1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I get google redirects, random firefox tab ads and blue screens

Discussion in 'Virus & Other Malware Removal' started by johnyi, May 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    Hey, i tried using a windows vista recovery disc, but that does me no good, i get google redirects almost 90% of the time i click a link, and when i want to shut down my computer, i cant because it just shows a blue screen warning, then restarts. My computer is also very slow now, any help?
     
  2. Sponsor

  3. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6517

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    5/21/2011 5:24:42 PM
    mbam-log-2011-05-21 (17-24-42).txt

    Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
    Objects scanned: 280038
    Time elapsed: 54 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Temp\tqxq\int5sd.exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Windows\Temp\tqxq\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
     
  4. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    It says i need to restart my computer for actions to take effect, but i dont think it will save because everytime i want to restart my computer, i get a blue screen warning
     
  5. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
  6. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,420
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  8. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    I downloaded DDS and let the scan run through, and after the scan, it shows a log that says when i close this window two logs will appear, but it never does? I did a DDS scan a couple months before and it worked fine!
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    110,152
    I've moved your new thread over here. Please do not start a new thread when you're already being assisted.
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,420
    First Name:
    Derek
    I have seen a couple of other reports about that behaviour on some computers

    Try this instead
    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  11. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    Im sorry, i should have read through the readme stickies first but here are the logs


    OT Scan

    OTS logfile created on: 5/29/2011 7:19:18 PM - Run 1
    OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\Administrator\Downloads
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 217.39 Gb Free Space | 72.93% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DEOK-PC
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    ots.exe -> C:\Users\Administrator\Downloads\OTS.exe -> [2011/05/29 19:18:41 | 000,645,632 | ---- | M] (OldTimer Tools)
    utorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe -> [2011/05/20 15:57:08 | 000,551,800 | ---- | M] (BitTorrent, Inc.)
    jp2launcher.exe -> C:\Program Files\Java\jre6\bin\jp2launcher.exe -> [2011/04/14 05:08:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.)
    java.exe -> C:\Program Files\Java\jre6\bin\java.exe -> [2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
    acrord32.exe -> C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe -> [2010/11/10 13:49:36 | 001,289,624 | ---- | M] (Adobe Systems Incorporated)
    teamviewer_service.exe -> C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/09/24 08:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH)
    ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET)
    egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2010/06/24 09:27:06 | 002,202,704 | ---- | M] (ESET)
    soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2010/05/21 01:28:00 | 011,312,128 | ---- | M] (OpenOffice.org)
    soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2010/05/21 01:27:58 | 011,318,784 | ---- | M] (OpenOffice.org)
    limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe -> [2009/05/22 09:57:15 | 000,139,776 | ---- | M] (Lime Wire, LLC)
    explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
    monitor.exe -> C:\Windows\PixArt\Pac207\Monitor.exe -> [2007/12/10 19:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation)

    [Modules - Safe List]
    ots.exe -> C:\Users\Administrator\Downloads\OTS.exe -> [2011/05/29 19:18:41 | 000,645,632 | ---- | M] (OldTimer Tools)
    comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll -> [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation)

    [Win32 Services - Safe List]
    (TeamViewer5) TeamViewer 5 [Auto | Running] -> C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/09/24 08:36:59 | 001,960,744 | ---- | M] (TeamViewer GmbH)
    (EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2010/06/24 09:27:54 | 000,033,584 | ---- | M] (ESET)
    (ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2010/06/24 09:27:12 | 000,810,144 | ---- | M] (ESET)
    (Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation)
    (WinDefend) Windows Defender [Disabled | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation)

    [Driver Services - Safe List]
    (eamonm) eamonm [File_System | Auto | Running] -> C:\Windows\System32\drivers\eamonm.sys -> [2010/06/24 09:04:14 | 000,136,120 | ---- | M] (ESET)
    (ehdrv) ehdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ehdrv.sys -> [2010/04/28 08:17:46 | 000,114,984 | ---- | M] (ESET)
    (epfwwfpr) epfwwfpr [Kernel | Auto | Running] -> C:\Windows\System32\drivers\epfwwfpr.sys -> [2010/04/28 08:17:46 | 000,096,896 | ---- | M] (ESET)
    (LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\LMouKE.Sys -> [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.)
    (L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\L8042mou.Sys -> [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.)
    (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\L8042Kbd.sys -> [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.)
    (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2008/05/03 00:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation)
    (PAC207) PC [email protected] [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\PFC027.SYS -> [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2008/01/20 21:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation)
    (c65013264) C-Media CM6501 Like Sound UDAX Interface [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\c6501.sys -> [2007/02/07 05:16:52 | 001,298,944 | ---- | M] (C-Media Inc)
    (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvm60x32.sys -> [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation)
    (MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ASACPI.sys -> [2004/08/13 05:56:20 | 000,005,810 | ---- | M] ()

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
    HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
    HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.bing.com/?pc=ZUGO&form=ZGAPHP ->
    HKEY_USERS\.DEFAULT\: Main\\"Start Page Restore" -> ->
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
    HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.bing.com/?pc=ZUGO&form=ZGAPHP ->
    HKEY_USERS\S-1-5-18\: Main\\"Start Page Restore" -> ->
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\] > -> ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\: Main\\"Start Page" -> http://www.mystart.com?pr=oovoo2_0 ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\: "ProxyOverride" -> *.local ->
    < FireFox Settings [Prefs.js] > -> C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y4khrsqu.default\prefs.js ->
    browser.search.selectedEngine -> "Yahoo" ->
    browser.startup.homepage -> "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial" ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 ->
    extensions.enabledItems -> [email protected]:7 ->
    keyword.URL -> "http://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=" ->
    < FireFox Settings [User.js] > -> C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y4khrsqu.default\user.js ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/21 18:51:54 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/21 20:18:33 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Thunderbird\Extensions -> ->
    HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2010/08/04 19:50:51 | 000,000,000 | ---D | M]
    < FireFox Extensions [User Folders] > ->
    -> C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions -> [2009/06/12 11:37:52 | 000,000,000 | ---D | M]
    -> C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]zswing.org -> [2009/06/12 11:37:52 | 000,000,000 | ---D | M]
    -> C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y4khrsqu.default\extensions -> [2011/05/20 16:39:10 | 000,000,000 | ---D | M]
    No name found -> C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y4khrsqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2011/05/03 14:14:06 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant -> C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y4khrsqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(27) -> [2011/05/02 18:39:05 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > ->
    -> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/29 00:59:13 | 000,000,000 | ---D | M]
    Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/11/29 23:21:01 | 000,000,000 | ---D | M]
    Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} -> [2011/05/07 19:21:13 | 000,000,000 | ---D | M]
    Move Media Player -> C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOVE NETWORKS -> [2009/12/04 00:45:52 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION -> [2009/09/02 07:03:46 | 000,000,000 | ---D | M]
    Hosts file not found -> ->
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 09:52:20 | 000,271,024 | ---- | M] ()
    {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    {D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [FrostWire Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 09:52:20 | 000,271,024 | ---- | M] ()
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [FrostWire Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
    < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 09:52:20 | 000,271,024 | ---- | M] ()
    WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [FrostWire Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 09:52:20 | 000,271,024 | ---- | M] ()
    WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [FrostWire Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar] -> [2010/04/08 09:52:20 | 000,271,024 | ---- | M] ()
    WebBrowser\\"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}" [HKLM] -> C:\Program Files\uTorrentBar\tbuTor.dll [uTorrentBar Toolbar] -> [2010/12/09 13:51:30 | 003,911,776 | ---- | M] (Conduit Ltd.)
    WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [FrostWire Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"] -> [2010/11/10 13:49:36 | 000,035,736 | ---- | M] (Adobe Systems Incorporated)
    "C6501Sound" -> [RunDll32 c6501.cpl,CMICtrlWnd] -> File not found
    "egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2010/06/24 09:27:06 | 002,202,704 | ---- | M] (ESET)
    "NvCplDaemon" -> C:\Windows\System32\NvCpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/05/03 00:46:00 | 013,535,776 | ---- | M] (NVIDIA Corporation)
    "NvMediaCenter" -> C:\Windows\System32\NvMcTray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/05/03 00:46:00 | 000,092,704 | ---- | M] (NVIDIA Corporation)
    "PAC207_Monitor" -> C:\Windows\PixArt\Pac207\Monitor.exe [C:\Windows\PixArt\PAC207\Monitor.exe] -> [2007/12/10 19:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation)
    < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "5GUTNY6MFK" -> C:\Windows\Temp\Vpc.exe [C:\Windows\TEMP\Vpc.exe] -> [2011/05/08 13:11:16 | 000,138,752 | ---- | M] (videosoft)
    "R8388QA8U8" -> C:\Windows\Temp\Vpd.exe [C:\Windows\TEMP\Vpd.exe] -> [2011/05/08 13:11:16 | 000,142,848 | ---- | M] (videosoft)
    < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    "FlashPlayerUpdate" -> C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe [C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe] -> [2009/02/02 21:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.)
    < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "5GUTNY6MFK" -> C:\Windows\Temp\Vpc.exe [C:\Windows\TEMP\Vpc.exe] -> [2011/05/08 13:11:16 | 000,138,752 | ---- | M] (videosoft)
    "R8388QA8U8" -> C:\Windows\Temp\Vpd.exe [C:\Windows\TEMP\Vpd.exe] -> [2011/05/08 13:11:16 | 000,142,848 | ---- | M] (videosoft)
    < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    "FlashPlayerUpdate" -> C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe [C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe] -> [2009/02/02 21:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.)
    < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:33:07 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:33:07 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < Run [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "Steam" -> C:\Program Files\Steam\Steam.exe ["C:\Program Files\Steam\Steam.exe" -silent] -> [2010/11/16 17:48:30 | 001,242,448 | ---- | M] (Valve Corporation)
    "uTorrent" -> C:\Program Files\uTorrent\uTorrent.exe ["C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED] -> [2011/05/20 15:57:08 | 000,551,800 | ---- | M] (BitTorrent, Inc.)
    "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 21:33:07 | 002,153,472 | ---- | M] (Microsoft Corporation)
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\] > -> HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-21-3171449-1554940463-3514634807-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
    {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab [Java Plug-in 1.6.0_25] ->
    {F53E8C5B-347E-4638-89BE-94639E22E21A} [HKLM] -> http://www.limeusa.com/append/application/LimeUsaCtrl-MFC9.CAB [LimeUSA &#52968;&#53944;&#47204;] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 208.59.247.45 208.59.247.46 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {46350C20-98C1-4C3E-82CD-165A8BB6120C}\\DhcpNameServer -> 208.59.247.45 208.59.247.46 (NVIDIA nForce Networking Controller) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > -> ->
    C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 000,000,024 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    \{6c759e31-ba56-11dd-8f04-001fc6be68dc}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c759e31-ba56-11dd-8f04-001fc6be68dc}\shell
    \{6c759e31-ba56-11dd-8f04-001fc6be68dc}\shell\\"" -> [AutoRun] -> File not found
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c759e31-ba56-11dd-8f04-001fc6be68dc}\shell\AutoRun\command
    \{6c759e31-ba56-11dd-8f04-001fc6be68dc}\shell\AutoRun\command\\"" -> [K:\LaunchU3.exe -a] -> File not found
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
    .com [@ = comfile] -> "%1" %* ->
    .exe [@ = exefile] -> "%1" %* ->


    [Files/Folders - Created Within 30 Days]
    Trend Micro -> C:\Program Files\Trend Micro -> [2011/05/29 13:10:33 | 000,000,000 | ---D | C]
    HiJackThis -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2011/05/29 13:10:33 | 000,000,000 | ---D | C]
    iTunes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes -> [2011/05/22 10:33:59 | 000,000,000 | ---D | C]
    GEARAspi.dll -> C:\Windows\System32\GEARAspi.dll -> [2011/05/22 10:33:56 | 000,107,368 | ---- | C] (GEAR Software Inc.)
    iPod -> C:\Program Files\iPod -> [2011/05/22 10:33:05 | 000,000,000 | ---D | C]
    iTunes -> C:\Program Files\iTunes -> [2011/05/22 10:32:58 | 000,000,000 | ---D | C]
    {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> [2011/05/21 18:53:34 | 000,000,000 | ---D | C]
    QuickTime -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime -> [2011/05/21 18:51:42 | 000,000,000 | ---D | C]
    Apple Software Update -> C:\Program Files\Apple Software Update -> [2011/05/21 18:47:46 | 000,000,000 | ---D | C]
    Bonjour -> C:\Program Files\Bonjour -> [2011/05/21 18:43:13 | 000,000,000 | ---D | C]
    4Media -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Media -> [2011/05/20 16:06:28 | 000,000,000 | ---D | C]
    4Media -> C:\Program Files\4Media -> [2011/05/20 16:05:05 | 000,000,000 | ---D | C]
    Conduit -> C:\Program Files\Conduit -> [2011/05/20 15:53:45 | 000,000,000 | ---D | C]
    ConduitEngine -> C:\Program Files\ConduitEngine -> [2011/05/20 15:53:43 | 000,000,000 | ---D | C]
    uTorrentBar -> C:\Program Files\uTorrentBar -> [2011/05/20 15:53:41 | 000,000,000 | ---D | C]
    uTorrent -> C:\Program Files\uTorrent -> [2011/05/20 15:53:36 | 000,000,000 | ---D | C]
    uTorrent -> C:\Users\Administrator\AppData\Local\uTorrent -> [2011/05/20 15:53:16 | 000,000,000 | ---D | C]
    Search Toolbar -> C:\Program Files\Search Toolbar -> [2011/05/20 13:52:58 | 000,000,000 | ---D | C]
    SPReview -> C:\Windows\System32\SPReview -> [2011/05/07 21:15:40 | 000,000,000 | ---D | C]
    EventProviders -> C:\Windows\System32\EventProviders -> [2011/05/07 19:44:51 | 000,000,000 | ---D | C]
    3c92ac7fb908a3fab6574ea8ea -> C:\3c92ac7fb908a3fab6574ea8ea -> [2011/05/07 19:44:50 | 000,000,000 | ---D | C]
    CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2011/05/07 19:31:13 | 000,000,000 | ---D | C]
    CCleaner -> C:\Program Files\CCleaner -> [2011/05/07 19:31:12 | 000,000,000 | ---D | C]
    javaws.exe -> C:\Windows\System32\javaws.exe -> [2011/05/07 19:21:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
    javaw.exe -> C:\Windows\System32\javaw.exe -> [2011/05/07 19:21:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
    java.exe -> C:\Windows\System32\java.exe -> [2011/05/07 19:21:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
    mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/05 21:57:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/05/05 21:57:10 | 000,000,000 | ---D | C]
    mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/05 21:57:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
    Sun -> C:\Users\Administrator\AppData\Roaming\Sun -> [2011/05/02 21:08:43 | 000,000,000 | ---D | C]
    {CAFCD421-5186-4763-8E5E-4D6A4D366A87} -> C:\Users\Administrator\AppData\Local\{CAFCD421-5186-4763-8E5E-4D6A4D366A87} -> [2011/05/02 18:58:01 | 000,000,000 | ---D | C]
    2 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    GoogleUpdateTaskUserS-1-5-21-3171449-1554940463-3514634807-500Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3171449-1554940463-3514634807-500Core.job -> [2011/05/29 18:43:02 | 000,000,888 | ---- | M] ()
    GoogleUpdateTaskUserS-1-5-21-3171449-1554940463-3514634807-500UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3171449-1554940463-3514634807-500UA.job -> [2011/05/29 18:43:01 | 000,000,940 | ---- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/29 18:36:16 | 000,003,712 | -H-- | M] ()
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/05/29 18:36:16 | 000,003,712 | -H-- | M] ()
    {810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job -> C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job -> [2011/05/29 18:29:09 | 000,000,252 | -H-- | M] ()
    HiJackThis.lnk -> C:\Users\Administrator\Desktop\HiJackThis.lnk -> [2011/05/29 13:10:54 | 000,002,539 | ---- | M] ()
    User_Feed_Synchronization-{9EFAB2CC-C91E-4B8E-8EAE-20C79287011E}.job -> C:\Windows\tasks\User_Feed_Synchronization-{9EFAB2CC-C91E-4B8E-8EAE-20C79287011E}.job -> [2011/05/29 11:18:19 | 000,000,434 | -H-- | M] ()
    oerbartu.job -> C:\Windows\tasks\oerbartu.job -> [2011/05/28 12:54:11 | 000,000,310 | -HS- | M] ()
    bootstat.dat -> C:\Windows\bootstat.dat -> [2011/05/28 10:36:08 | 000,067,584 | --S- | M] ()
    sqmdata17.sqm -> C:\sqmdata17.sqm -> [2011/05/26 20:48:15 | 000,000,268 | -H-- | M] ()
    sqmnoopt17.sqm -> C:\sqmnoopt17.sqm -> [2011/05/26 20:48:15 | 000,000,244 | -H-- | M] ()
    LimeWire On Startup.lnk -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> [2011/05/26 18:59:09 | 000,001,658 | ---- | M] ()
    MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/05/26 18:53:23 | 174,570,209 | ---- | M] ()
    perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/05/22 10:41:12 | 000,607,168 | ---- | M] ()
    perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/05/22 10:41:12 | 000,104,808 | ---- | M] ()
    iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/05/22 10:33:59 | 000,001,664 | ---- | M] ()
    sqmdata16.sqm -> C:\sqmdata16.sqm -> [2011/05/22 04:25:22 | 000,000,268 | -H-- | M] ()
    sqmnoopt16.sqm -> C:\sqmnoopt16.sqm -> [2011/05/22 04:25:22 | 000,000,244 | -H-- | M] ()
    DJ Khaled - I m On One ft. Drake, Rick Ross & Lil Wayne.lnk -> C:\Users\Administrator\Desktop\DJ Khaled - I m On One ft. Drake, Rick Ross & Lil Wayne.lnk -> [2011/05/22 01:59:28 | 000,000,795 | ---- | M] ()
    QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/05/21 20:18:27 | 000,001,726 | ---- | M] ()
    sqmdata15.sqm -> C:\sqmdata15.sqm -> [2011/05/20 16:30:15 | 000,000,268 | -H-- | M] ()
    sqmnoopt15.sqm -> C:\sqmnoopt15.sqm -> [2011/05/20 16:30:15 | 000,000,244 | -H-- | M] ()
    4Media ISO Burner.lnk -> C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media ISO Burner.lnk -> [2011/05/20 16:06:28 | 000,001,891 | ---- | M] ()
    4Media ISO Burner.lnk -> C:\Users\Administrator\Desktop\4Media ISO Burner.lnk -> [2011/05/20 16:06:28 | 000,001,867 | ---- | M] ()
    Install 4Media ISO Burner.lnk -> C:\Users\Administrator\Desktop\Install 4Media ISO Burner.lnk -> [2011/05/20 16:04:34 | 000,001,017 | ---- | M] ()
    µTorrent.lnk -> C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> [2011/05/20 15:57:49 | 000,000,776 | ---- | M] ()
    µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2011/05/20 15:57:49 | 000,000,752 | ---- | M] ()
    14. Wale - The Posse Cut (Who Don t) (Ft. Fat Trel & Black Cobain).lnk -> C:\Users\Administrator\Desktop\14. Wale - The Posse Cut (Who Don t) (Ft. Fat Trel & Black Cobain).lnk -> [2011/05/16 11:34:42 | 000,001,131 | ---- | M] ()
    sqmdata14.sqm -> C:\sqmdata14.sqm -> [2011/05/14 01:30:40 | 000,000,268 | -H-- | M] ()
    sqmnoopt14.sqm -> C:\sqmnoopt14.sqm -> [2011/05/14 01:30:40 | 000,000,244 | -H-- | M] ()
    sqmdata13.sqm -> C:\sqmdata13.sqm -> [2011/05/13 23:09:40 | 000,000,268 | -H-- | M] ()
    sqmnoopt13.sqm -> C:\sqmnoopt13.sqm -> [2011/05/13 23:09:40 | 000,000,244 | -H-- | M] ()
    sqmdata12.sqm -> C:\sqmdata12.sqm -> [2011/05/13 20:36:07 | 000,000,268 | -H-- | M] ()
    sqmnoopt12.sqm -> C:\sqmnoopt12.sqm -> [2011/05/13 20:36:07 | 000,000,244 | -H-- | M] ()
    sqmdata11.sqm -> C:\sqmdata11.sqm -> [2011/05/13 00:18:43 | 000,000,268 | -H-- | M] ()
    sqmnoopt11.sqm -> C:\sqmnoopt11.sqm -> [2011/05/13 00:18:43 | 000,000,244 | -H-- | M] ()
    sqmdata10.sqm -> C:\sqmdata10.sqm -> [2011/05/12 00:29:27 | 000,000,268 | -H-- | M] ()
    sqmnoopt10.sqm -> C:\sqmnoopt10.sqm -> [2011/05/12 00:29:27 | 000,000,244 | -H-- | M] ()
    sqmdata09.sqm -> C:\sqmdata09.sqm -> [2011/05/12 00:25:19 | 000,000,268 | -H-- | M] ()
    sqmnoopt09.sqm -> C:\sqmnoopt09.sqm -> [2011/05/12 00:25:19 | 000,000,244 | -H-- | M] ()
    sqmdata08.sqm -> C:\sqmdata08.sqm -> [2011/05/12 00:20:38 | 000,000,268 | -H-- | M] ()
    sqmnoopt08.sqm -> C:\sqmnoopt08.sqm -> [2011/05/12 00:20:37 | 000,000,244 | -H-- | M] ()
    sqmdata07.sqm -> C:\sqmdata07.sqm -> [2011/05/11 14:59:26 | 000,000,268 | -H-- | M] ()
    sqmnoopt07.sqm -> C:\sqmnoopt07.sqm -> [2011/05/11 14:59:26 | 000,000,244 | -H-- | M] ()
    sqmdata06.sqm -> C:\sqmdata06.sqm -> [2011/05/11 07:54:48 | 000,000,268 | -H-- | M] ()
    sqmnoopt06.sqm -> C:\sqmnoopt06.sqm -> [2011/05/11 07:54:48 | 000,000,244 | -H-- | M] ()
    sqmdata05.sqm -> C:\sqmdata05.sqm -> [2011/05/11 01:16:11 | 000,000,268 | -H-- | M] ()
    sqmnoopt05.sqm -> C:\sqmnoopt05.sqm -> [2011/05/11 01:16:11 | 000,000,244 | -H-- | M] ()
    2.jpg -> C:\Users\Administrator\Desktop\2.jpg -> [2011/05/10 18:33:10 | 000,023,705 | ---- | M] ()
    sqmdata04.sqm -> C:\sqmdata04.sqm -> [2011/05/10 15:20:32 | 000,000,268 | -H-- | M] ()
    sqmnoopt04.sqm -> C:\sqmnoopt04.sqm -> [2011/05/10 15:20:32 | 000,000,244 | -H-- | M] ()
    sqmdata03.sqm -> C:\sqmdata03.sqm -> [2011/05/10 07:45:12 | 000,000,268 | -H-- | M] ()
    sqmnoopt03.sqm -> C:\sqmnoopt03.sqm -> [2011/05/10 07:45:12 | 000,000,244 | -H-- | M] ()
    sqmdata02.sqm -> C:\sqmdata02.sqm -> [2011/05/10 01:32:59 | 000,000,268 | -H-- | M] ()
    sqmnoopt02.sqm -> C:\sqmnoopt02.sqm -> [2011/05/10 01:32:59 | 000,000,244 | -H-- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/05/09 18:06:32 | 000,020,992 | ---- | M] ()
    sqmdata01.sqm -> C:\sqmdata01.sqm -> [2011/05/08 23:53:38 | 000,000,268 | -H-- | M] ()
    sqmnoopt01.sqm -> C:\sqmnoopt01.sqm -> [2011/05/08 23:53:38 | 000,000,244 | -H-- | M] ()
    dpinstb.dll -> C:\Windows\System32\dpinstb.dll -> [2011/05/08 13:11:17 | 000,135,168 | RHS- | M] ()
    FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/08 12:58:04 | 000,389,760 | ---- | M] ()
    sqmdata00.sqm -> C:\sqmdata00.sqm -> [2011/05/07 21:16:45 | 000,000,268 | -H-- | M] ()
    sqmnoopt00.sqm -> C:\sqmnoopt00.sqm -> [2011/05/07 21:16:45 | 000,000,244 | -H-- | M] ()
    CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/05/07 19:31:13 | 000,000,804 | ---- | M] ()
    sqmdata19.sqm -> C:\sqmdata19.sqm -> [2011/05/07 19:22:24 | 000,000,268 | -H-- | M] ()
    sqmnoopt19.sqm -> C:\sqmnoopt19.sqm -> [2011/05/07 19:22:24 | 000,000,244 | -H-- | M] ()
    sqmdata18.sqm -> C:\sqmdata18.sqm -> [2011/05/07 02:16:11 | 000,000,268 | -H-- | M] ()
    sqmnoopt18.sqm -> C:\sqmnoopt18.sqm -> [2011/05/07 02:16:11 | 000,000,244 | -H-- | M] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/05 21:57:10 | 000,000,906 | ---- | M] ()
    0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> C:\ProgramData\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> [2011/05/02 21:41:30 | 000,011,690 | -HS- | M] ()
    1080647302 -> C:\ProgramData\1080647302 -> [2011/05/02 21:41:20 | 000,010,280 | -HS- | M] ()
    0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> C:\Users\Administrator\AppData\Local\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> [2011/05/02 21:41:20 | 000,010,280 | -HS- | M] ()
    Tnisitam.dat -> C:\Users\Administrator\AppData\Local\Tnisitam.dat -> [2011/05/02 18:58:02 | 000,000,120 | ---- | M] ()
    Idixucenafidacos.bin -> C:\Users\Administrator\AppData\Local\Idixucenafidacos.bin -> [2011/05/02 18:58:02 | 000,000,000 | ---- | M] ()
    454 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
    21 C:\Users\Administrator\AppData\Local\Temp\*.tmp files -> C:\Users\Administrator\AppData\Local\Temp\*.tmp ->
    2 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

    [Files - No Company Name]
    HiJackThis.lnk -> C:\Users\Administrator\Desktop\HiJackThis.lnk -> [2011/05/29 13:10:33 | 000,002,539 | ---- | C] ()
    {810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job -> C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job -> [2011/05/24 17:40:22 | 000,000,252 | -H-- | C] ()
    iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2011/05/22 10:33:59 | 000,001,664 | ---- | C] ()
    QuickTime Player.lnk -> C:\Users\Public\Desktop\QuickTime Player.lnk -> [2011/05/21 18:51:42 | 000,001,726 | ---- | C] ()
    4Media ISO Burner.lnk -> C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\4Media ISO Burner.lnk -> [2011/05/20 16:06:28 | 000,001,891 | ---- | C] ()
    4Media ISO Burner.lnk -> C:\Users\Administrator\Desktop\4Media ISO Burner.lnk -> [2011/05/20 16:06:28 | 000,001,867 | ---- | C] ()
    Install 4Media ISO Burner.lnk -> C:\Users\Administrator\Desktop\Install 4Media ISO Burner.lnk -> [2011/05/20 16:04:34 | 000,001,017 | ---- | C] ()
    µTorrent.lnk -> C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> [2011/05/20 15:54:57 | 000,000,776 | ---- | C] ()
    µTorrent.lnk -> C:\Users\Public\Desktop\µTorrent.lnk -> [2011/05/20 15:54:57 | 000,000,752 | ---- | C] ()
    DJ Khaled - I m On One ft. Drake, Rick Ross & Lil Wayne.lnk -> C:\Users\Administrator\Desktop\DJ Khaled - I m On One ft. Drake, Rick Ross & Lil Wayne.lnk -> [2011/05/20 14:48:15 | 000,000,795 | ---- | C] ()
    14. Wale - The Posse Cut (Who Don t) (Ft. Fat Trel & Black Cobain).lnk -> C:\Users\Administrator\Desktop\14. Wale - The Posse Cut (Who Don t) (Ft. Fat Trel & Black Cobain).lnk -> [2011/05/16 11:34:42 | 000,001,131 | ---- | C] ()
    2.jpg -> C:\Users\Administrator\Desktop\2.jpg -> [2011/05/10 18:33:09 | 000,023,705 | ---- | C] ()
    oerbartu.job -> C:\Windows\tasks\oerbartu.job -> [2011/05/08 13:11:19 | 000,000,310 | -HS- | C] ()
    dpinstb.dll -> C:\Windows\System32\dpinstb.dll -> [2011/05/08 13:11:17 | 000,135,168 | RHS- | C] ()
    MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2011/05/07 21:48:04 | 174,570,209 | ---- | C] ()
    CCleaner.lnk -> C:\Users\Public\Desktop\CCleaner.lnk -> [2011/05/07 19:31:12 | 000,000,804 | ---- | C] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/05/05 21:57:10 | 000,000,906 | ---- | C] ()
    1080647302 -> C:\ProgramData\1080647302 -> [2011/05/02 21:39:03 | 000,010,280 | -HS- | C] ()
    0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> C:\Users\Administrator\AppData\Local\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> [2011/05/02 21:39:03 | 000,010,280 | -HS- | C] ()
    0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> C:\ProgramData\0o7l0g3c1o417th51a72l7ia164x0qlgr83h0 -> [2011/05/02 21:38:58 | 000,011,690 | -HS- | C] ()
    Tnisitam.dat -> C:\Users\Administrator\AppData\Local\Tnisitam.dat -> [2010/06/29 16:47:25 | 000,000,120 | ---- | C] ()
    Idixucenafidacos.bin -> C:\Users\Administrator\AppData\Local\Idixucenafidacos.bin -> [2010/06/29 16:47:25 | 000,000,000 | ---- | C] ()
    mlfcache.dat -> C:\Windows\System32\mlfcache.dat -> [2009/11/16 07:43:09 | 000,167,116 | -H-- | C] ()
    War3Unin.dat -> C:\Windows\War3Unin.dat -> [2009/02/02 17:46:25 | 000,123,300 | ---- | C] ()
    ezsidmv.dat -> C:\Windows\System32\ezsidmv.dat -> [2008/10/30 19:54:52 | 000,000,056 | -H-- | C] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/10/10 23:43:35 | 000,020,992 | ---- | C] ()
    StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2008/09/25 09:18:41 | 000,106,605 | ---- | C] ()
    StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2008/09/25 09:18:41 | 000,018,904 | ---- | C] ()
    nsreg.dat -> C:\Windows\nsreg.dat -> [2008/09/23 15:35:38 | 000,000,000 | ---- | C] ()
    PciBus.sys -> C:\Windows\System32\drivers\PciBus.sys -> [2008/09/19 14:06:04 | 000,003,972 | ---- | C] ()
    VMix.dll -> C:\Windows\VMix.dll -> [2008/09/19 13:45:26 | 000,065,536 | ---- | C] ()
    c6501.ini -> C:\Windows\c6501.ini -> [2008/09/19 13:45:26 | 000,000,281 | ---- | C] ()
    d3d9caps.dat -> C:\Users\Administrator\AppData\Local\d3d9caps.dat -> [2008/09/19 13:39:19 | 000,001,356 | ---- | C] ()
    c6501rm.dll -> C:\Windows\System32\c6501rm.dll -> [2008/06/03 12:11:45 | 000,053,248 | ---- | C] ()
    ASACPI.sys -> C:\Windows\System32\drivers\ASACPI.sys -> [2008/06/02 12:04:07 | 000,005,810 | ---- | C] ()
    SP207.INI -> C:\Windows\System32\SP207.INI -> [2007/10/25 23:02:54 | 000,000,566 | ---- | C] ()
    bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 07:53:49 | 000,067,584 | --S- | C] ()
    FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 07:44:53 | 000,389,760 | ---- | C] ()
    perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 05:33:01 | 000,607,168 | ---- | C] ()
    perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 05:33:01 | 000,287,440 | ---- | C] ()
    perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 05:33:01 | 000,104,808 | ---- | C] ()
    perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 05:33:01 | 000,030,674 | ---- | C] ()
    dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 05:23:21 | 000,215,943 | ---- | C] ()
    mib.bin -> C:\Windows\mib.bin -> [2006/11/02 03:58:30 | 000,043,131 | ---- | C] ()
    NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 03:19:00 | 000,000,741 | ---- | C] ()
    pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 000,013,750 | ---- | C] ()
    mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 02:25:31 | 000,673,088 | ---- | C] ()

    [Alternate Data Streams]
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
     
  12. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    GMER

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-05-29 13:29:11
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort4 Hitachi_HDT725032VLA360 rev.V54OA7EA
    Running: hn2o0lc6.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldapoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C20F340, 0x3D9767, 0xE8000020]
    ? C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[200] kernel32.dll!SetUnhandledExceptionFilter 75CD6E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
    .text C:\Windows\system32\svchost.exe[1024] ole32.dll!CoCreateInstance 75F3E2D8 5 Bytes JMP 009C000A
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!GetForegroundWindow 75B8E697 5 Bytes JMP 0219000A
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!GetCursorPos 75BA0F5E 5 Bytes JMP 01D4000A
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!WindowFromPoint 75BB3ADE 5 Bytes JMP 0218000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!ExtTextOutW 771C82B1 5 Bytes JMP 02E1D514
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!GetGlyphIndicesW 771CC249 5 Bytes JMP 02E1D9A1
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!TextOutW 771CF4FD 5 Bytes JMP 02E1CFE0
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!ExtTextOutA 771CFE29 5 Bytes JMP 02E1D430
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!TextOutA 771CFE86 5 Bytes JMP 02E1CF14
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] GDI32.dll!GetGlyphIndicesA 771E99F0 5 Bytes JMP 02E1D8D4
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DialogBoxIndirectParamW 75B8BD25 5 Bytes JMP 70B60D2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DrawTextExW 75B98D88 5 Bytes JMP 02E1D349
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DrawTextW 75B99157 5 Bytes JMP 02E1D187
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!TrackPopupMenu 75BA1417 5 Bytes JMP 053344A0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DialogBoxParamW 75BA1FD5 5 Bytes JMP 02E1C23C
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DrawTextA 75BA2B3D 5 Bytes JMP 02E1D0AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DrawTextExA 75BA2B74 5 Bytes JMP 02E1D262
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!TrackPopupMenuEx 75BB0F4D 5 Bytes JMP 05334600 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!SetClipboardData 75BC62F8 5 Bytes JMP 02E1CDFD
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DialogBoxParamA 75BC80B2 5 Bytes JMP 70B60CF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!DialogBoxIndirectParamA 75BC83DD 5 Bytes JMP 70B60D68 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!MessageBoxIndirectA 75BDD471 5 Bytes JMP 70B60C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!MessageBoxIndirectW 75BDD56B 5 Bytes JMP 70B60C2F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!MessageBoxExA 75BDD5D1 5 Bytes JMP 70B60BF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] USER32.dll!MessageBoxExW 75BDD5F5 5 Bytes JMP 70B60BBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] ole32.dll!OleLoadFromStream 75F09794 5 Bytes JMP 70B60F2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!closesocket 7728330C 5 Bytes JMP 02E1CD56
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!recv 7728343A 5 Bytes JMP 02E1C970
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!GetAddrInfoW 77283D12 5 Bytes JMP 02E1BE67
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!getaddrinfo 7728418A 5 Bytes JMP 02E1BD87
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!WSASend 77284496 5 Bytes JMP 02E1CA1E
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!send 7728659B 5 Bytes JMP 02E1C8CB
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!WSARecv 77288400 5 Bytes JMP 02E1CAF2
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!WSAAsyncGetHostByName 77295FB9 5 Bytes JMP 02E1C15D
    .text C:\Program Files\Internet Explorer\iexplore.exe[1776] WS2_32.dll!gethostbyname 772962D4 5 Bytes JMP 02E1BCC6
    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2076] kernel32.dll!SetUnhandledExceptionFilter 75CD6E2D 4 Bytes [C2, 04, 00, 00]

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----





    Hijack This

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:11:28 PM, on 5/29/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18602)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [R8388QA8U8] C:\Windows\TEMP\Vpd.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [R8388QA8U8] C:\Windows\TEMP\Vpd.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O16 - DPF: {F53E8C5B-347E-4638-89BE-94639E22E21A} (LimeUSA ???) - http://www.limeusa.com/append/application/LimeUsaCtrl-MFC9.CAB
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    --
    End of file - 7483 bytes
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,420
    First Name:
    Derek
  14. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    I did run the program, and it told me to reboot my computer, but the thing is i cant turn off my computer correctly. When i do the standard toolbar shut down, when it goes into the shutdown screen, a blue screen error always pops up and my computer restarts for no reason. So no notepad log popped up when it restarted!!
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    54,420
    First Name:
    Derek
    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  16. johnyi

    johnyi Thread Starter

    Joined:
    May 6, 2011
    Messages:
    37
    So how do i look for that folder? Sorry im not that great with computers :'(
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/998123

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice