Quantcast

Maximum PC

It is currently Tue Jul 29, 2014 7:31 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: PC May Still Be Infected After Clean Bill of Health Given
PostPosted: Sat Jun 06, 2009 4:56 pm 
Klamath
Klamath
User avatar

Joined: Thu Dec 04, 2008 12:52 pm
Posts: 238
Hello,

Well, unfortunately, being a moron, I let my friend surf on my computer and sure enough when I ran a bunch of scanning software (Spybot, Anti-spyware, Anti-malware, anti-virus.) shit started popping up left and right. This is the first time I've been infected like this and I continue, after two days of searching, am finding stuff stuck in my registry (Adware) as well as a few trojans. So far my computer seems "fine" in terms of usability and nothing has hindered the performance of my computer. However, I'm more or less scared that it's what my anti-software tools "aren't" finding that could still be looming around inside of my computer causing havoc. I currently do online banking and, transactions, etc, and this computer has become a major security risk in using it.

With that said, I would like to know if there are any other tools I should be aware of and using to help get that "peace of mind", as I ended up causing a major headache for myself when I let my friend, who is computer ignorant, roam around on my computer without me watching him.

Tools I am using:
Bitdefender Total Security 2008
Spybot - Search & Destroy
SUPER AntiSpyware FREE EDITION
Malwarebytes' Anti-Malware FREE EDITION
Stinger_Coficker
f-downadup

I know I could be paranoid, as all these tools are great, but for a guy like me, I can't afford to play with fire.

Thanks again,

Tyler


Top
  Profile  
 
 Post subject:
PostPosted: Sat Jun 06, 2009 6:05 pm 
Klamath
Klamath

Joined: Sat Jul 07, 2007 7:50 pm
Posts: 213
Download a program called HiJack This and post the log file it generates. Then, if you really and truly have been a good person, a magical creature that many of us here like to call Hackman will come along and lay some of his expert opinion down. Then everything is vanilla.


Top
  Profile  
 
 Post subject:
PostPosted: Sat Jun 06, 2009 8:49 pm 
Klamath
Klamath
User avatar

Joined: Thu Dec 04, 2008 12:52 pm
Posts: 238
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:08 AM, on 6/7/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Haute Secure\CtPopup.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\pie\pie (2).exe (Hi Jack This process)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://archives.gametap.com/static/cab_ ... pdater.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7628 bytes


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 4:04 am 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Do you have any of the logfiles from the previous scans? If so, can you post 1 or 2 here for me to look at? That would be extremely helpful in determining what you have.


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 8:31 am 
Klamath
Klamath
User avatar

Joined: Thu Dec 04, 2008 12:52 pm
Posts: 238
Sorry, up until the point a few days ago, I had never run into this sort of problem before in a very, very long time. I guess it would of been wise to do a few backups from time to time, so I'll start doing that for now on, but for now, sorry. Very good advice to do that, though. Never thought about using Hijack This like that.


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 8:35 am 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
I'm going to try throwing Combofix at it, even though the HijackThis log appears relatively clean.

Download ComboFix from Here.

After the download, double click combofix.exe and follow all the prompts.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall. Also your screen may go blank at times, this is normal.

If the program doesn't launch, try re-naming the file to something different, like something.exe


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 8:56 am 
Klamath
Klamath
User avatar

Joined: Thu Dec 04, 2008 12:52 pm
Posts: 238
As per request, I have the log.

ComboFix 09-06-06.04 - Tyler 06/07/2009 12:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2109 [GMT -4:00]
Running from: c:\users\Tyler\Desktop\cool.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 16:53 . 2009-06-07 16:54 -------- d-----w- c:\users\Tyler\AppData\Local\temp
2009-06-07 04:47 . 2009-06-07 04:48 -------- d-----w- C:\pie
2009-06-07 04:47 . 2009-06-07 04:48 -------- d-----w- \pie
2009-06-04 04:49 . 2008-12-04 05:25 120832 ----a-w- c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\s39v0pio.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-31 12:17 . 2009-05-31 12:17 197912 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2009-05-29 08:10 . 2009-05-29 08:11 -------- d-----w- c:\windows\system32\ca-ES
2009-05-29 08:10 . 2009-05-29 08:11 -------- d-----w- c:\windows\system32\eu-ES
2009-05-29 08:10 . 2009-05-29 08:11 -------- d-----w- c:\windows\system32\vi-VN
2009-05-29 07:53 . 2009-04-11 03:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-05-29 07:52 . 2009-04-11 03:27 57856 ----a-w- c:\windows\system32\compcln.exe
2009-05-29 07:50 . 2009-04-11 03:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-29 07:46 . 2009-05-29 07:46 -------- d-----w- c:\windows\system32\EventProviders
2009-05-29 07:30 . 2009-05-29 07:30 -------- d-----w- c:\program files\VS Revo Group
2009-05-29 07:29 . 2009-05-29 07:29 -------- d-----w- c:\users\Tyler\AppData\Roaming\Auslogics
2009-05-29 07:29 . 2009-05-29 07:29 -------- d-----w- c:\program files\Auslogics
2009-05-29 07:27 . 2009-05-29 07:27 -------- d-----w- c:\users\Tyler\AppData\Local\Innovative Solutions
2009-05-29 07:27 . 2009-05-29 07:27 -------- d-----w- c:\program files\Innovative Solutions
2009-05-29 07:24 . 2009-05-29 07:24 -------- d-----w- c:\program files\Belarc
2009-05-29 04:31 . 2009-05-29 04:31 -------- d-----w- c:\programdata\Amazon
2009-05-29 04:31 . 2009-05-29 04:31 -------- d-----w- c:\program files\Amazon
2009-05-29 04:30 . 2009-05-29 04:30 -------- d-----w- c:\windows\Downloaded Installations
2009-05-29 03:13 . 2009-06-01 23:40 -------- d-----w- c:\users\Tyler\AppData\Local\HuluDesktop
2009-05-28 14:28 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-28 14:28 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-28 14:27 . 2009-05-28 14:27 -------- d-----w- c:\program files\iPod
2009-05-28 14:27 . 2009-05-28 14:28 -------- d-----w- c:\program files\iTunes
2009-05-26 21:17 . 2009-05-26 21:17 -------- d-----w- c:\users\Tyler\AppData\Roaming\rockbox.org
2009-05-26 19:05 . 2009-05-30 23:01 -------- d-----w- c:\programdata\Codemasters
2009-05-25 02:19 . 2009-05-25 02:19 -------- d-----w- c:\users\Tyler\AppData\Local\Criterion Games
2009-05-25 02:18 . 2009-05-25 02:18 -------- d-----w- c:\programdata\Electronic Arts
2009-05-25 02:17 . 2009-05-25 02:17 -------- d-----w- c:\users\Tyler\AppData\Local\Downloaded Installations
2009-05-24 22:45 . 2009-05-24 22:45 -------- d--h--w- c:\windows\PIF
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-12 00:03 . 2009-05-12 00:03 -------- d-----w- c:\users\Tyler\AppData\Local\PunkBuster
2009-05-11 10:32 . 2009-05-11 10:35 -------- d-----w- c:\users\Tyler\AppData\Roaming\Bioshock
2009-05-11 00:13 . 2009-05-11 00:13 127877 ----a-w- c:\users\Tyler\AppData\Roaming\Move Networks\uninstall.exe
2009-05-11 00:13 . 2009-05-11 07:42 -------- d-----w- c:\users\Tyler\AppData\Roaming\Move Networks
2009-05-10 17:37 . 2009-05-10 17:37 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-05-10 17:12 . 2009-05-10 17:22 -------- d-----w- c:\users\Tyler\AppData\Roaming\ImgBurn
2009-05-09 21:46 . 2009-05-09 21:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-09 01:09 . 2009-05-09 01:09 -------- d-----w- c:\users\Tyler\AppData\Local\Activision
2009-05-09 01:09 . 2009-05-09 01:09 22328 ----a-w- c:\users\Tyler\AppData\Roaming\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 16:54 . 2009-03-09 04:52 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-07 16:45 . 2009-05-10 17:58 31871 ----a-w- c:\programdata\nvModes.dat
2009-06-07 16:44 . 2009-03-08 17:13 3533893632 --sha-w- \pagefile.sys
2009-06-07 16:43 . 2009-03-08 22:45 -------- d-----w- c:\program files\Steam
2009-06-07 16:43 . 2009-04-05 00:39 117760 ----a-w- c:\users\Tyler\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-07 01:19 . 2009-04-26 05:39 -------- d-----w- c:\users\Tyler\AppData\Roaming\teamspeak2
2009-06-06 20:00 . 2009-03-08 23:06 -------- d-----w- c:\users\Tyler\AppData\Roaming\Xfire
2009-06-06 18:53 . 2009-03-09 04:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-06 04:26 . 2009-03-13 02:02 -------- d-----w- c:\program files\Dyyno
2009-06-05 22:58 . 2009-03-08 23:06 -------- d-----w- c:\program files\Xfire
2009-06-02 23:56 . 2009-03-08 23:06 -------- d-----w- c:\programdata\Xfire
2009-05-31 12:17 . 2009-03-08 22:48 393216 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2009-05-31 12:17 . 2009-03-08 22:48 385024 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2009-05-31 12:17 . 2009-03-08 22:48 197912 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2009-05-31 12:17 . 2009-03-08 22:48 177432 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2009-05-31 12:17 . 2009-03-08 22:48 169240 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2009-05-31 12:17 . 2009-03-08 22:48 136472 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2009-05-31 12:17 . 2009-03-08 22:48 1258776 ----a-w- c:\programdata\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2009-05-30 23:02 . 2009-03-08 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 03:29 . 2009-03-09 04:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 03:28 . 2009-05-04 06:54 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-30 03:15 . 2009-03-08 22:45 -------- d-----w- c:\program files\Common Files\Steam
2009-05-30 03:14 . 2009-03-09 04:01 -------- d-----w- c:\programdata\NVIDIA
2009-05-29 15:19 . 2009-03-09 04:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-29 08:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-29 08:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-29 08:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 14:27 . 2009-03-08 22:43 -------- d-----w- c:\program files\Common Files\Apple
2009-05-26 18:59 . 2009-04-07 20:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-26 18:59 . 2009-04-07 20:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-26 18:59 . 2009-04-07 20:19 -------- d-----w- c:\program files\OpenAL
2009-05-26 17:20 . 2009-03-09 04:29 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-03-09 04:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 19:01 . 2009-03-23 22:26 -------- d-----w- c:\users\Tyler\AppData\Roaming\FileZilla
2009-05-24 18:34 . 2009-03-08 22:38 62840 ----a-w- c:\users\Tyler\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-22 13:06 . 2009-03-08 22:43 -------- d-----w- c:\program files\RocketDock
2009-05-13 07:04 . 2009-03-09 03:30 -------- d-----w- c:\programdata\Microsoft Help
2009-05-11 00:13 . 2009-05-01 06:30 4183416 ----a-w- c:\users\Tyler\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-05-10 17:37 . 2009-03-08 23:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-06 13:07 . 2009-03-08 22:44 -------- d-----w- c:\program files\Rhapsody
2009-05-06 06:33 . 2009-05-06 05:08 -------- d-----w- c:\users\Tyler\AppData\Roaming\Download Manager
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\users\Tyler\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-05-01 04:08 . 2009-05-01 04:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-05-01 04:08 . 2009-05-01 04:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-05-01 04:07 . 2009-05-01 04:07 768544 ----a-w- c:\windows\system32\nvsvc.dll
2009-05-01 04:07 . 2009-05-01 04:07 4045344 ----a-w- c:\windows\system32\nvvitvs.dll
2009-05-01 04:07 . 2009-05-01 04:07 4020768 ----a-w- c:\windows\system32\nvdisps.dll
2009-05-01 04:07 . 2009-05-01 04:07 3516960 ----a-w- c:\windows\system32\nvgames.dll
2009-05-01 04:07 . 2009-05-01 04:07 3123744 ----a-w- c:\windows\system32\nvwss.dll
2009-05-01 04:07 . 2009-05-01 04:07 211488 ----a-w- c:\windows\system32\nvvsvc.exe
2009-05-01 04:07 . 2009-05-01 04:07 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-05-01 04:07 . 2009-05-01 04:07 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-05-01 04:07 . 2009-05-01 04:07 13781536 ----a-w- c:\windows\system32\nvcpl.dll
2009-05-01 04:07 . 2009-05-01 04:07 1288736 ----a-w- c:\windows\system32\nvmobls.dll
2009-05-01 02:02 . 2009-05-01 02:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2009-05-01 02:02 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-05-01 02:02 . 2009-05-01 02:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-05-01 02:02 . 2009-05-01 02:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod146.dll
2009-05-01 02:02 . 2009-05-01 02:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2009-05-01 02:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll
2009-05-01 02:02 . 2009-02-18 18:44 983552 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2009-02-18 18:44 7593472 ----a-w- c:\windows\system32\nvd3dum.dll
2009-04-29 03:25 . 2009-03-09 04:06 -------- d-----w- c:\program files\Microsoft Works
2009-04-29 02:59 . 2009-04-29 02:59 -------- d-----w- c:\program files\WOT
2009-04-27 04:42 . 2009-03-08 23:01 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 05:39 . 2009-04-02 05:07 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-04-25 04:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-04-21 23:07 . 2009-04-21 23:07 -------- d-----w- c:\users\Tyler\AppData\Roaming\2K Sports
2009-04-17 23:34 . 2009-04-17 23:34 -------- d-----w- c:\program files\MSXML 4.0
2009-04-17 23:34 . 2009-04-17 23:34 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-04-14 21:17 . 2009-04-09 07:25 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-04-12 23:04 . 2009-04-12 23:04 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 03:33 . 2009-05-29 07:50 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 03:33 . 2009-05-29 07:50 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 03:33 . 2009-05-29 07:50 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 03:33 . 2009-05-29 07:50 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 03:33 . 2009-05-29 07:50 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 03:28 . 2009-05-29 07:50 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 03:27 . 2009-05-29 07:51 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-04-11 03:22 . 2009-05-29 07:51 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 03:21 . 2009-05-29 07:50 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 03:05 . 2009-04-11 03:05 -------- d-----w- c:\program files\Audible
2009-04-11 02:42 . 2009-05-29 07:51 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 02:03 . 2009-05-29 07:51 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 02:03 . 2009-05-29 07:51 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 01:57 . 2009-05-29 07:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 01:55 . 2009-05-29 07:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 01:51 . 2009-05-29 07:51 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 01:47 . 2009-05-29 07:50 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 01:46 . 2009-05-29 07:51 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 03:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,2f,6d,9f,35,e0,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9EAB0419-6615-4960-A6A1-C4AEE284F26F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6BF585EF-4183-4793-8682-6C41C02D176F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C096089F-B214-4823-AC2E-F7B25F99CCA1}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{52535091-DDF6-4D7F-8621-2DC690BD1CB9}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{4DF23973-34BD-4DE2-9512-480B50774E0A}"= UDP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{BC3BE3F0-CDBF-44AC-8C1B-70C220DC29DB}"= TCP:c:\program files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{39C838A5-B7C5-41B8-9B7C-E3A682BE8998}"= UDP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{698E0018-5350-45AA-B870-A71A6A88E29B}"= TCP:c:\program files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{503C28FC-2308-4C6C-B75A-33387C0F768C}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{07DD5F5D-B586-4C27-B18A-D414B3E42096}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B0AF7C27-282C-498E-81D3-9048B8E0FF71}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56CA9895-FE40-4E40-A617-608AFAD24287}"= UDP:c:\program files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:Bioshock
"{13921D1D-852B-4CA3-8560-9D59BA5B314F}"= TCP:c:\program files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:Bioshock
"{564E8F58-E430-4F17-9F99-5D0549473964}"= UDP:c:\program files\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe:Grand Theft Auto: San Andreas
"{BDCBD592-C8DB-4FC9-89D0-83BAF59BBFC0}"= TCP:c:\program files\Steam\steamapps\common\grand theft auto san andreas\gta-sa.exe:Grand Theft Auto: San Andreas
"{84F8D562-F360-488F-9602-6369F9E52018}"= UDP:c:\program files\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe:Frontlines: Fuel of War
"{F9D5F6C0-4B72-4963-8382-F86D8CB79655}"= TCP:c:\program files\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe:Frontlines: Fuel of War
"{FCDD6D15-8725-4638-A27E-C38C9AE0D251}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{C74D04A4-FB43-40AC-A1E3-CF606C99915C}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3sp.exe:Call of Duty 4: Modern Warfare
"{5C907CB7-D924-4009-8F46-429694C6E36F}"= UDP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"{AF1441E8-B6ED-4FBF-97AE-5A97E8543D72}"= TCP:c:\program files\Steam\steamapps\common\call of duty 4\iw3mp.exe:Call of Duty 4: Modern Warfare
"TCP Query User{C08B983C-45E1-44F2-83B5-2264060D469C}c:\\users\\tyler\\appdata\\local\\dyyno receiver\\dppm.exe"= UDP:c:\users\tyler\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{A54C216D-5238-4AB6-A325-BDC0A62F23B6}c:\\users\\tyler\\appdata\\local\\dyyno receiver\\dppm.exe"= TCP:c:\users\tyler\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{CA351854-EA96-4CA8-BE8B-8D29F5F59E08}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2E04FB3F-9705-4D38-922D-41565FFF1A44}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C067E9BA-21A4-4F5D-98D7-BDD9809287CE}c:\\program files\\steam\\steamapps\\colossus01\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\colossus01\counter-strike source\hl2.exe:hl2
"UDP Query User{B316AC45-67A3-49D0-8A2C-F68F1680A4EE}c:\\program files\\steam\\steamapps\\colossus01\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\colossus01\counter-strike source\hl2.exe:hl2
"{A6C45E3D-C507-499B-AE29-9D8889827D20}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{24F50DF3-6751-4359-B997-AB72FB342830}c:\\program files\\steam\\steamapps\\common\\grand theft auto iv\\gtaiv\\gtaiv.exe"= UDP:c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{BFA0B960-F379-4FFA-9236-7434D5A80F58}c:\\program files\\steam\\steamapps\\common\\grand theft auto iv\\gtaiv\\gtaiv.exe"= TCP:c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe:Grand Theft Auto IV
"{A8A084C4-5D3D-4418-97B2-CF635F7679AC}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A8E99F6F-AF0C-4DB4-A6DE-2CA60FF570DE}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{D19FD804-EEF3-493B-A0C5-A03BB0044120}c:\\program files\\steam\\steamapps\\common\\dead space\\dead space.exe"= UDP:c:\program files\steam\steamapps\common\dead space\dead space.exe:Dead Space â„¢
"UDP Query User{3D1D1635-9F8B-4592-B45A-2D5517F53073}c:\\program files\\steam\\steamapps\\common\\dead space\\dead space.exe"= TCP:c:\program files\steam\steamapps\common\dead space\dead space.exe:Dead Space â„¢
"{72B94CE3-3C23-43F6-A819-81BFA5ED45F8}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{9BA40041-A52E-4BB8-8A9B-E71C6003B075}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes
"{3BEDDBB4-AC98-4A0A-BB06-9AB027F0968B}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{5215D761-E32A-4845-9998-70261EF02387}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{4FD1B7D0-9924-4370-871A-33724579FCC1}"= UDP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV
"{57DD185C-620B-4E73-A6A5-4880A4D7DD4A}"= TCP:c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:Grand Theft Auto IV
"TCP Query User{4F8F4F81-7127-4C58-A72A-46618EF89A2B}c:\\program files\\xfire\\dppm_source.exe"= UDP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application
"UDP Query User{B3B642A9-5A3D-4AA9-8342-4831773FA025}c:\\program files\\xfire\\dppm_source.exe"= TCP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application
"TCP Query User{1D4BA70D-2914-4EF8-9AAE-6D10B9F60EA0}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{D479B1BF-EB9C-49DD-9EDE-66C8D5A91A63}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{9F2580EE-6730-48F4-9023-5F0FEF093B98}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= UDP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"UDP Query User{495F2EF0-BA7F-4E0A-8EE3-ADEB2B8B9021}c:\\program files\\microsoft games\\halo custom edition\\haloce.exe"= TCP:c:\program files\microsoft games\halo custom edition\haloce.exe:Halo
"{2A3698A3-794E-484F-B4A0-84FA8CC8AE23}"= UDP:c:\program files\Steam\steamapps\common\mlb 2k9\mlb2k9.exe:MLB 2K9
"{DC41A38F-D7E9-4095-95E1-9B14946C03DA}"= TCP:c:\program files\Steam\steamapps\common\mlb 2k9\mlb2k9.exe:MLB 2K9
"{0E3BE46A-8AF7-4CD7-96EA-DEB3A07E441B}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{EA80AAE8-62D4-41CF-863B-E1F4482E8E5D}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{7985F974-8178-4093-8287-511D004CD62E}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{43D27A24-73BC-48CD-AE9C-A09798CAC2CA}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{576B6AFD-494D-4063-AF83-8B8585890B4C}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{19E0CBEE-7715-4242-91C6-F57F0A14804B}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaW.exe:Call of Duty: World at War
"{9D4C0889-CF2D-4424-8200-DF1FCA7E053A}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0ED1314F-562E-4BE4-B5FA-D6924750530F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9646EA12-7DC0-48DC-B5EB-7F2DD0FF1BFF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F2088361-829D-48B2-8D0E-9B2E3E1D34E8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CF4D92D3-C635-4687-B516-3CA2FD382B34}"= UDP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{57BEDE52-7F69-4928-B20C-4E1994E14B2D}"= TCP:c:\program files\Steam\steamapps\common\call of duty world at war\CoDWaWmp.exe:Call of Duty: World at War
"{78D177E7-51DD-4081-9BA0-0BBB992E18C2}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{F5721D4B-D673-460A-AD31-73B9AC0158F9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{06EB4131-3C0E-487E-AE14-C31822AA4832}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Web Player
"UDP Query User{F0781897-E263-4485-88B8-864FC72B2D0E}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Web Player
"TCP Query User{7E29C961-DE87-43CF-BD06-38F90138C828}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{81A0C3CA-67BB-4551-9469-A4578A77BC39}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{9DC10BC5-6280-407E-A389-C4C8380ECF1F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{28C2B6E1-95E3-4042-BD78-0E5963110ECA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{27E33C39-7005-4EE6-B2AF-145FCB2542B6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5257C0C6-636A-4C32-B5B4-D2E701D6870A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2E60370A-99E6-4219-A624-E7ECB5A1CED2}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{F89B87DF-4549-4FFA-B563-F4E16F3D6E33}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{66684512-460E-4534-B226-C48C6FE1593A}"= UDP:c:\program files\Rhapsody\rhapsody.exe:Rhapsody Media Player
"{53BBAF8A-DBA4-4F75-86AF-74E72627E268}"= TCP:c:\program files\Rhapsody\rhapsody.exe:Rhapsody Media Player

R0 Ct;Ct;c:\windows\System32\drivers\ct.sys [4/3/2008 2:32 PM 426680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 CtServ;CtServ;c:\windows\system32\svchost.exe -k CtServ [1/20/2008 10:23 PM 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/9/2009 12:28 AM 1153368]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [6/2/2008 3:16 PM 86792]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [6/27/2008 1:40 AM 335872]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/8/2009 7:04 PM 33752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
CtServ REG_MULTI_SZ CtServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverMax - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_ ... pdater.cab
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\s39v0pio.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.maximumpc.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Haute Secure\FireFox\components\CtFFGlue.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\users\Tyler\AppData\Local\HuluDesktop\instances\0.9.2.1\npHDPlg.dll
FF - plugin: c:\users\Tyler\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\s39v0pio.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 12:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Tyler\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3696244747-2911351836-1749509300-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,f2,1a,33,90,d3,ee,39,10,29,d9,53,c1,86,3e,b1,d5,82,11,e5,ff,
c5,ee,9d,1c,e2,66,02,2f,b5,13,32,ed,5b,07,67,f4,22,27,1e,cf,fc,54,9d,fe,44,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Completion time: 2009-06-07 12:56
ComboFix-quarantined-files.txt 2009-06-07 16:56

Pre-Run: 265,401,053,184 bytes free
Post-Run: 265,422,368,768 bytes free

329 --- E O F --- 2009-05-13 07:04


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 9:22 am 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Before I do anything else, did you have trouble running Combofix and therefore renamed it?


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 9:25 am 
Klamath
Klamath
User avatar

Joined: Thu Dec 04, 2008 12:52 pm
Posts: 238
At first it prompted me to shut off my anti-tools, so I did, except Bitdefender. After that I tried running it again and a bunch of errors came up, even after renaming the .exe, I believe. Sorry, didn't write the errors down in advance, but they were talking about not being able to connect to .com 3243242.com, etc, before finally allowing me to do it. I know how, um, frustrating it can be to have someone not write down the errors, but those above were some of the errors I received basically.


Top
  Profile  
 
 Post subject:
PostPosted: Sun Jun 07, 2009 9:30 am 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
Considering that you do financial transactions on this computer and the fact that Combofix didn't do much, I'm going to recommend a format and reinstall.

There are a few things in the logfile that I do see that should be removed, but I'm afraid we would be just going over and over again.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: dirtgirl12 and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group