 2010-01-08 18:51 . 2010-01-08 18:51 228352 c:\windows\Installer\8d157.msi
+ 2010-01-08 18:51 . 2010-01-08 18:51 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2010-01-08 18:51 . 2010-01-08 18:51 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2006-11-02 10:22 . 2010-01-08 19:03 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-12-09 20:16 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-28 16:47 . 2009-12-28 16:47 1467392 c:\windows\Installer\4f600e.msi
+ 2009-05-03 00:09 . 2010-01-08 18:51 218823766 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-07-13 14:36 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,df,45,f0,19,5d,ca,01

R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/19/2009 12:47 PM 668912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-09 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 17:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-09 17:12:47
ComboFix-quarantined-files.txt 2010-01-09 22:12
ComboFix2.txt 2010-01-08 19:24
ComboFix3.txt 2009-12-28 05:20

Pre-Run: 74,291,351,552 bytes free
Post-Run: 73,959,510,016 bytes free

- - End Of File - - F35648B656AC3155CECEC7789E95B14C
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm

Re: Malware redirects my google links

Unread postby Cypher » January 10th, 2010, 11:59 am

Hi xmokaonlyx.
I keep hearing and seeing random advertisements on my comp

Are you still getting random advertisements popping up?
Ok please continue with the instructions below.

Uninstall programs
  • Click on Start
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Malwarebytes' Anti-Malware

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    Folder::
    C:\Program Files\Malwarebytes' Anti-Malware
    C:\Documents and Settings\CAllen\Application Data\Malwarebytes
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    c:\users\CAllen\AppData\Roaming\uTorrent
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

Please delete the Malwarebytes desktop icon and any other tray icons then Reboot your computer.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please run GMER Rootkit Scanner again, it should still be on your Desktop.

  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Malwarebytes log.
  • Gmer.txt log
  • Please give me an update on your computers performance, are you still getting random popups?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware redirects my google links

Unread postby xmokaonlyx » January 11th, 2010, 2:29 am

I havent had the issue with the random adds in about 2 days so it seems to be gone now, also when I had that problem the google redirect had seem to come back but it also gone again. I still cannot seem to run Malware Anti program. Here are the other 2 logs.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 01:26:49
Windows 6.0.6002 Service Pack 2
Running: sdd2lfj0.exe; Driver: C:\Users\CAllen\AppData\Local\Temp\uxryrpod.sys


---- System - GMER 1.0.15 ----

INT 0x01 ? 9BFDF2A4

---- EOF - GMER 1.0.15 ----












ComboFix 10-01-04.01 - CAllen 01/11/2010 0:41.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2011 [GMT -5:00]
Running from: c:\users\CAllen\Desktop\ComboFix.exe
Command switches used :: c:\users\CAllen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\CAllen\AppData\Roaming\uTorrent
c:\users\CAllen\AppData\Roaming\uTorrent\#-C.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\(japan-music) Rie Fu - 1 album 1 single.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\[1984] Apollonia 6.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\[1999] The Slim Shady LP.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\[Bleach Society] Younha - houkiboshi.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\[Nipponsei] BLEACH OP3 Single - Ichirin no Hana [HIGH and MIGHTY COLOR].zip.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\~Common Discography.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\~Common Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\01 Eminem - Infinate.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\04 Paramore - Misery Business.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\05 Every Heart.mp3.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\05 Every Heart.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\09 - August.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\10 - September.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\100 Greatest Dance Hits of the 90s[Dance][2008][Visit pctrecords].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\11 - October.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\12 - November.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\2 - Lily allen - The fear.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\50_Cent-Get_Up-(Promo_CDS)-2008-EXP.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\80s Compilation CDs.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\80s Giga Hits Collection.(32 CDs).(www.lokotorrents.com).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\A Kid Named Cudi.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\akon - right now.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Anthony Hamilton - The Point Of It All (2008) - R&B [www.torrentazos.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Asher Roth - Asleep In The Bread Aisle (2009).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Asher_Roth-Asleep_In_The_Bread_Aisle-2009-404.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Atrheas-035TS.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Avril Lavigne - The Best Damn Thing (2007) - Rock By FEFE2003.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Avril Lavigne - When Your're Gone.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\AZ - Anthology B Sides And Unreleased (2008) NLT-Release.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Backstreet Boys.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Band_of_Horses-Cease_to_Begin-2007-JUST.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Basement Jaxx - The Singles [www.pctorrent.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Batman - Battle for the Cowl.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Batman RIP through Battle for the Cowl.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Becoming X.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Bell Biv Devoe - Poison.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Bell Biv Devoe - Poison[cdrip]vbr[mp3]-darkjedi.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Beyonce -I Am Sasha Fierce [Deluxe Edition].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Bleach Openings and Endings.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\BMrRnbTop.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Bobby Brown - Dance!... Ya Know It! - 1989 - Cat.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Bobby Brown - Greatest Hits.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Brian McKnight - U Turn [2003] [R&B] [www.file24ever.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Britney Spears.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Buzz Cuts.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Carpenters - Gold Greatest Hits (2005) - Pop - www.torrentazos.com By FEFE2003.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Carpenters.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\ClintonSparksChesterFrenchNMCJacquesJamsVol1Endurance.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\COAST 2 COAST MIXTAPE VOL. 61 HOSTED BY MAINO.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Crystal Waters.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Daft Punk - Human After All.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\daft punk.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - April.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - December.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - February.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - January.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - July.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - June.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dark Reign - March.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Del Tha Funkee Homosapien.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Del The Funky Homosapien.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Demon Days.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\dht.dat
c:\users\CAllen\AppData\Roaming\uTorrent\dht.dat.old
c:\users\CAllen\AppData\Roaming\uTorrent\Dirty Vegas.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Dirty Vegas.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Disco Hits.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Disco Hits.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\DJ Hero Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\DJ Hitz - I'm So NY Pt. 4 - Mixfiend - [kn0wnunkn0wn].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\DOOM - Born like this.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Drake - So Far Gone (2009) (mrsjs).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Drake - So Far Gone[2009].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eminem-Relapse-2009-H3X.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eminem - Encore.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eminem - Encore.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\eminem - infinite.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eminem - Infinite.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eminem - Relapse THE ALBUM.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Eric Benet - Love And Life (2008) - R&B [www.torrentazos.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Estelle - Shine [2008][CD+2 SkidVid_XviD+Cov]192Kbps.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Fight With Tools.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Foo Fighters - Colour and The Shape(adonis).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Gang Starr - Full Clip.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Ghostbusters 2 Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Gorillaz - Demon_Days -ZRO [320kbps].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Grand Theft Auto San Andreas Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Guitar Hero_ Aerosmith.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Hannah Montana - Complete Song collection 041308.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Hannah Montana.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Heatwave.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\high school musical.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\interpol - antics.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\InuYasha.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Jamie Foxx - Intuition - 2008.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Janet Jackson - 20 Y O [2006][CD+2 SkidVids+Cov].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Janet_Jackson-20_Years_Old-Retail-2006-JRP.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Jay-Z-Vol.2.Hard.Knock.Life[1998][MP3-OT]-FLAWL3SS.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Jay-Z - Reasonable Doubt [Roman_Gie] 192kbit.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Jay-Z - The Blueprint 3 (2009) - Rap [www.torrentazos.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Justice - Cross (2008) [Mp3][www.zonatorrent.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Kanye West - Graduation (2007).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Kanye West - Stronger.zip.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Katy Perry - I Kissed A Girl.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\KiD CuDi - Man On The Moon The End of Day Deluxe Edition [4 Bonus Tracks] [2009].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Kings Of Leon - Only By The Night[2008][320kbps]MP3-MT.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Kiss Discography 1974-2008 (MP3@320kbps).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Kiss.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\La Roux - La Roux [CD 2009] [Cov+CD] [Bubanee].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lady GaGa - The Fame [2008].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lady Gaga - The Fame Monster (2009) (mrsjs).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lady GaGa - The Fame.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lady GaGa.The Fame[2008]MP3@256.NeRoZ.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lauryn Hill - The Miseducation of Lauryn Hill.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Len - You Can't Stop the Bum Rush.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lil' Kim Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lily Allen-Its Not Me Its You (2009) [WwW.LoKoTorrents.CoM].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lily allen The fear.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lisa_Miskovsky-Still_Alive-Promo_CDM-2008-USF.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\LL Cool J - Mama said knock you out.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Love Story.mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lupe Fiasco - Touch The Sky.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Lupe Fiasco Farenheit 1_15 mixtapes.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Madonna - Complete Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Madonna - Confessions ON A Dance Floor (Special Extended Edition).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Manners.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Mariah Carey - E=MC² - 2008 [MP3 @ 320] (oan).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Mariah Carey - The Emancipation Of Mimi [R&B][2009][PCTRecords.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Mariah Carey Memoirs Of An Imperfect Angel-2009.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Matt And Kim-Grand-2009.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Michael Jackson - Bad.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Michael Jackson - The Essential Michael Jackson.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Michael Jackson.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Michael Jackson.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Michael_Jackson_-_Heartbreak_Hotel_(2nafish).mpg.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Micheal Jackson - Number Ones[2003][320kbps]MP3-MT.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Miley Cyrus - Breakout.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Miley Cyrus - The Time Of Our Lives[EP] [2009].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\MJ.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\MJ.2.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\MJ.3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\MJ.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Mo' Money SOUNDTRACK.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Mo' Money SOUNDTRACK.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\MODJO - Modjo.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Moka Only - Is Ron Contour.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Nada Surf - High-Low - 1996.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Notorious BIG.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\OST 1.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\OST 1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\P.O.D. - Discography.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\P.O.D. - Discography.2.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\P.O.D. - Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Plain White Ts - Big Bad World [2008].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Powered.Keylogger.v2.2.1.1920.WinALL.Cracked-BRD.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Prince-Purple Rain - Zz.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Q-Tip - The Renaissance.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\R and B Love Collection - 2008.(www.lokotorrents.com).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Redman - Doc's Da Name 2000.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\resume.dat
c:\users\CAllen\AppData\Roaming\uTorrent\resume.dat.old
c:\users\CAllen\AppData\Roaming\uTorrent\Rie fu.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Right_Now_(Na_Na_Na).mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Rock Band 2 Disk Songs MP3 Project 0.90.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\ROCK BAND 2.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\ROCK BAND Songlist.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\rss.dat
c:\users\CAllen\AppData\Roaming\uTorrent\rss.dat.old
c:\users\CAllen\AppData\Roaming\uTorrent\Santana - Ultimate Santana [2007] [www.topetorrent.com].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Selena.Gomez.Music-CMD.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\settings.dat
c:\users\CAllen\AppData\Roaming\uTorrent\settings.dat.old
c:\users\CAllen\AppData\Roaming\uTorrent\Sheryl Crow - The First Cut Is The Deepest.flv.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Smallville - Save Me (Remy Zero)(1).mp3.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Smallville - Save Me (Remy Zero)(1).mp3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Sonic Youth - Rather Ripped.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Spice Girls - Greatest Hits [2007][CD+SkidVid_XviD+Cov]192Kbps.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Spice Girls - Spice (1996) EAC FLAC lossless seafood98.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Spice Girls.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Spice Girls.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\SSX 3 Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Steely Dan - Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Steely Dan 8 CD Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Stones Throw Artist Collection.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Street Fighter IV OST.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Styx - The Best Of Styx (2008) - Rock.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Summer Of Sam Soundtrack.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Summer Of Sam Soundtrack.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Sunspot_Jonz-Fight-Destroy-Rock.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Swollen_Members-Armed_To_The_Teeth-2009-XXL.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The B-52's - Time Capsule - Songs For A Future Generation.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The B-52's.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Cardigans - (1996) First Band On The Moon {iMog}.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Carpenters-Ultimate Collection-2009-cd 1-3.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Donnas.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Human League - Don't You Want Me.avi.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Human League - The Very Best Of.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Marshall Mathers LP.rar.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Marshall Mathers LP.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\The Who - 1983 - WHO'S GREATEST HITS KompletlyWyred DHZ Inc Release.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Timberland - shock value.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Tony! Toni! Tone! Discography.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Top 500 of the Greatest Hip-Hop and Rap Songs.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\TU109-15 - Remy Zero - Save Me.zip.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Twista-Kamikaze-2004-SWE.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Utada Hikaru - This is the One - 2009.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Utada Hikaru.1.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Utada Hikaru.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Utopia.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\utorrent.lng
c:\users\CAllen\AppData\Roaming\uTorrent\UVERworld.rar.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\V.A.--The Neptunes Presents The Clones--Rap2003.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\V.A. - Old School Hip Hop Compilation Of The 80's [Hip-Hop][2008][Visit pctrecords].torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Va - Hardbeats 2009 (clubmusic).torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Vanessa_Hudgens-Identified-2008-VAG.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Wale-Attention_deficit-2009 - H3X.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Whodini.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Young Jeezy - The Recession[2008] --PDR--.torrent
c:\users\CAllen\AppData\Roaming\uTorrent\Zero 7 - Destiny CD Single (CD-1) (2001).torrent

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 05:47 . 2010-01-11 05:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-11 05:47 . 2010-01-11 05:47 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-01-11 05:47 . 2010-01-11 05:47 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-01-11 05:47 . 2010-01-11 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-10 15:42 . 2010-01-10 15:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\AWHONN_FHM_Text
2010-01-08 19:15 . 2010-01-11 05:47 -------- d-----w- c:\users\CAllen\AppData\Local\temp
2010-01-08 00:07 . 2010-01-08 00:07 -------- d-----w- c:\users\CAllen\AppData\Local\Adobe
2010-01-06 08:58 . 2010-01-06 08:58 -------- d-----w- C:\_OTM
2010-01-04 16:58 . 2010-01-04 16:58 -------- d-----w- c:\users\CAllen\AppData\Local\Apple
2010-01-04 01:27 . 2010-01-05 01:31 -------- d-----w- c:\users\CAllen\AppData\Local\Apple Computer
2010-01-03 21:39 . 2010-01-03 21:39 -------- d-----w- c:\program files\ESET
2010-01-02 06:11 . 2010-01-02 06:11 -------- d-----w- c:\progra~2\NortonInstaller
2010-01-02 00:33 . 2010-01-11 05:36 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-31 19:42 . 2009-12-31 19:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\gtk-2.0
2009-12-31 19:39 . 2009-12-31 19:39 1791 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2009-12-31 19:38 . 2009-12-31 19:38 1691 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2009-12-31 01:18 . 2009-12-31 01:18 77312 ----a-w- C:\mbr.exe
2009-12-28 16:48 . 2009-12-28 16:50 -------- d-----w- c:\users\CAllen\AppData\Roaming\ICAClient
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2009-12-28 16:47 . 2009-12-28 16:47 73728 ----a-r- c:\users\CAllen\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2009-12-28 16:47 . 2009-12-28 16:47 -------- d-----w- c:\users\CAllen\AppData\Local\Citrix
2009-12-28 04:57 . 2009-12-28 04:57 -------- d-----w- c:\program files\ERUNT
2009-12-25 20:21 . 2009-12-25 20:21 -------- d-----w- C:\rsit
2009-12-20 20:20 . 2009-12-20 20:20 -------- d-----w- c:\program files\Trend Micro
2009-12-20 00:31 . 2009-12-20 00:31 -------- d-----w- c:\windows\Sun
2009-12-19 19:20 . 2009-12-20 00:33 6148384 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-19 19:10 . 2009-12-20 00:16 -------- d-----w- c:\progra~2\ParetoLogic
2009-12-19 17:47 . 2009-12-19 17:48 -------- d-----w- c:\progra~2\Radialpoint
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\users\CAllen\AppData\Roaming\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Verizon
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\windows\bin
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Motive
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\Verizon Broadband Firefox Toolbar
2009-12-19 17:47 . 2009-12-19 17:47 -------- d-----w- c:\program files\verizon_broad
2009-12-19 17:35 . 2009-12-19 17:35 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-12-19 15:54 . 2009-12-28 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 15:54 . 2009-12-28 04:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-12-15 00:19 . 2010-01-02 06:12 -------- d-----w- c:\progra~2\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\progra~2\Symantec
2010-01-07 23:50 . 2008-02-29 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-03 21:08 . 2008-07-19 04:31 -------- d-----w- c:\program files\DivX
2010-01-02 06:09 . 2008-07-19 04:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 05:54 . 2009-12-05 22:15 -------- d-----w- c:\users\CAllen\AppData\Roaming\.purple
2009-12-31 22:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-29 00:13 . 2009-12-29 00:13 19944 ----a-w- c:\windows\system32\drivers\atapi.tsk
2009-12-20 00:33 . 2009-12-19 19:20 84464 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 17:48 . 2008-07-18 14:44 -------- d-----w- c:\program files\Verizon
2009-12-19 15:08 . 2009-09-10 16:52 -------- d-----w- c:\program files\QuickTime
2009-12-09 17:59 . 2008-02-29 05:15 -------- d-----w- c:\progra~2\Microsoft Help
2009-12-08 04:24 . 2008-07-04 03:22 680 ----a-w- c:\users\CAllen\AppData\Local\d3d9caps.dat
2009-12-05 22:15 . 2009-12-05 22:15 -------- d-----w- c:\program files\Pidgin
2009-12-05 22:14 . 2009-12-05 22:14 -------- d-----w- c:\program files\Common Files\GTK
2009-12-01 03:55 . 2008-06-23 21:57 27430 ----a-w- c:\users\CAllen\AppData\Roaming\nvModes.dat
2009-12-01 03:41 . 2009-12-01 03:41 -------- d-----w- c:\users\CAllen\AppData\Roaming\PlayFirst
2009-12-01 03:39 . 2008-04-27 04:36 -------- d-----w- c:\progra~2\WildTangent
2009-11-30 05:48 . 2009-11-30 05:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\Propellerhead Software
2009-11-30 05:48 . 2009-11-30 05:48 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-11-30 05:48 . 2009-11-30 05:48 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-11-30 05:48 . 2009-11-30 05:48 -------- d-----w- c:\progra~2\Propellerhead Software
2009-11-30 05:41 . 2009-11-30 05:41 -------- d-----w- c:\program files\Propellerhead
2009-11-30 05:12 . 2008-02-29 05:19 -------- d-----w- c:\program files\Sling Media
2009-11-09 12:31 . 2009-12-09 17:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 17:59 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 17:59 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-04 06:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 01:42 . 2009-10-03 05:14 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 04:05 . 2009-02-21 02:37 384 ----a-w- c:\users\CAllen\AppData\Roaming\wklnhst.dat
2009-10-29 09:17 . 2009-11-25 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 14:11 . 2009-12-08 23:10 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-08 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-09_22.11.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-01-10 15:32 58976 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2010-01-09 21:59 58976 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-01-09 21:59 91102 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-10 18:39 91102 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 04:38 . 2010-01-10 18:39 13952 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1860400135-879163118-3456586307-1000_UserData.bin
+ 2008-06-03 04:38 . 2010-01-10 18:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-03 04:38 . 2010-01-09 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-03 04:38 . 2010-01-09 22:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 04:38 . 2010-01-10 18:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 04:38 . 2010-01-10 18:40 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-03 04:38 . 2010-01-09 22:00 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-26 12:49 . 2010-01-08 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-26 12:49 . 2010-01-10 22:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-26 12:49 . 2010-01-10 22:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-26 12:49 . 2010-01-08 22:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-26 12:49 . 2010-01-08 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-26 12:49 . 2010-01-10 22:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-09 21:57 . 2010-01-09 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-10 15:30 . 2010-01-10 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-09 21:57 . 2010-01-09 21:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-10 15:30 . 2010-01-10 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-10 08:00 . 2010-01-10 08:00 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
+ 2008-06-05 03:57 . 2010-01-09 23:02 318040 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2010-01-09 22:02 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-10 18:43 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-09 22:02 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-10 18:43 101350 c:\windows\System32\perfc009.dat
+ 2010-01-10 08:00 . 2010-01-10 08:00 195584 c:\windows\Installer\2288017.msi
+ 2006-11-02 10:22 . 2010-01-10 10:39 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-01-08 19:03 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-03 00:09 . 2010-01-10 08:00 218826503 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-07-13 14:36 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,df,45,f0,19,5d,ca,01

R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/19/2009 12:47 PM 668912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-11 00:49:22
ComboFix-quarantined-files.txt 2010-01-11 05:49
ComboFix2.txt 2010-01-09 22:12
ComboFix3.txt 2010-01-08 19:24
ComboFix4.txt 2009-12-28 05:20

Pre-Run: 72,369,266,688 bytes free
Post-Run: 72,340,430,848 bytes free

- - End Of File - - 22990529F93DFF4CB3242502C61334DB
xmokaonlyx
Regular Member
 
Posts: 39
Joined: December 20th, 2009, 3:49 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware