Tech Support Team

SamWatson · #1 (**permalink**) **Top** 14th July 2009, 09:59 PM

i stupidly ran a rather suspicious looking file..then it unloaded around 20 nasty files.. my anti-virus (avast) managed to catch a alot of them, but then my system froze, so i quickly turnt it off.

i rebooted and ran my anti-virus and got rid of a lot of files lingering around..
my firewall had decided it was going to stop all interent traffic, to help prevention i guess.

but now i cannot log onto my pc to.. use it.
i am using vista ultimate, i can input my password then it just says welcome for ages.
i am able to run my system in safe mode, and have run my anti-virus again and manualy removed some files from the log from avast.

any advice would be very very appreciated.

thanks

**evilfantasy** · #2 (**permalink**) **Top** 15th July 2009, 03:23 PM

Avira AntiVir Rescue System

1. Download the Avira AntiVir Rescue System
- If you need a free burning application, CDBurnerXP works on all operating systems from Microsoft Windows 2000 SP4 onwards.
2. Place a blank CD in your burner and double-click on the downloaded file.
3. The program will automatically burn the CD for you.
4. Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
5. On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
6. Click on the Configuration button.

- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)

7. Click on Virus scanner
8. Click on Start scanner at the bottom of the screen.

9. Let Avira finish it's scan and then remove any threats found and then exit out of the scanner.
10. Take the CD out of the CD/DVD tray and then restart the computer.

If needed see this Tutorial for the Avira Rescue CD

SamWatson · #3 (**permalink**) **Top** 15th July 2009, 06:24 PM

ok.. I nave put it on disc, boot tell it to load the program., now i am staring at 4 moles with fake beaks on...

**evilfantasy** · #4 (**permalink**) **Top** 15th July 2009, 06:57 PM

Did it run as described here: [Rescue CD] Tutorial for Avira Rescue CD - Tipps und Tricks - Avira Support Forum

SamWatson · #5 (**permalink**) **Top** 15th July 2009, 07:06 PM

welll it gets to the screen where you decide how to boot it up, by selecting 1 or 2. HERE
then it loads some files but the cuts to a black screen with some moles at the top..

i left it for a while when i was eating dinner,, but it didnt budge..
ive searched their forums but found nothing like my troubles.

**evilfantasy** · #6 (**permalink**) **Top** 15th July 2009, 07:14 PM

You can try another Rescue CD. Dr Web LiveCD. The download link is at the bottom of the page.

Or, do you have a flash drive? BitDefender Rescue USB

SamWatson · #7 (**permalink**) **Top** 15th July 2009, 11:30 PM

Dr.web didnt work.. and my bios dont seem to want me to boot from usb..

i have managed to get Ubuntu working from disc.. any suggestion from here?

**evilfantasy** · #8 (**permalink**) **Top** 16th July 2009, 12:02 AM

I'm not skilled with Ubuntu.

Have you tried Safe Mode and running your antivirus?

SamWatson · #9 (**permalink**) **Top** 16th July 2009, 12:19 AM

no problem.. im sure i can figure something out

i can boot in safe mode and have run my AV and all that.
still cant log in
i have managed to locate and delete several fiels that were hiding on my windows system system.. going to try and boot into windows

SamWatson · #10 (**permalink**) **Top** 16th July 2009, 12:51 AM

ok.. seems to have dont the trick.. im logged back into vista.. buts it terribly slow..

im goign to run through the guide you have posted now.. and post my findings.

virus alert just went off..

**evilfantasy** · #11 (**permalink**) **Top** 16th July 2009, 01:00 AM

That's a rootkit and is definitely still there.

Run ComboFix before doing any other scans. Be sure to download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

SamWatson · #12 (**permalink**) **Top** 16th July 2009, 09:26 AM

ComboFix 09-07-14.08 - Sam 16/07/2009 10:02.1.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3326.2246 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1471550277
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\system32\hjgruibxwepqey.dll
c:\windows\system32\hjgruielsnhwfj.dll
c:\windows\system32\hjgruitsnmbmmo.dat
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HJGRUIDBSBFOGG
-------\Service_hjgruidbsbfogg

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 09:11 . 2009-07-16 09:11 -------- d-----w- c:\users\Mum\AppData\Local\temp
2009-07-16 00:54 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 00:54 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 00:54 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 00:54 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 23:47 . 2009-07-14 23:47 -------- d--h--w- c:\windows\PIF
2009-07-13 18:45 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-07-12 20:59 . 2009-07-12 20:59 -------- d-----w- c:\programdata\FLEXnet
2009-07-12 20:56 . 2009-07-12 20:56 -------- d-----w- c:\program files\Adobe Media Player
2009-07-12 20:54 . 2009-07-12 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-12 20:50 . 2009-07-12 20:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-12 18:19 . 2009-07-12 20:40 -------- d-----w- c:\users\Sam\AppData\Roaming\Download Manager
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-02 17:13 . 2009-07-02 17:13 1915520 ----a-w- c:\users\Joseph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-01 10:34 . 2009-07-03 15:07 34 ----a-w- c:\users\Sam\jagex_runescape_preferences.dat
2009-07-01 10:33 . 2009-07-01 16:24 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-30 21:45 . 2009-06-30 21:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-30 21:40 . 2009-06-25 15:36 1291640 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-30 21:40 . 2009-06-25 15:36 729088 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-28 16:20 . 2009-06-30 18:27 -------- d-----w- c:\users\Sam\AppData\Local\ArmA 2
2009-06-28 16:06 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-28 16:06 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-28 16:06 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-28 16:06 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-28 16:06 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-28 16:06 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-22 11:30 . 2009-06-22 11:30 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-16 08:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 00:19 . 2009-01-27 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 20:42 . 2009-01-27 11:38 1356 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat
2009-07-13 18:26 . 2009-05-06 17:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-13 18:22 . 2009-01-29 13:51 -------- d-----w- c:\programdata\Media Center Programs
2009-07-13 18:16 . 2009-01-28 14:08 -------- d-----w- c:\users\Sam\AppData\Roaming\Xfire
2009-07-13 11:58 . 2009-03-17 20:45 -------- d-----w- c:\users\Sam\AppData\Roaming\uTorrent
2009-07-12 21:00 . 2009-05-27 11:02 59216 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-12 20:57 . 2009-02-06 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-12 20:15 . 2009-01-29 16:42 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-12 20:15 . 2009-01-29 16:41 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-12 20:12 . 2009-03-28 18:54 -------- d-----w- c:\users\Sam\AppData\Roaming\Ventrilo
2009-07-10 20:05 . 2009-04-24 11:25 -------- d-----w- c:\users\Sam\AppData\Roaming\LimeWire
2009-07-10 19:12 . 2009-01-28 14:08 -------- d-----w- c:\programdata\Xfire
2009-07-07 20:15 . 2009-01-28 14:08 -------- d-----w- c:\program files\Xfire
2009-07-03 21:25 . 2009-01-29 13:43 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 11:11 . 2009-01-27 21:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-22 11:30 . 2009-02-06 22:24 -------- d-----w- c:\program files\DivX
2009-06-16 19:32 . 2009-02-02 10:26 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-15 19:15 . 2009-06-15 19:14 -------- d-----w- c:\users\Sam\AppData\Roaming\Braid
2009-06-14 14:22 . 2009-06-14 14:22 -------- d-----w- c:\program files\Microsoft XNA
2009-06-06 18:08 . 2009-06-06 18:08 -------- d-----w- c:\programdata\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 10134 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{ E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 17:47 . 2009-01-27 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 17:36 . 2009-06-03 17:36 -------- d-----w- c:\programdata\salvation
2009-06-03 17:36 . 2009-04-03 14:25 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-03 17:36 . 2009-04-03 14:25 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-31 14:00 . 2009-05-31 14:00 -------- d-----w- c:\users\Mum\AppData\Roaming\Subversion
2009-05-30 15:04 . 2009-05-30 15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-05-30 14:59 . 2009-05-26 16:38 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-30 14:59 . 2009-05-16 18:45 -------- d-----w- c:\program files\Nokia
2009-05-30 14:59 . 2009-05-30 14:59 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-05-30 14:59 . 2009-05-30 14:59 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-05-30 14:59 . 2009-05-30 14:59 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-05-30 14:57 . 2009-05-30 14:57 -------- d-----w- c:\programdata\Installations
2009-05-30 14:57 . 2009-05-30 14:59 24376008 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.e xe
2009-05-30 14:55 . 2009-05-30 14:55 -------- d-----w- c:\programdata\Nokia
2009-05-30 14:41 . 2009-05-30 14:41 -------- d-----w- c:\programdata\PC Suite
2009-05-29 11:28 . 2009-05-29 11:28 -------- d-----w- c:\users\Joseph\AppData\Roaming\Subversion
2009-05-28 09:51 . 2009-05-28 09:51 -------- d-----w- c:\users\Joseph\AppData\Roaming\PC Suite
2009-05-28 09:50 . 2009-01-28 10:37 59216 ----a-w- c:\users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 19:17 . 2009-05-27 19:17 -------- d-----w- c:\users\Sam\AppData\Roaming\TortoiseSVN
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\users\Sam\AppData\Roaming\Subversion
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-05-27 11:03 . 2009-05-27 11:03 -------- d-----w- c:\users\Sam\AppData\Roaming\PC Suite
2009-05-27 11:02 . 2009-01-27 11:39 8224 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 17:32 . 2009-05-26 17:32 -------- d-----w- c:\users\Mum\AppData\Roaming\PC Suite
2009-05-26 17:31 . 2009-01-28 10:42 59216 ----a-w- c:\users\Mum\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 16:56 . 2009-05-26 16:56 -------- d-----w- c:\users\Joseph\AppData\Roaming\Nokia
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0009\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0000\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 1593 ----a-w- c:\windows\inf\Nokia Music\tmp1E2D.tmp
2009-05-26 16:46 . 2009-05-26 16:46 -------- d-----w- c:\programdata\NokiaMusic
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\DIFX
2009-05-25 19:49 . 2009-05-25 19:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-24 09:23 . 2009-05-24 09:16 -------- d-----w- c:\users\Sam\AppData\Roaming\DAEMON Tools Pro
2009-05-24 09:21 . 2009-05-24 09:19 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-05-24 09:19 . 2009-05-24 09:19 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-05-24 09:17 . 2009-05-24 09:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 22:38 . 2009-04-17 12:01 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-22 22:08 . 2009-05-22 22:08 -------- d-----w- c:\program files\Outspark
2009-05-19 20:34 . 2009-04-08 19:16 -------- d-----w- c:\program files\GEOM
2009-05-19 20:25 . 2009-04-03 14:25 -------- d-----w- c:\program files\OpenAL
2009-05-19 15:31 . 2009-05-19 15:31 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-19 10:52 . 2009-05-19 10:52 -------- d-----w- c:\programdata\Firefly Studios
2009-05-19 10:51 . 2009-01-29 16:56 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-09 05:50 . 2009-06-11 14:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 14:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 13:51 . 2009-05-01 13:51 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 12:37 . 2009-06-14 13:59 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 13:59 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-29 18:28 . 2009-04-29 18:28 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-04-28 08:55 . 2009-04-28 08:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-24 11:26 . 2009-04-24 11:26 73728 ----a-w- c:\users\Sam\AppData\Roaming\LimeWire\browser\xulr unner\xulrunner-stub.exe
2009-04-23 12:43 . 2009-06-11 14:10 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 14:10 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:55 . 2009-06-11 14:10 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 16:07 . 2009-04-15 20:09 647707832 ----a-w- c:\programdata\Xfire\downloads\WoW-3.0.9.9551-to-3.1.0.9767-enUS-patch.exe
2009-06-12 18:21 . 2009-01-28 08:48 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{E837000A-BFA1-43A7-B87C-5E0691FFAC87}"= UDP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEECA994-0B43-4DD4-B749-CB2472FC3503}"= TCP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F0AF7B8A-F8B4-48F4-A49B-FC90B642791C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0E43FF02-4A4E-4799-9459-1796756A5298}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{646C2003-8F8B-416B-AAE3-157888FCB266}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AB0A5208-03F4-4729-AF48-C093249D51D2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C44AD072-D1D7-471B-9407-814D319D2754}"= UDP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8D3D676F-127D-4EE4-A357-85337BE61C86}"= TCP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{256792B5-D2D3-4C4D-988F-9056ECD91D6E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{5B2D8839-54C8-428B-93B6-4D0ECD472612}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{94DF70A2-6A2D-46BF-B4AA-C853E8649DBC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{54D657BB-6C6B-415B-8E22-854C7E814D22}"= UDP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{8F4CC890-A1DD-468D-98C7-F85AC08A14C5}"= TCP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{1ED600B5-189D-4166-8D01-52710096D33C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{DA38D98B-0B62-4559-8A09-006F9E16738E}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B8829213-F075-45B8-987D-36661D61DC60}"= UDP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{5EB9B763-C603-428C-AC6E-E7579C0A4200}"= TCP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{FC37D408-0E47-4C80-8EAF-5F23940B5150}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B8F10CCD-4AC6-4C6F-93DC-DF6CCAE53853}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3B7D4FE2-8E02-45A1-97DB-0CD919930AE1}"= UDP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{465CBED0-D636-46B9-8D0D-36EFA68C2E77}"= TCP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{3D228BAF-04E8-424A-8224-025A8F8C2D7E}"= UDP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{F81FC2FE-0568-4A88-99DC-0184DF9CDBD9}"= TCP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{5BC9DF63-4877-49DA-B1F9-30EDE0DEEB51}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8B4C4EA6-7A77-436D-81B8-226F3438EAC5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BF657210-ECFE-4B44-ACA1-51763CB8289C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9C70E496-0478-4163-8DE5-0635903F0A2B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{30670DEB-EDAC-4FBA-A563-2A35EAAB557F}"= UDP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{186A62F5-11AD-4C4C-83DA-73FBC887F9DF}"= TCP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{ECDBE6E8-257D-4D19-AEEA-92F605102108}"= UDP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{3F566AD2-1E31-4448-812B-5DA0823E2324}"= TCP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{D2941585-A268-4239-B5D0-3DE632ED2B25}"= UDP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{682B03A8-FF9B-46AA-B27F-E9F495C8FB65}"= TCP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{019181A2-2F1D-4625-BEE0-6C81A9A279A3}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{55126092-847F-4AA7-BE60-468D8CB63845}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{353F63D0-57BF-4C28-AE0A-267C8176126A}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{76AF20F2-63F7-4E61-8132-83A42BC5835D}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{1E4846E7-DC4F-4613-8C82-807A446662FB}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{739BD2C7-7D55-4498-85FA-0806B6DB8250}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{E098B9EA-B494-4C5D-9314-B8DC587B4C8D}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{E0EA3B14-DBB1-4AB7-B0BF-AFA16A4D3C64}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{CAB0084C-799B-44B7-8266-169D95E6DA03}"= UDP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{274B75E4-3A0D-410A-BC1E-E9FD4DE3C982}"= TCP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{06C3D8DF-5DFE-4D59-8321-4F87604D2B6D}"= UDP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{66123D56-CCA3-46BC-939A-8F5E67B5DF68}"= TCP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{C400504F-7A76-4D2D-A339-4D3C2D7315C2}"= UDP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{698A2A3B-A036-447C-A50F-532FE007E1B6}"= TCP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{71CA7FCC-DF82-468C-9C3E-A94342A84B64}"= UDP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{9C550116-5CF3-496E-B06E-36847E0D8F95}"= TCP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{D14E25FC-FDCA-490D-A223-510204BA45C7}"= UDP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{29F5DE26-D341-4940-BB2B-41DE5A5292EF}"= TCP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{49A00850-EAB5-4C82-91EE-EEFF40E4D628}"= UDP:5353:Adobe CSI CS4
"{A3DB904E-1045-43A2-9D7F-E299196698D8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{CFF40792-CF42-4798-86AE-A6C321E00A9E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/01/2009 10:55 114768]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 07:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [28/01/2009 10:55 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [28/01/2009 10:54 51792]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [13/07/2009 19:45 65576]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [21/02/2009 00:46 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 13:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 13:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002Core.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://91.85.127.200/cab/OCXChecker_8300.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\NPDyyno@dyyno.com\ plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-16 10:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3328)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\program files\TortoiseSVN\bin\TortoiseStub.dll
e:\program files\TortoiseSVN\bin\TortoiseSVN.dll
e:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
e:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\dllhost.exe
.
************************************************** ************************
.
Completion time: 2009-07-16 10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 09:21

Pre-Run: 43,576,369,152 bytes free
Post-Run: 43,604,008,960 bytes free

363 --- E O F --- 2009-07-16 08:47

**evilfantasy** · #13 (**permalink**) **Top** 16th July 2009, 02:50 PM

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

RegLock::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Open Malwarebytes' Anti-Malware.

Click the Update tab.
Click Check for Updates
If an update is found, it will download and install.
Click the Scanner tab.
Select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

SamWatson · #14 (**permalink**) **Top** 16th July 2009, 03:45 PM

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:06, on 16/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://91.85.127.200/cab/OCXChecker_8300.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 8168 bytes

MBAM

Malwarebytes' Anti-Malware 1.39
Database version: 2441
Windows 6.0.6001 Service Pack 1

16/07/2009 16:39:47
mbam-log-2009-07-16 (16-39-47).txt

Scan type: Quick Scan
Objects scanned: 96306
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix

ComboFix 09-07-14.08 - Sam 16/07/2009 16:11.2.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3326.2399 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 15:19 . 2009-07-16 15:19 -------- d-----w- c:\users\Mum\AppData\Local\temp
2009-07-16 15:19 . 2009-07-16 15:19 -------- d-----w- c:\users\Joseph\AppData\Local\temp
2009-07-16 10:15 . 2009-07-16 10:30 -------- d-----w- c:\users\Sam\AppData\Roaming\gemsweeperextractedgf x
2009-07-16 10:15 . 2009-07-16 10:15 -------- d-----w- c:\programdata\My Games
2009-07-16 00:54 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 00:54 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 00:54 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 00:54 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 23:47 . 2009-07-14 23:47 -------- d--h--w- c:\windows\PIF
2009-07-13 18:45 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-07-12 20:59 . 2009-07-12 20:59 -------- d-----w- c:\programdata\FLEXnet
2009-07-12 20:56 . 2009-07-12 20:56 -------- d-----w- c:\program files\Adobe Media Player
2009-07-12 20:54 . 2009-07-12 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-12 20:50 . 2009-07-12 20:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-12 18:19 . 2009-07-12 20:40 -------- d-----w- c:\users\Sam\AppData\Roaming\Download Manager
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-02 17:13 . 2009-07-02 17:13 1915520 ----a-w- c:\users\Joseph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-01 10:34 . 2009-07-03 15:07 34 ----a-w- c:\users\Sam\jagex_runescape_preferences.dat
2009-07-01 10:33 . 2009-07-01 16:24 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-30 21:45 . 2009-06-30 21:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-30 21:40 . 2009-06-25 15:36 1291640 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-30 21:40 . 2009-06-25 15:36 729088 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-28 16:20 . 2009-06-30 18:27 -------- d-----w- c:\users\Sam\AppData\Local\ArmA 2
2009-06-28 16:06 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-28 16:06 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-28 16:06 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-28 16:06 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-28 16:06 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-28 16:06 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-22 11:30 . 2009-06-22 11:30 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-16 14:35 . 2009-01-29 16:42 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 14:35 . 2009-01-29 16:41 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-16 13:19 . 2009-01-28 14:08 -------- d-----w- c:\users\Sam\AppData\Roaming\Xfire
2009-07-16 09:52 . 2009-01-28 14:08 -------- d-----w- c:\programdata\Xfire
2009-07-16 08:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 00:19 . 2009-01-27 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 20:42 . 2009-01-27 11:38 1356 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat
2009-07-13 18:26 . 2009-05-06 17:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-13 18:22 . 2009-01-29 13:51 -------- d-----w- c:\programdata\Media Center Programs
2009-07-13 11:58 . 2009-03-17 20:45 -------- d-----w- c:\users\Sam\AppData\Roaming\uTorrent
2009-07-12 21:00 . 2009-05-27 11:02 59216 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-12 20:57 . 2009-02-06 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-12 20:12 . 2009-03-28 18:54 -------- d-----w- c:\users\Sam\AppData\Roaming\Ventrilo
2009-07-10 20:05 . 2009-04-24 11:25 -------- d-----w- c:\users\Sam\AppData\Roaming\LimeWire
2009-07-07 20:15 . 2009-01-28 14:08 -------- d-----w- c:\program files\Xfire
2009-07-03 21:25 . 2009-01-29 13:43 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 11:11 . 2009-01-27 21:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-22 11:30 . 2009-02-06 22:24 -------- d-----w- c:\program files\DivX
2009-06-16 19:32 . 2009-02-02 10:26 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-15 19:15 . 2009-06-15 19:14 -------- d-----w- c:\users\Sam\AppData\Roaming\Braid
2009-06-14 14:22 . 2009-06-14 14:22 -------- d-----w- c:\program files\Microsoft XNA
2009-06-06 18:08 . 2009-06-06 18:08 -------- d-----w- c:\programdata\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 10134 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{ E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 17:47 . 2009-01-27 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 17:36 . 2009-06-03 17:36 -------- d-----w- c:\programdata\salvation
2009-06-03 17:36 . 2009-04-03 14:25 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-03 17:36 . 2009-04-03 14:25 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-31 14:00 . 2009-05-31 14:00 -------- d-----w- c:\users\Mum\AppData\Roaming\Subversion
2009-05-30 15:04 . 2009-05-30 15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-05-30 14:59 . 2009-05-26 16:38 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-30 14:59 . 2009-05-16 18:45 -------- d-----w- c:\program files\Nokia
2009-05-30 14:59 . 2009-05-30 14:59 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-05-30 14:59 . 2009-05-30 14:59 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-05-30 14:59 . 2009-05-30 14:59 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-05-30 14:57 . 2009-05-30 14:57 -------- d-----w- c:\programdata\Installations
2009-05-30 14:57 . 2009-05-30 14:59 24376008 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.e xe
2009-05-30 14:55 . 2009-05-30 14:55 -------- d-----w- c:\programdata\Nokia
2009-05-30 14:41 . 2009-05-30 14:41 -------- d-----w- c:\programdata\PC Suite
2009-05-29 11:28 . 2009-05-29 11:28 -------- d-----w- c:\users\Joseph\AppData\Roaming\Subversion
2009-05-28 09:51 . 2009-05-28 09:51 -------- d-----w- c:\users\Joseph\AppData\Roaming\PC Suite
2009-05-28 09:50 . 2009-01-28 10:37 59216 ----a-w- c:\users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 19:17 . 2009-05-27 19:17 -------- d-----w- c:\users\Sam\AppData\Roaming\TortoiseSVN
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\users\Sam\AppData\Roaming\Subversion
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-05-27 11:03 . 2009-05-27 11:03 -------- d-----w- c:\users\Sam\AppData\Roaming\PC Suite
2009-05-27 11:02 . 2009-01-27 11:39 8224 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 17:32 . 2009-05-26 17:32 -------- d-----w- c:\users\Mum\AppData\Roaming\PC Suite
2009-05-26 17:31 . 2009-01-28 10:42 59216 ----a-w- c:\users\Mum\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 16:56 . 2009-05-26 16:56 -------- d-----w- c:\users\Joseph\AppData\Roaming\Nokia
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0009\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0000\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 1593 ----a-w- c:\windows\inf\Nokia Music\tmp1E2D.tmp
2009-05-26 16:46 . 2009-05-26 16:46 -------- d-----w- c:\programdata\NokiaMusic
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\DIFX
2009-05-25 19:49 . 2009-05-25 19:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-24 09:23 . 2009-05-24 09:16 -------- d-----w- c:\users\Sam\AppData\Roaming\DAEMON Tools Pro
2009-05-24 09:21 . 2009-05-24 09:19 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-05-24 09:19 . 2009-05-24 09:19 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-05-24 09:17 . 2009-05-24 09:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 22:38 . 2009-04-17 12:01 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-22 22:08 . 2009-05-22 22:08 -------- d-----w- c:\program files\Outspark
2009-05-19 20:34 . 2009-04-08 19:16 -------- d-----w- c:\program files\GEOM
2009-05-19 20:25 . 2009-04-03 14:25 -------- d-----w- c:\program files\OpenAL
2009-05-19 15:31 . 2009-05-19 15:31 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-19 10:52 . 2009-05-19 10:52 -------- d-----w- c:\programdata\Firefly Studios
2009-05-19 10:51 . 2009-01-29 16:56 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-09 05:50 . 2009-06-11 14:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 14:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 13:51 . 2009-05-01 13:51 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 12:37 . 2009-06-14 13:59 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 13:59 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-29 18:28 . 2009-04-29 18:28 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-04-28 08:55 . 2009-04-28 08:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-24 11:26 . 2009-04-24 11:26 73728 ----a-w- c:\users\Sam\AppData\Roaming\LimeWire\browser\xulr unner\xulrunner-stub.exe
2009-04-23 12:43 . 2009-06-11 14:10 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 14:10 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:55 . 2009-06-11 14:10 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 16:07 . 2009-04-15 20:09 647707832 ----a-w- c:\programdata\Xfire\downloads\WoW-3.0.9.9551-to-3.1.0.9767-enUS-patch.exe
2009-06-12 18:21 . 2009-01-28 08:48 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_09.14.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:00 . 2009-07-16 15:21 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-16 09:13 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-16 09:13 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-16 15:21 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-07-16 09:13 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2006-11-02 13:00 . 2009-07-16 15:21 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-16 09:14 . 2009-07-16 09:14 1536 c:\windows\temp\NEventMessages.dll
+ 2009-07-16 15:21 . 2009-07-16 15:21 1536 c:\windows\temp\NEventMessages.dll
+ 2009-07-16 15:20 . 2009-07-16 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-07-16 15:20 . 2009-07-16 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-16 09:21 649414 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-16 08:46 649414 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-16 09:21 125480 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-16 08:46 125480 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{E837000A-BFA1-43A7-B87C-5E0691FFAC87}"= UDP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEECA994-0B43-4DD4-B749-CB2472FC3503}"= TCP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F0AF7B8A-F8B4-48F4-A49B-FC90B642791C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0E43FF02-4A4E-4799-9459-1796756A5298}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{646C2003-8F8B-416B-AAE3-157888FCB266}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AB0A5208-03F4-4729-AF48-C093249D51D2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C44AD072-D1D7-471B-9407-814D319D2754}"= UDP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8D3D676F-127D-4EE4-A357-85337BE61C86}"= TCP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{256792B5-D2D3-4C4D-988F-9056ECD91D6E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{5B2D8839-54C8-428B-93B6-4D0ECD472612}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{94DF70A2-6A2D-46BF-B4AA-C853E8649DBC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{54D657BB-6C6B-415B-8E22-854C7E814D22}"= UDP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{8F4CC890-A1DD-468D-98C7-F85AC08A14C5}"= TCP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{1ED600B5-189D-4166-8D01-52710096D33C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{DA38D98B-0B62-4559-8A09-006F9E16738E}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B8829213-F075-45B8-987D-36661D61DC60}"= UDP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{5EB9B763-C603-428C-AC6E-E7579C0A4200}"= TCP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{FC37D408-0E47-4C80-8EAF-5F23940B5150}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B8F10CCD-4AC6-4C6F-93DC-DF6CCAE53853}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3B7D4FE2-8E02-45A1-97DB-0CD919930AE1}"= UDP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{465CBED0-D636-46B9-8D0D-36EFA68C2E77}"= TCP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{3D228BAF-04E8-424A-8224-025A8F8C2D7E}"= UDP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{F81FC2FE-0568-4A88-99DC-0184DF9CDBD9}"= TCP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{5BC9DF63-4877-49DA-B1F9-30EDE0DEEB51}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8B4C4EA6-7A77-436D-81B8-226F3438EAC5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BF657210-ECFE-4B44-ACA1-51763CB8289C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9C70E496-0478-4163-8DE5-0635903F0A2B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{30670DEB-EDAC-4FBA-A563-2A35EAAB557F}"= UDP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{186A62F5-11AD-4C4C-83DA-73FBC887F9DF}"= TCP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{ECDBE6E8-257D-4D19-AEEA-92F605102108}"= UDP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{3F566AD2-1E31-4448-812B-5DA0823E2324}"= TCP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{D2941585-A268-4239-B5D0-3DE632ED2B25}"= UDP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{682B03A8-FF9B-46AA-B27F-E9F495C8FB65}"= TCP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{019181A2-2F1D-4625-BEE0-6C81A9A279A3}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{55126092-847F-4AA7-BE60-468D8CB63845}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{353F63D0-57BF-4C28-AE0A-267C8176126A}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{76AF20F2-63F7-4E61-8132-83A42BC5835D}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{1E4846E7-DC4F-4613-8C82-807A446662FB}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{739BD2C7-7D55-4498-85FA-0806B6DB8250}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{E098B9EA-B494-4C5D-9314-B8DC587B4C8D}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{E0EA3B14-DBB1-4AB7-B0BF-AFA16A4D3C64}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{CAB0084C-799B-44B7-8266-169D95E6DA03}"= UDP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{274B75E4-3A0D-410A-BC1E-E9FD4DE3C982}"= TCP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{06C3D8DF-5DFE-4D59-8321-4F87604D2B6D}"= UDP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{66123D56-CCA3-46BC-939A-8F5E67B5DF68}"= TCP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{C400504F-7A76-4D2D-A339-4D3C2D7315C2}"= UDP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{698A2A3B-A036-447C-A50F-532FE007E1B6}"= TCP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{71CA7FCC-DF82-468C-9C3E-A94342A84B64}"= UDP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{9C550116-5CF3-496E-B06E-36847E0D8F95}"= TCP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{D14E25FC-FDCA-490D-A223-510204BA45C7}"= UDP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{29F5DE26-D341-4940-BB2B-41DE5A5292EF}"= TCP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{49A00850-EAB5-4C82-91EE-EEFF40E4D628}"= UDP:5353:Adobe CSI CS4
"{A3DB904E-1045-43A2-9D7F-E299196698D8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{CFF40792-CF42-4798-86AE-A6C321E00A9E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{CF3CC770-CE9F-4C34-B7BD-782BE5DA1711}"= UDP:e:\program files\Steam\steamapps\common\gemsweeper\Gemsweeper .exe:Gemsweeper - Demo
"{D64A62A3-BE9F-4573-AA1C-AADFC6A80F0D}"= TCP:e:\program files\Steam\steamapps\common\gemsweeper\Gemsweeper .exe:Gemsweeper - Demo

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/01/2009 10:55 114768]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 07:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [28/01/2009 10:55 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [28/01/2009 10:54 51792]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [13/07/2009 19:45 65576]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [21/02/2009 00:46 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 13:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 13:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002Core.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://91.85.127.200/cab/OCXChecker_8300.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\NPDyyno@dyyno.com\ plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-16 16:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1912)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\program files\TortoiseSVN\bin\TortoiseStub.dll
e:\program files\TortoiseSVN\bin\TortoiseSVN.dll
e:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
e:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2009-07-16 16:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 15:29
ComboFix2.txt 2009-07-16 09:22

Pre-Run: 40,476,020,736 bytes free
Post-Run: 40,347,361,280 bytes free

375 --- E O F --- 2009-07-16 08:47

**evilfantasy** · #15 (**permalink**) **Top** 16th July 2009, 03:49 PM

Sorry I messed up the ComboFix instructions.

Also how is the computer running now?

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

SamWatson · #16 (**permalink**) **Top** 16th July 2009, 04:48 PM

ComboFix 09-07-14.08 - Sam 16/07/2009 17:30.4.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3326.2314 [GMT 1:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 16:38 . 2009-07-16 16:38 -------- d-----w- c:\users\Mum\AppData\Local\temp
2009-07-16 16:38 . 2009-07-16 16:38 -------- d-----w- c:\users\Joseph\AppData\Local\temp
2009-07-16 15:42 . 2009-07-16 15:42 -------- d-----w- c:\program files\Trend Micro
2009-07-16 15:34 . 2009-07-16 15:34 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
2009-07-16 15:34 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 15:34 . 2009-07-16 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 15:34 . 2009-07-16 15:34 -------- d-----w- c:\programdata\Malwarebytes
2009-07-16 15:34 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 15:34 . 2009-07-16 16:22 117760 ----a-w- c:\users\Sam\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 15:33 . 2009-07-16 15:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-16 15:32 . 2009-07-16 15:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-16 15:32 . 2009-07-16 15:32 -------- d-----w- c:\users\Sam\AppData\Roaming\SUPERAntiSpyware.com
2009-07-16 10:15 . 2009-07-16 10:30 -------- d-----w- c:\users\Sam\AppData\Roaming\gemsweeperextractedgf x
2009-07-16 10:15 . 2009-07-16 10:15 -------- d-----w- c:\programdata\My Games
2009-07-16 00:54 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 00:54 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 00:54 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 00:54 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 23:47 . 2009-07-14 23:47 -------- d--h--w- c:\windows\PIF
2009-07-13 18:45 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-07-12 20:59 . 2009-07-12 20:59 -------- d-----w- c:\programdata\FLEXnet
2009-07-12 20:56 . 2009-07-12 20:56 -------- d-----w- c:\program files\Adobe Media Player
2009-07-12 20:54 . 2009-07-12 20:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-12 20:50 . 2009-07-12 20:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-12 18:19 . 2009-07-12 20:40 -------- d-----w- c:\users\Sam\AppData\Roaming\Download Manager
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-02 17:13 . 2009-07-02 17:13 1915520 ----a-w- c:\users\Joseph\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-01 10:34 . 2009-07-03 15:07 34 ----a-w- c:\users\Sam\jagex_runescape_preferences.dat
2009-07-01 10:33 . 2009-07-01 16:24 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-30 21:45 . 2009-06-30 21:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-30 21:40 . 2009-06-25 15:36 1291640 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-30 21:40 . 2009-06-25 15:36 729088 ----a-w- c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-28 16:20 . 2009-06-30 18:27 -------- d-----w- c:\users\Sam\AppData\Local\ArmA 2
2009-06-28 16:06 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-28 16:06 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-28 16:06 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-28 16:06 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-28 16:06 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-28 16:06 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-28 16:06 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-28 16:06 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-22 11:30 . 2009-06-22 11:30 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-16 15:56 . 2009-01-28 14:08 -------- d-----w- c:\users\Sam\AppData\Roaming\Xfire
2009-07-16 14:35 . 2009-01-29 16:42 139072 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-16 14:35 . 2009-01-29 16:41 189672 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-16 09:52 . 2009-01-28 14:08 -------- d-----w- c:\programdata\Xfire
2009-07-16 08:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 00:19 . 2009-01-27 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-14 20:42 . 2009-01-27 11:38 1356 ----a-w- c:\users\Sam\AppData\Local\d3d9caps.dat
2009-07-13 18:26 . 2009-05-06 17:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-13 18:22 . 2009-01-29 13:51 -------- d-----w- c:\programdata\Media Center Programs
2009-07-13 11:58 . 2009-03-17 20:45 -------- d-----w- c:\users\Sam\AppData\Roaming\uTorrent
2009-07-12 21:00 . 2009-05-27 11:02 59216 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-12 20:57 . 2009-02-06 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-12 20:12 . 2009-03-28 18:54 -------- d-----w- c:\users\Sam\AppData\Roaming\Ventrilo
2009-07-10 20:05 . 2009-04-24 11:25 -------- d-----w- c:\users\Sam\AppData\Roaming\LimeWire
2009-07-07 20:15 . 2009-01-28 14:08 -------- d-----w- c:\program files\Xfire
2009-07-03 21:25 . 2009-01-29 13:43 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 11:11 . 2009-01-27 21:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-30 21:45 . 2009-01-29 16:42 139152 ----a-w- c:\users\Sam\AppData\Roaming\PnkBstrK.sys
2009-06-22 11:30 . 2009-02-06 22:24 -------- d-----w- c:\program files\DivX
2009-06-16 19:32 . 2009-02-02 10:26 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-15 19:15 . 2009-06-15 19:14 -------- d-----w- c:\users\Sam\AppData\Roaming\Braid
2009-06-14 14:22 . 2009-06-14 14:22 -------- d-----w- c:\program files\Microsoft XNA
2009-06-06 18:08 . 2009-06-06 18:08 -------- d-----w- c:\programdata\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 18:01 . 2009-06-06 18:01 10134 ----a-r- c:\users\Sam\AppData\Roaming\Microsoft\Installer\{ E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-06 18:01 . 2009-06-06 18:01 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 17:47 . 2009-01-27 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 17:36 . 2009-06-03 17:36 -------- d-----w- c:\programdata\salvation
2009-06-03 17:36 . 2009-04-03 14:25 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-03 17:36 . 2009-04-03 14:25 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-31 14:00 . 2009-05-31 14:00 -------- d-----w- c:\users\Mum\AppData\Roaming\Subversion
2009-05-30 15:04 . 2009-05-30 15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-05-30 14:59 . 2009-05-26 16:38 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-30 14:59 . 2009-05-16 18:45 -------- d-----w- c:\program files\Nokia
2009-05-30 14:59 . 2009-05-30 14:59 3351812 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6 Exec.exe
2009-05-30 14:59 . 2009-05-30 14:59 36864 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep. exe
2009-05-30 14:59 . 2009-05-30 14:59 3181612 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredi stExec.exe
2009-05-30 14:57 . 2009-05-30 14:57 -------- d-----w- c:\programdata\Installations
2009-05-30 14:57 . 2009-05-30 14:59 24376008 ----a-w- c:\programdata\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13EN.e xe
2009-05-30 14:55 . 2009-05-30 14:55 -------- d-----w- c:\programdata\Nokia
2009-05-30 14:41 . 2009-05-30 14:41 -------- d-----w- c:\programdata\PC Suite
2009-05-29 11:28 . 2009-05-29 11:28 -------- d-----w- c:\users\Joseph\AppData\Roaming\Subversion
2009-05-28 09:51 . 2009-05-28 09:51 -------- d-----w- c:\users\Joseph\AppData\Roaming\PC Suite
2009-05-28 09:50 . 2009-01-28 10:37 59216 ----a-w- c:\users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-27 19:17 . 2009-05-27 19:17 -------- d-----w- c:\users\Sam\AppData\Roaming\TortoiseSVN
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\users\Sam\AppData\Roaming\Subversion
2009-05-27 19:04 . 2009-05-27 19:04 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-05-27 11:03 . 2009-05-27 11:03 -------- d-----w- c:\users\Sam\AppData\Roaming\PC Suite
2009-05-27 11:02 . 2009-01-27 11:39 8224 ----a-w- c:\users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 17:32 . 2009-05-26 17:32 -------- d-----w- c:\users\Mum\AppData\Roaming\PC Suite
2009-05-26 17:31 . 2009-01-28 10:42 59216 ----a-w- c:\users\Mum\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-26 16:56 . 2009-05-26 16:56 -------- d-----w- c:\users\Joseph\AppData\Roaming\Nokia
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0009\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 35064 ----a-w- c:\windows\inf\Nokia Music\0000\tmp1E2C.tmp
2009-05-26 16:47 . 2009-05-26 16:47 1593 ----a-w- c:\windows\inf\Nokia Music\tmp1E2D.tmp
2009-05-26 16:46 . 2009-05-26 16:46 -------- d-----w- c:\programdata\NokiaMusic
2009-05-26 15:57 . 2009-05-26 15:57 -------- d-----w- c:\program files\DIFX
2009-05-25 19:49 . 2009-05-25 19:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
2009-05-25 19:26 . 2009-05-25 19:26 25214 ----a-r- c:\users\Joseph\AppData\Roaming\Microsoft\Installe r\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-24 09:23 . 2009-05-24 09:16 -------- d-----w- c:\users\Sam\AppData\Roaming\DAEMON Tools Pro
2009-05-24 09:21 . 2009-05-24 09:19 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-05-24 09:19 . 2009-05-24 09:19 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-05-24 09:17 . 2009-05-24 09:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 22:38 . 2009-04-17 12:01 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-22 22:08 . 2009-05-22 22:08 -------- d-----w- c:\program files\Outspark
2009-05-19 20:34 . 2009-04-08 19:16 -------- d-----w- c:\program files\GEOM
2009-05-19 20:25 . 2009-04-03 14:25 -------- d-----w- c:\program files\OpenAL
2009-05-19 15:31 . 2009-05-19 15:31 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-19 10:52 . 2009-05-19 10:52 -------- d-----w- c:\programdata\Firefly Studios
2009-05-19 10:51 . 2009-01-29 16:56 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-09 05:50 . 2009-06-11 14:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 14:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 13:51 . 2009-05-01 13:51 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 12:37 . 2009-06-14 13:59 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-14 13:59 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-29 18:28 . 2009-04-29 18:28 782664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-04-28 08:55 . 2009-04-28 08:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-24 11:26 . 2009-04-24 11:26 73728 ----a-w- c:\users\Sam\AppData\Roaming\LimeWire\browser\xulr unner\xulrunner-stub.exe
2009-04-23 12:43 . 2009-06-11 14:10 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 14:10 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:55 . 2009-06-11 14:10 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 16:07 . 2009-04-15 20:09 647707832 ----a-w- c:\programdata\Xfire\downloads\WoW-3.0.9.9551-to-3.1.0.9767-enUS-patch.exe
2009-06-12 18:21 . 2009-01-28 08:48 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_09.14.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 13:00 . 2009-07-16 09:13 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-07-16 16:40 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-07-16 09:13 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-16 16:40 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-07-16 16:40 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2006-11-02 13:00 . 2009-07-16 09:13 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-16 15:32 . 2009-07-16 15:32 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-07-16 15:32 . 2009-07-16 15:32 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-07-16 09:14 . 2009-07-16 09:14 1536 c:\windows\temp\NEventMessages.dll
+ 2009-07-16 16:40 . 2009-07-16 16:40 1536 c:\windows\temp\NEventMessages.dll
+ 2006-11-02 10:33 . 2009-07-16 16:27 649414 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-16 08:46 649414 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-16 08:46 125480 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-16 16:27 125480 c:\windows\System32\perfc009.dat
+ 2009-07-16 15:32 . 2009-07-16 15:32 1516544 c:\windows\Installer\aeca4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\1T ortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\2T ortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\3T ortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\4T ortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\5T ortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\6T ortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\7T ortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\8T ortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\9T ortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 08:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-03-27 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

c:\users\Sam\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{E837000A-BFA1-43A7-B87C-5E0691FFAC87}"= UDP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEECA994-0B43-4DD4-B749-CB2472FC3503}"= TCP:e:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{F0AF7B8A-F8B4-48F4-A49B-FC90B642791C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0E43FF02-4A4E-4799-9459-1796756A5298}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{646C2003-8F8B-416B-AAE3-157888FCB266}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AB0A5208-03F4-4729-AF48-C093249D51D2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C44AD072-D1D7-471B-9407-814D319D2754}"= UDP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{8D3D676F-127D-4EE4-A357-85337BE61C86}"= TCP:e:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{256792B5-D2D3-4C4D-988F-9056ECD91D6E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{5B2D8839-54C8-428B-93B6-4D0ECD472612}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{94DF70A2-6A2D-46BF-B4AA-C853E8649DBC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{54D657BB-6C6B-415B-8E22-854C7E814D22}"= UDP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{8F4CC890-A1DD-468D-98C7-F85AC08A14C5}"= TCP:e:\program files\Sierra Entertainment\World in Conflict - DEMO\wic.exe:World in Conflict - DEMO
"{1ED600B5-189D-4166-8D01-52710096D33C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{DA38D98B-0B62-4559-8A09-006F9E16738E}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B8829213-F075-45B8-987D-36661D61DC60}"= UDP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{5EB9B763-C603-428C-AC6E-E7579C0A4200}"= TCP:c:\users\Sam\AppData\LocalLow\Dyyno Receiver\DPPM.exe

yyno Plugin Receiver
"{FC37D408-0E47-4C80-8EAF-5F23940B5150}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B8F10CCD-4AC6-4C6F-93DC-DF6CCAE53853}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3B7D4FE2-8E02-45A1-97DB-0CD919930AE1}"= UDP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{465CBED0-D636-46B9-8D0D-36EFA68C2E77}"= TCP:e:\program files\THQ\Company of heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{3D228BAF-04E8-424A-8224-025A8F8C2D7E}"= UDP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{F81FC2FE-0568-4A88-99DC-0184DF9CDBD9}"= TCP:e:\program files\THQ\Company of heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{5BC9DF63-4877-49DA-B1F9-30EDE0DEEB51}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8B4C4EA6-7A77-436D-81B8-226F3438EAC5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BF657210-ECFE-4B44-ACA1-51763CB8289C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9C70E496-0478-4163-8DE5-0635903F0A2B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{30670DEB-EDAC-4FBA-A563-2A35EAAB557F}"= UDP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{186A62F5-11AD-4C4C-83DA-73FBC887F9DF}"= TCP:e:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Tales of Valor
"{ECDBE6E8-257D-4D19-AEEA-92F605102108}"= UDP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{3F566AD2-1E31-4448-812B-5DA0823E2324}"= TCP:e:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{D2941585-A268-4239-B5D0-3DE632ED2B25}"= UDP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{682B03A8-FF9B-46AA-B27F-E9F495C8FB65}"= TCP:e:\program files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:Plants Vs Zombies
"{019181A2-2F1D-4625-BEE0-6C81A9A279A3}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{55126092-847F-4AA7-BE60-468D8CB63845}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow.exe:Men of War
"{353F63D0-57BF-4C28-AE0A-267C8176126A}"= UDP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{76AF20F2-63F7-4E61-8132-83A42BC5835D}"= TCP:e:\program files\Steam\steamapps\common\men of war\mow_editor.exe:Men of War
"{1E4846E7-DC4F-4613-8C82-807A446662FB}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{739BD2C7-7D55-4498-85FA-0806B6DB8250}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:TwonkyMedia
"{E098B9EA-B494-4C5D-9314-B8DC587B4C8D}"= UDP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{E0EA3B14-DBB1-4AB7-B0BF-AFA16A4D3C64}"= TCP:c:\program files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:TwonkyMediaServer
"{CAB0084C-799B-44B7-8266-169D95E6DA03}"= UDP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{274B75E4-3A0D-410A-BC1E-E9FD4DE3C982}"= TCP:e:\program files\Steam\steamapps\common\terminator salvation\TerminatorSalvation.exe:Terminator Salvation
"{06C3D8DF-5DFE-4D59-8321-4F87604D2B6D}"= UDP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{66123D56-CCA3-46BC-939A-8F5E67B5DF68}"= TCP:e:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{C400504F-7A76-4D2D-A339-4D3C2D7315C2}"= UDP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{698A2A3B-A036-447C-A50F-532FE007E1B6}"= TCP:e:\program files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{71CA7FCC-DF82-468C-9C3E-A94342A84B64}"= UDP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{9C550116-5CF3-496E-B06E-36847E0D8F95}"= TCP:e:\program files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:Evil Genius
"{D14E25FC-FDCA-490D-A223-510204BA45C7}"= UDP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{29F5DE26-D341-4940-BB2B-41DE5A5292EF}"= TCP:e:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{49A00850-EAB5-4C82-91EE-EEFF40E4D628}"= UDP:5353:Adobe CSI CS4
"{A3DB904E-1045-43A2-9D7F-E299196698D8}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{CFF40792-CF42-4798-86AE-A6C321E00A9E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{CF3CC770-CE9F-4C34-B7BD-782BE5DA1711}"= UDP:e:\program files\Steam\steamapps\common\gemsweeper\Gemsweeper .exe:Gemsweeper - Demo
"{D64A62A3-BE9F-4573-AA1C-AADFC6A80F0D}"= TCP:e:\program files\Steam\steamapps\common\gemsweeper\Gemsweeper .exe:Gemsweeper - Demo

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28/01/2009 10:55 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 07:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [28/01/2009 10:55 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [28/01/2009 10:54 51792]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [13/07/2009 19:45 65576]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [21/02/2009 00:46 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 13:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 13:48 8320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3563840514-1111672659-2959072366-1002Core.job
- c:\users\Joseph\AppData\Local\Google\Update\Google Update.exe [2009-03-25 18:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://91.85.127.200/cab/OCXChecker_8300.cab
FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\battlefieldheroesp atcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profi les\8xw2e3ia.default\extensions\NPDyyno@dyyno.com\ plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-16 17:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4180)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\program files\TortoiseSVN\bin\TortoiseStub.dll
e:\program files\TortoiseSVN\bin\TortoiseSVN.dll
e:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\System32\NLSLexicons0009.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
e:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2009-07-16 17:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 16:46
ComboFix2.txt 2009-07-16 15:29
ComboFix3.txt 2009-07-16 09:22

Pre-Run: 40,865,062,912 bytes free
Post-Run: 40,821,972,992 bytes free

399 --- E O F --- 2009-07-16 08:47

**evilfantasy** · #17 (**permalink**) **Top** 16th July 2009, 04:54 PM

How is the computer running now?

SamWatson · #18 (**permalink**) **Top** 16th July 2009, 05:05 PM

seems to be running fine.. no pop ups about malware or anything.. will monitor it for a while see how it acts..

thanks

**evilfantasy** · #19 (**permalink**) **Top** 16th July 2009, 05:09 PM

* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

SamWatson · #20 (**permalink**) **Top** 16th July 2009, 06:03 PM

done, and done..

i cant thank you enough, system seems to be working fine.

again thanks for all your help.