Jump to content

Recommended Posts

Here is my log

Malwarebytes' Anti-Malware 1.36

Database version: 2106

Windows 5.1.2600 Service Pack 3

6/21/2009 9:01:00 PM

mbam-log-2009-06-21 (21-00-44).txt

Scan type: Full Scan (C:\|)

Objects scanned: 135362

Time elapsed: 30 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.BHO.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.BHO.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.Agent) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\amstrea.dll (Trojan.BHO.H) -> No action taken.

C:\Documents and Settings\Stephen Hall\Local Settings\Temp\sucmbdxy.dat (Rootkit.Agent) -> No action taken.

Basically after restart all these things remain on the computer have used Bitdefender... Malwarebytes and Stopzilla and they all detect the virus but can't remove it after reboot. I have tried to manually remove amstrea and the infected registry files and it won't work. Have tried to use unlockers, registry editor, aftermarket reg edits, in safe and normal modes tried to remove it with system restore off. When trying to manually remove I think I have my permissions set right but I can't remove it and I also can't change my permissions when logged in to my normal or admin accounts. Any insight would be much appreciated.

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Here is my log

ComboFix 09-06-21.01 - Stephen Hall 06/22/2009 9:24.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2139 [GMT -4:00]

Running from: c:\documents and settings\Stephen Hall\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\amstrea.dll

c:\windows\system32\drivers\ewmfauqq.sys

c:\windows\system32\drivers\uydjcdsj.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_EWMFAUQQ

-------\Service_ewmfauqq

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))

.

2009-06-15 06:03 . 2009-06-15 06:03 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\Sammsoft

2009-06-15 06:03 . 2009-06-15 06:03 -------- d-----w- c:\program files\Advanced Registry Optimizer

2009-06-15 06:00 . 2009-06-15 06:00 -------- d-----w- c:\program files\STOPzilla!

2009-06-13 16:31 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-06-13 16:31 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-06-13 16:30 . 2009-06-13 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-06-13 16:26 . 2009-06-13 16:26 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe

2009-06-13 16:25 . 2009-06-13 16:25 -------- d-----w- c:\program files\QuickTime

2009-06-11 15:01 . 2009-06-11 15:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-10 21:12 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-10 21:12 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-10 00:52 . 2009-06-10 00:52 152576 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Microsoft

2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Windows Live

2009-06-08 22:26 . 2009-06-08 22:26 -------- d-----w- c:\program files\Common Files\Windows Live

2009-05-28 18:16 . 2009-05-28 18:16 17408 ----a-r- c:\windows\system32\SZIO5.dll

2009-05-28 18:15 . 2009-05-28 18:15 294912 ----a-r- c:\windows\system32\SZBase5.dll

2009-05-28 18:14 . 2009-05-28 18:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-22 13:33 . 2008-07-08 04:28 81984 ----a-w- c:\windows\system32\bdod.bin

2009-06-22 13:30 . 2009-05-18 05:59 -------- d-----w- c:\program files\DNA

2009-06-22 13:30 . 2009-05-18 05:59 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\DNA

2009-06-22 13:30 . 2009-06-22 13:30 1392 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2009-06-22 13:30 . 2009-03-22 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-06-22 13:30 . 2009-06-22 13:30 800 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2009-06-21 03:35 . 2009-03-16 18:39 1 ----a-w- c:\documents and settings\Stephen Hall\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-06-13 16:33 . 2009-03-16 18:45 -------- d-----w- c:\program files\Safari

2009-06-13 16:31 . 2008-03-04 15:44 -------- d-----w- c:\program files\Common Files\Apple

2009-06-13 16:31 . 2008-02-27 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-06-10 00:52 . 2009-03-10 11:32 -------- d-----w- c:\program files\Java

2009-06-08 22:45 . 2009-03-16 18:45 26040 ---ha-w- c:\windows\system32\mlfcache.dat

2009-06-08 22:31 . 2009-03-17 15:56 26848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-05-23 17:31 . 2009-05-18 06:00 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\BitTorrent

2009-05-23 17:27 . 2009-05-18 05:59 -------- d-----w- c:\program files\BitTorrent

2009-05-21 15:33 . 2008-12-05 18:06 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-19 03:30 . 2009-03-22 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys

2009-05-11 03:56 . 2009-05-11 03:54 53248 ----a-w- c:\windows\PSEXESVC.EXE

2009-05-11 02:14 . 2009-05-11 02:14 -------- d-----w- c:\program files\MSBuild

2009-05-11 02:14 . 2009-05-11 02:14 -------- d-----w- c:\program files\Reference Assemblies

2009-05-11 01:53 . 2009-04-01 17:21 152576 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-11 00:26 . 2009-05-11 00:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-05-11 00:21 . 2009-05-11 00:21 -------- d-----w- c:\program files\Trend Micro

2009-05-09 17:07 . 2008-02-12 17:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-05-09 17:06 . 2008-02-12 17:22 -------- d-----w- c:\program files\AGEIA Technologies

2009-05-08 21:00 . 2009-05-08 21:00 -------- d--h--r- c:\documents and settings\Stephen Hall\Application Data\SecuROM

2009-05-08 20:50 . 2009-03-18 20:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\documents and settings\Stephen Hall\Application Data\PnkBstrK.sys

2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\documents and settings\Stephen Hall\Application Data\PnkBstrK.sys

2009-05-08 20:43 . 2009-05-08 20:43 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-05-08 20:43 . 2009-05-08 20:43 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-05-08 20:43 . 2009-05-08 20:43 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2009-05-08 20:33 . 2009-03-18 17:04 -------- d-----w- c:\program files\Ubisoft

2009-05-08 20:33 . 2007-12-06 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-07 15:32 . 2008-08-22 00:07 345600 ----a-w- c:\windows\system32\localspl.dll

2009-05-05 18:15 . 2007-12-06 23:02 -------- d-----w- c:\program files\World of Warcraft

2009-05-04 02:30 . 2009-05-04 02:30 -------- d-----w- c:\program files\JRE

2009-05-04 02:30 . 2009-03-16 18:35 -------- d-----w- c:\program files\OpenOffice.org 3

2009-05-04 02:29 . 2009-05-04 02:29 -------- d-----w- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files

2009-05-02 00:16 . 2009-05-02 00:16 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\TeamViewer

2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe

2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe

2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll

2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll

2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll

2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll

2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll

2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin

2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-05-01 02:02 . 2007-12-06 09:17 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-05-01 02:02 . 2007-12-05 06:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-05-01 02:02 . 2005-12-28 09:01 9994240 ----a-w- c:\windows\system32\nvoglnt.dll

2009-05-01 02:02 . 2005-12-28 09:01 806912 ----a-w- c:\windows\system32\nvapi.dll

2009-05-01 02:02 . 2005-12-28 09:01 143360 ----a-w- c:\windows\system32\nvcodins.dll

2009-05-01 02:02 . 2005-12-28 09:01 143360 ----a-w- c:\windows\system32\nvcod.dll

2009-05-01 02:02 . 2005-12-28 09:01 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-05-01 02:02 . 2005-12-28 09:01 5896320 ----a-w- c:\windows\system32\nv4_disp.dll

2009-04-30 02:55 . 2009-04-27 17:44 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\SUPERAntiSpyware.com

2009-04-30 02:55 . 2009-04-27 17:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-04-30 02:54 . 2009-04-08 22:04 -------- d-----w- c:\program files\Registrar Registry Manager

2009-04-27 17:44 . 2009-04-27 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-27 06:40 . 2009-04-27 06:40 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\Malwarebytes

2009-04-27 06:39 . 2009-04-27 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-27 04:42 . 2007-12-06 09:09 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-04-26 01:54 . 2009-04-26 01:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender

2009-04-17 12:26 . 2008-08-22 00:07 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 20:52 . 2009-04-17 05:26 503808 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Mozilla\Firefox\Profiles\pf5mtp2b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2009-04-16 20:51 . 2009-04-17 05:26 81920 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Mozilla\Firefox\Profiles\pf5mtp2b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-13 20:06 . 2008-04-06 22:54 117092 ----a-w- c:\windows\hpoins11.dat

2009-04-07 06:42 . 2009-04-07 06:42 12800 ----a-w- c:\windows\system32\BD039164CB-0.exe

2009-04-06 19:32 . 2009-05-11 00:26 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 19:32 . 2009-05-11 00:26 15504 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll

2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll

2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll

2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll

2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll

2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll

2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll

2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll

2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll

2009-03-24 21:47 . 2009-03-24 22:28 38200 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-03-24 03:11 . 2009-03-24 03:11 5018 --sh--w- c:\windows\system32\visujowo.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_03.02.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-22 13:30 . 2009-06-22 13:30 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat

+ 2009-06-22 12:07 . 2009-06-22 12:07 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat

+ 2009-06-22 13:30 . 2009-06-22 13:30 16384 c:\windows\Temp\Perflib_Perfdata_108.dat

- 2006-02-28 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll

+ 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll

+ 2009-06-13 16:29 . 2009-06-05 15:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys

+ 2009-06-13 16:29 . 2009-06-05 15:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys

+ 2009-06-13 16:31 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys

- 2006-02-28 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-06-08 22:30 . 2009-06-08 22:30 58945 c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe

+ 2009-06-10 22:02 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll

+ 2009-06-10 22:02 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll

+ 2009-05-11 21:40 . 2008-10-16 18:06 268648 c:\windows\system32\mucltui.dll

+ 2009-06-10 00:52 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe

- 2009-04-01 17:22 . 2009-03-09 09:19 148888 c:\windows\system32\javaws.exe

+ 2009-06-10 00:52 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe

- 2009-04-01 17:22 . 2009-03-09 09:19 144792 c:\windows\system32\javaw.exe

+ 2009-06-10 00:52 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe

- 2009-04-01 17:22 . 2009-03-09 09:19 144792 c:\windows\system32\java.exe

+ 2006-02-28 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll

- 2006-02-28 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe

+ 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe

+ 2007-12-07 04:47 . 2009-06-10 22:41 145216 c:\windows\system32\FNTCACHE.DAT

+ 2009-06-13 16:31 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll

+ 2006-02-28 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll

+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll

+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll

+ 2006-02-28 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll

+ 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe

- 2006-02-28 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-06-13 16:33 . 2009-06-13 16:33 307200 c:\windows\Installer\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}\SafariIco.exe

+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll

+ 2009-06-10 22:02 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll

+ 2009-06-10 22:02 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll

+ 2009-06-10 22:02 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe

+ 2009-06-10 22:02 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll

+ 2009-06-10 22:02 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll

+ 2009-06-10 22:02 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe

+ 2009-05-11 12:19 . 2009-05-11 12:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll

+ 2009-05-11 12:16 . 2009-05-11 12:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll

+ 2009-05-11 12:16 . 2009-05-11 12:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe

+ 2009-05-11 12:17 . 2009-05-11 12:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll

+ 2009-05-11 03:56 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll

+ 2009-05-11 03:56 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe

+ 2006-02-28 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll

+ 2006-02-28 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll

+ 2007-08-13 23:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll

- 2007-08-13 23:34 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll

+ 2009-06-13 16:29 . 2009-06-05 15:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll

+ 2009-06-13 16:29 . 2009-06-05 15:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll

+ 2008-10-15 15:43 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys

+ 2006-02-28 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll

+ 2006-02-28 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll

- 2007-12-07 07:49 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll

+ 2007-12-07 07:49 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll

+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll

+ 2009-06-10 22:02 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll

+ 2009-06-10 22:02 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll

+ 2009-06-10 22:02 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll

+ 2009-05-11 12:19 . 2009-05-11 12:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll

+ 2009-05-11 12:16 . 2009-05-11 12:16 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll

+ 2009-05-11 12:16 . 2009-05-11 12:16 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll

+ 2009-04-08 21:44 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe

+ 2007-08-13 23:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll

+ 2007-12-07 07:49 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll

+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll

+ 2009-06-10 22:02 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll

+ 2009-05-11 12:18 . 2009-05-11 12:18 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll

+ 2009-05-11 12:17 . 2009-05-11 12:17 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Reaper Gaming Mouse"="c:\progra~1\Ideazon\Reaper\Reaper_Settings.exe" [2006-11-22 1507328]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Google Update"="c:\documents and settings\Stephen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-18 321344]

"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-04-09 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-13 81920]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]

"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-10-18 2879488]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-18 16264192]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\Stephen Hall\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:6881

"6999:TCP"= 6999:TCP:6999

"6998:TCP"= 6998:TCP:6998

"6997:TCP"= 6997:TCP:6997

"6996:TCP"= 6996:TCP:6996

"6112:TCP"= 6112:TCP:blizzard Downloader

"3724:TCP"= 3724:TCP:3724

"6882:TCP"= 6882:TCP:6882

"6883:TCP"= 6883:TCP:6883

"6884:TCP"= 6884:TCP:6884

"6885:TCP"= 6885:TCP:6885

"6886:TCP"= 6886:TCP:6886

"6887:TCP"= 6887:TCP:6887

"6888:TCP"= 6888:TCP:6888

"6889:TCP"= 6889:TCP:6889

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]

R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [1/22/2008 9:55 AM 1395840]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/24/2009 6:29 PM 33176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EWMFAUQQ

*Deregistered* - ewmfauqq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1004.job

- c:\documents and settings\Stephen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 03:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: &Search

LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-22 09:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:8c,df,03,6f,9f,62,5e,88,68,2f,09,6a,ba,7c,9e,5e,45,fc,1b,d4,5a,

a6,1f,dc,26,4b,b4,0d,7a,9d,21,9a,b9,fe,82,a1,9f,c1,b8,82,2a,93,a8,33,50,c0,\

"rkeysecu"=hex:5b,fc,aa,20,af,e0,a0,97,84,f6,e2,85,da,cb,18,03

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)

c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2828)

c:\windows\system32\WININET.dll

c:\program files\RocketDock\RocketDock.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

c:\program files\Ideazon\Reaper\Reaper_Settings.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\BitDefender\BitDefender 2008\vsserv.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Completion time: 2009-06-22 9:34 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-22 13:34

ComboFix2.txt 2009-05-11 03:05

Pre-Run: 267,419,553,792 bytes free

Post-Run: 267,752,751,104 bytes free

435 --- E O F --- 2009-06-10 22:03

Link to post
Share on other sites

  • Staff

Hi,

Navigate to and delete the following file:

c:\windows\system32\visujowo.dll

It's a hidden file, so make sure hidden files and folders are shown.

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.