Question: Still having issues after resolved Last HJT.. - Page 3

scrypt · 3 Weeks Ago

Eddy...

Here is my Combofix Output :

ComboFix 09-10-25.02 - Mark 26/10/2009 16:45.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1876 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\winsbak.reg

.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\users\Mark\AppData\Roaming\OnlineArmor
2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\programdata\OnlineArmor
2009-10-25 13:18 . 2009-09-30 08:51 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-10-25 13:18 . 2009-09-30 08:51 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-10-25 13:18 . 2009-09-17 22:44 30800 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-10-25 12:55 . 2009-10-25 12:55 -------- d-----w- c:\programdata\ZA_PreservedFiles
2009-10-25 00:24 . 2009-10-25 00:24 -------- d-----w- c:\program files\Tall Emu
2009-10-24 15:57 . 2009-10-25 13:00 -------- d-----w- c:\users\Mark\AppData\Local\temp(78)
2009-10-22 11:52 . 2009-10-22 11:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-22 11:52 . 2009-10-22 11:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-22 11:52 . 2009-10-22 11:52 -------- d-----w- c:\windows\system32\drivers\NIS
2009-10-22 11:52 . 2009-10-22 11:52 -------- d-----w- c:\program files\Norton Internet Security
2009-10-22 05:15 . 2009-10-22 05:15 -------- d---a-w- c:\windows\rundll16.exe
2009-10-22 05:15 . 2009-10-22 05:15 -------- d---a-w- c:\windows\logo1_.exe
2009-10-21 18:42 . 2008-08-06 08:26 286720 ----a-w- c:\temp\SbFwCleaner.exe
2009-10-21 18:42 . 2008-08-06 08:26 94720 ----a-w- c:\temp\MsiZap.exe
2009-10-21 17:30 . 2009-10-21 18:42 -------- d-----w- C:\Temp
2009-10-21 17:09 . 2007-07-25 07:42 126976 ----a-w- c:\windows\system32\iavlsp.dll
2009-10-21 16:28 . 2007-09-20 12:12 12800 ----a-w- c:\windows\system32\drivers\elrawdsk.sys
2009-10-21 16:28 . 2007-10-02 10:41 39424 ----a-w- c:\windows\system32\xpacket.sys
2009-10-21 16:28 . 2009-10-21 23:31 -------- d-----w- c:\program files\iolo
2009-10-21 16:24 . 2009-10-21 16:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-10-21 15:25 . 2009-10-21 15:25 -------- d-----w- c:\program files\Mozilla Thunderbird(12)
2009-10-21 06:49 . 2009-10-21 06:49 -------- d-----w- c:\users\Mark\AppData\Roaming\CheckPoint
2009-10-21 04:12 . 2009-10-21 05:09 -------- d-----w- c:\program files\Spyware Doctor(14)
2009-10-19 23:16 . 2009-10-22 00:46 -------- d-----w- c:\program files\Agnitum
2009-10-19 22:35 . 2009-10-21 18:43 -------- d-----w- c:\program files\Sunbelt Software
2009-10-19 17:43 . 2009-10-19 17:43 -------- d-----w- c:\users\Mark\AppData\Local\Blizzard Entertainment
2009-10-19 12:44 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-19 12:40 . 2009-10-19 12:42 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 12:11 . 2009-10-19 12:11 -------- d-----w- c:\program files\FileHippo.com
2009-10-19 02:12 . 2009-10-19 02:11 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-18 14:57 . 2009-10-18 14:58 13755628 ----a-w- c:\windows\REGBK00.ZIP
2009-10-18 14:32 . 2009-10-18 14:32 -------- d-----w- c:\windows\$ESUPD_ROLLBACK$
2009-10-18 14:28 . 2009-05-08 15:39 270472 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2009-10-18 14:27 . 2009-10-18 14:27 -------- d-----w- c:\users\Mark\AppData\Roaming\MicroWorld
2009-10-18 14:23 . 2009-07-15 18:08 13840 ----a-w- c:\windows\system32\sporder.dll
2009-10-18 14:23 . 2009-07-30 23:52 237576 ----a-w- c:\windows\inst_tspx.exe
2009-10-18 12:28 . 2009-10-18 12:28 237112 ----a-w- c:\windows\winsbak2.reg
2009-10-18 12:08 . 2009-10-25 12:40 -------- d-----w- c:\program files\AskBarDis
2009-10-18 12:04 . 2009-10-18 12:04 -------- d-----w- c:\programdata\CheckPoint
2009-10-18 11:36 . 2009-07-30 23:51 125448 ----a-w- c:\windows\killproc.exe
2009-10-18 11:35 . 2009-10-18 14:34 1120776 ----a-w- c:\windows\system32\contfilt.dll
2009-10-18 11:35 . 2009-10-18 14:34 178696 ----a-w- c:\windows\system32\mwnsp.dll
2009-10-18 11:35 . 2009-07-31 00:01 182792 ----a-w- c:\windows\system32\BACKUP.12031285.mwnsp.dll
2009-10-18 11:35 . 2009-07-31 00:00 1124872 ----a-w- c:\windows\system32\BACKUP.35534784.contfilt.dll
2009-10-18 11:35 . 1997-09-18 05:12 7680 ----a-w- c:\windows\sporder.exe
2009-10-18 11:35 . 1997-09-18 05:12 9488 ----a-w- c:\windows\sporder.dll
2009-10-18 11:35 . 2009-10-22 05:07 539144 ----a-w- c:\windows\system32\mwtsp.dll
2009-10-18 11:35 . 2009-07-31 16:41 543240 ----a-w- c:\windows\system32\BACKUP.42325722.mwtsp.dll
2009-10-18 11:35 . 2009-07-30 23:52 543240 ----a-w- c:\windows\system32\BACKUP.80163111.mwtsp.dll
2009-10-18 11:35 . 2009-07-30 23:52 178696 ----a-w- c:\windows\inst_tsp.exe
2009-10-18 11:35 . 2005-10-09 17:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
2009-10-18 11:35 . 2000-04-03 21:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL
2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\VDLL.DLL
2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\system32\runouce.exe
2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\logo_1.exe
2009-10-18 11:16 . 2009-10-18 11:16 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-10-18 11:16 . 2009-10-18 11:16 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-10-18 11:16 . 2009-10-22 04:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-10-18 11:16 . 2009-10-22 11:24 -------- d-----w- c:\programdata\MicroWorld
2009-10-18 11:09 . 2009-10-18 14:19 -------- d-----w- c:\users\Mark\AppData\Roaming\Download Manager
2009-10-18 02:07 . 2009-10-19 23:49 -------- d-----w- c:\programdata\Webroot
2009-10-18 02:07 . 2009-10-18 02:07 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-10-18 02:07 . 2007-11-26 13:47 194888 ----a-w- c:\windows\Unwash6.exe
2009-10-18 01:42 . 2009-09-24 07:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-10-17 12:31 . 2009-10-22 12:12 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-16 18:30 . 2009-10-22 04:34 -------- d-----w- c:\programdata\Google Updater
2009-10-16 18:14 . 2009-10-21 04:12 -------- d-----w- c:\users\Mark\AppData\Roaming\PC Tools
2009-10-16 17:54 . 2009-10-16 17:54 -------- d-----w- c:\users\Mark\AppData\Roaming\TuneUp Software
2009-10-16 17:52 . 2009-10-16 17:52 -------- d-----w- c:\programdata\TuneUp Software
2009-10-16 17:02 . 2009-10-16 17:02 -------- d-----w- c:\program files\ThreatFire
2009-10-15 14:26 . 2009-10-15 14:26 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-15 14:26 . 2009-10-15 14:30 -------- d-----w- c:\program files\Windows Live
2009-10-15 05:47 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-15 03:01 . 2009-10-15 03:01 -------- d-----w- C:\#GDATA.Trash.Store#
2009-10-15 02:49 . 2009-10-15 02:49 46536 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-10-15 02:48 . 2009-10-15 02:48 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\programdata\G DATA
2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\program files\G Data
2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\program files\Common Files\G DATA
2009-10-14 17:13 . 2009-10-14 17:14 -------- d-----w- C:\ComFx
2009-10-14 16:08 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 14:15 . 2009-10-14 14:15 -------- d-----w- c:\users\Mark\AppData\Local\Broadcom
2009-10-14 03:09 . 2009-06-29 11:44 485888 ----a-w- c:\windows\system32\stapi32.dll
2009-10-14 03:07 . 2009-10-25 21:27 -------- d-----w- c:\program files\IDT
2009-10-14 03:03 . 2008-11-12 20:23 84008 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2009-10-14 03:03 . 2008-11-12 20:23 109096 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2009-10-14 03:03 . 2008-11-12 20:23 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2009-10-14 03:03 . 2008-07-25 14:41 29736 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2009-10-14 03:02 . 2008-11-17 18:04 225280 ----a-w- c:\windows\system32\BtwRSupport.dll
2009-10-14 02:59 . 2009-07-29 12:46 212528 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2009-10-14 02:59 . 2009-05-08 13:47 108606 ----a-w- c:\windows\system32\Vxdif.dll
2009-10-14 02:55 . 2009-10-14 02:55 -------- d-----w- c:\programdata\ATI
2009-10-13 02:07 . 2009-10-26 16:45 -------- d-----w- c:\users\Mark\AppData\Local\CrashDumps
2009-10-12 13:06 . 2009-10-12 14:22 -------- d-----w- c:\users\Mark\Tracing
2009-10-11 00:04 . 2009-10-11 00:04 -------- d-----w- c:\users\Mark\AppData\Local\COMODO
2009-10-10 20:41 . 2009-10-12 12:14 222225 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-10 20:36 . 2009-10-24 14:57 -------- d-----w- c:\program files\COMODO
2009-10-08 16:25 . 2009-10-08 16:25 -------- d-----w- c:\program files\SimBin
2009-10-08 16:25 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-08 16:25 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-08 16:25 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-08 14:46 . 2009-10-21 23:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2009-10-08 14:32 . 2009-10-08 14:32 524288 ----a-w- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr
2009-10-08 14:32 . 2009-10-08 14:32 -------- d-----w- c:\programdata\Screentime
2009-10-08 14:31 . 2009-10-08 14:32 -------- d-----w- c:\users\Mark\AppData\Local\Screentime
2009-10-07 18:58 . 2009-10-07 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-07 18:57 . 2009-10-21 17:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 18:57 . 2009-10-07 18:57 -------- d-----w- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com
2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\users\Mark\AppData\Local\Tific
2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\users\Mark\AppData\Roaming\Tific
2009-10-06 22:09 . 2009-10-06 22:09 -------- d-----w- c:\program files\ATI
2009-10-05 20:25 . 2008-12-27 01:15 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-10-05 20:25 . 2009-10-06 12:27 -------- d-----w- c:\program files\Paragon Software
2009-10-05 18:53 . 2009-10-15 00:34 -------- d-----w- c:\program files\EASEUS
2009-10-05 06:30 . 2009-10-05 06:30 -------- d-----w- c:\program files\AeriaGames
2009-10-05 03:23 . 2009-10-15 00:47 -------- d-----w- C:\AeriaGames
2009-10-05 02:41 . 2009-10-12 12:02 -------- d-----w- c:\program files\Common Files\Akamai
2009-10-04 20:58 . 2009-10-04 20:58 191008 ----a-w- c:\windows\system32\npkcmsvc.exe
2009-10-04 20:05 . 2009-10-05 12:07 -------- d-----w- c:\program files\Games-Masters.com
2009-10-04 19:37 . 2009-10-04 19:37 65536 ----a-w- c:\windows\IFinst27.exe
2009-10-04 19:00 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 18:14 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-26 16:31 . 2009-08-14 15:11 -------- d-----w- c:\program files\isposure
2009-10-26 16:02 . 2009-08-14 15:11 -------- d-----w- c:\programdata\Epitiro
2009-10-25 21:27 . 2009-08-13 14:26 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-10-25 13:38 . 2009-08-13 10:48 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-25 12:56 . 2009-08-13 15:16 -------- d-----w- c:\program files\Desktop Maestro
2009-10-25 12:41 . 2009-09-24 10:33 -------- d-----w- c:\program files\Ashampoo
2009-10-23 10:27 . 2009-08-13 10:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-22 11:52 . 2009-08-13 12:39 -------- d-----w- c:\program files\Symantec
2009-10-22 11:52 . 2009-10-22 11:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-22 11:52 . 2009-10-22 11:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-22 11:52 . 2009-08-13 12:38 -------- d-----w- c:\programdata\Norton
2009-10-22 11:52 . 2009-08-14 09:21 -------- d-----w- c:\program files\NortonInstaller
2009-10-22 00:47 . 2009-09-13 12:44 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-21 04:12 . 2009-08-17 22:49 -------- d-----w- c:\programdata\PC Tools
2009-10-19 23:49 . 2009-08-15 19:28 -------- d-----w- c:\program files\Webroot
2009-10-19 12:16 . 2009-08-15 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-17 17:37 . 2009-08-13 14:42 -------- d-----w- c:\users\Mark\AppData\Roaming\Thunderbird
2009-10-17 17:37 . 2009-09-25 17:54 -------- d-----w- c:\programdata\page
2009-10-17 17:37 . 2009-09-13 13:18 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-17 17:37 . 2009-08-15 02:12 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 17:37 . 2009-08-14 09:36 -------- d-----r- c:\program files\Norton Support
2009-10-17 17:37 . 2009-08-13 12:44 -------- d-----w- c:\program files\CCleaner
2009-10-17 11:50 . 2009-08-31 10:34 -------- d-----w- c:\users\Mark\AppData\Roaming\Webroot
2009-10-16 18:32 . 2009-08-25 14:51 -------- d-----w- c:\program files\Google
2009-10-15 01:28 . 2009-08-20 22:10 -------- d-----w- c:\users\Mark\AppData\Roaming\TeamViewer
2009-10-15 01:26 . 2009-08-20 22:10 -------- d-----w- c:\program files\TeamViewer
2009-10-15 00:39 . 2009-09-18 16:34 -------- d-----w- c:\programdata\Apple Computer
2009-10-14 17:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 02:59 . 2009-08-15 03:41 -------- d-----w- c:\program files\DellTPad
2009-10-14 02:54 . 2009-08-15 04:16 -------- d-----w- c:\program files\ATI Technologies
2009-10-13 09:27 . 2009-08-15 07:40 -------- d-----w- c:\program files\Trend Micro
2009-10-12 16:17 . 2009-08-15 07:17 -------- d-----w- c:\program files\KeyScrambler
2009-10-08 16:53 . 2009-08-13 11:52 -------- d-----w- c:\program files\Microsoft
2009-10-07 15:33 . 2009-08-14 15:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-06 22:04 . 2009-08-13 10:41 680 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat
2009-10-05 18:28 . 2009-10-05 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-10-04 21:33 . 2009-08-15 07:17 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2009-10-04 20:36 . 2009-08-13 10:41 118552 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-03 12:39 . 2009-09-15 02:20 -------- d-----w- c:\program files\Sophos
2009-10-03 12:33 . 2009-09-18 16:32 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 10:04 . 2009-09-20 11:07 -------- d-----w- c:\program files\DivX
2009-09-29 10:04 . 2009-08-25 14:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-25 21:21 . 2009-09-25 21:21 -------- d-----w- c:\program files\Curse
2009-09-25 18:20 . 2009-09-25 18:02 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-09-25 16:50 . 2009-08-13 13:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-09-25 15:45 . 2009-09-18 16:38 -------- d-----w- c:\users\Mark\AppData\Roaming\Apple Computer
2009-09-25 12:55 . 2009-08-15 18:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-25 02:56 . 2009-09-20 11:54 -------- d-----w- c:\program files\CyberLink
2009-09-24 10:37 . 2009-09-24 10:33 -------- d-----w- c:\users\Mark\AppData\Roaming\Ashampoo
2009-09-24 10:33 . 2009-09-24 10:33 -------- d-----w- c:\programdata\ashampoo
2009-09-24 07:55 . 2009-09-13 12:45 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 14:10 . 2009-09-13 12:44 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-20 12:02 . 2009-09-20 12:02 -------- d-----w- c:\programdata\CyberLink
2009-09-20 11:59 . 2009-09-20 11:59 -------- d-----w- c:\users\Mark\AppData\Roaming\CyberLink
2009-09-20 11:11 . 2009-09-20 11:11 -------- d-----w- c:\users\Mark\AppData\Roaming\DivX
2009-09-19 12:49 . 2009-09-19 12:24 -------- d-----w- c:\program files\Common Files\Symantec Shared(159)
2009-09-19 12:09 . 2009-08-31 05:45 -------- d-----w- c:\programdata\NortonInstaller
2009-09-18 13:08 . 2009-08-15 19:28 1563008 ----a-w- c:\windows\WRSetup.dll
2009-09-17 22:48 . 2009-09-13 20:58 -------- d-----w- c:\programdata\Skype
2009-09-16 13:19 . 2009-09-13 12:44 87656 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-16 01:20 . 2009-10-15 17:14 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 00:12 . 2009-10-18 01:42 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01 . 2009-10-18 01:42 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-14 09:29 . 2009-10-14 16:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-13 13:03 . 2009-09-03 23:43 -------- dc-h--w- c:\programdata\~3
2009-09-11 18:28 . 2009-09-09 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 17:00 . 2009-08-15 01:56 -------- d-----w- c:\users\Mark\AppData\Roaming\Ahead
2009-09-11 15:22 . 2009-09-11 09:57 -------- d-----w- c:\program files\Common Files\Nero
2009-09-11 15:21 . 2009-08-15 01:53 -------- d-----w- c:\program files\Nero
2009-09-11 10:01 . 2009-09-11 10:00 -------- d-----w- c:\users\Mark\AppData\Roaming\Nero
2009-09-11 09:59 . 2009-08-15 01:53 -------- d-----w- c:\programdata\Nero
2009-09-10 14:30 . 2009-09-10 07:30 -------- d-----w- c:\programdata\Symantec
2009-09-10 13:54 . 2009-08-15 07:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-08-15 07:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 18:24 . 2009-08-13 11:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 16:44 . 2009-10-05 03:51 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-10-05 03:51 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-10-05 03:51 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-10-05 03:51 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-10-05 03:51 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-10-05 03:51 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-10-05 03:51 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-10-05 03:51 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 11:41 . 2009-10-14 16:07 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 23:43 . 2009-08-28 11:39 -------- d-----w- c:\programdata\Lavasoft
2009-09-03 23:43 . 2009-08-28 11:39 -------- d-----w- c:\program files\Lavasoft
2009-09-03 09:17 . 2009-09-25 09:29 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-01 22:56 . 2009-09-01 01:16 -------- dc-h--w- c:\programdata\~2
2009-09-01 22:05 . 2009-09-01 22:05 -------- d-----w- c:\program files\JRE
2009-09-01 22:04 . 2009-08-27 06:32 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-01 22:01 . 2009-08-15 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-01 01:02 . 2009-08-29 11:10 -------- dc-h--w- c:\programdata\~1
2009-09-01 00:39 . 2009-08-15 02:17 -------- d-----w- c:\program files\Microsoft.NET
2009-09-01 00:39 . 2009-08-15 02:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-31 11:34 . 2009-08-31 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(165)
2009-08-31 10:34 . 2009-08-31 10:34 -------- d-----w- c:\programdata\Webroot(246)
2009-08-31 10:34 . 2009-08-31 10:34 -------- d-----w- c:\program files\Webroot(179)
2009-08-31 06:57 . 2009-08-31 06:26 -------- d-----w- c:\program files\Norton Internet Security(174)
2009-08-31 06:51 . 2009-08-31 05:46 -------- d-----w- c:\program files\Common Files\Symantec Shared(145)
2009-08-31 06:50 . 2009-08-31 05:46 -------- d-----w- c:\program files\Symantec(178)
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-10-13 529928]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\OAui.exe" [2009-09-30 6393544]

c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-17 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-09-30 852680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming ^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):52,a1,6b,ed,1f,1c,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19/10/2009 12:44 64288]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [13/09/2009 12:44 207280]
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1100000.088\ SymDS.sys [22/10/2009 11:52 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1100000 .088\SymEFA.sys [22/10/2009 11:52 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20090921.001\BHDrvx86.sys [21/09/2009 23:07 507440]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1100000.0 88\ccHPx86.sys [22/10/2009 11:52 501888]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\el rawdsk.sys [21/10/2009 16:28 12800]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0091021.001\IDSvix86.sys [23/10/2009 09:58 342576]
R1 OADevice;OADriver;c:\windows\System32\drivers\OADr iver.sys [25/10/2009 13:18 200784]
R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [25/10/2009 13:18 24656]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [13/09/2009 12:45 229304]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [13/08/2009 11:47 58728]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/08/2009 11:47 301928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1100000.088 \Ironx86.sys [22/10/2009 11:52 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1100000.088 \symtdiv.sys [22/10/2009 11:52 338480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [14/10/2009 02:47 176128]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584]
R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584]
R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 07:43 761856]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [22/10/2009 11:52 126392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [25/10/2009 13:18 1244360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [13/08/2009 11:47 918760]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [18/10/2009 02:07 598856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/10/2009 12:49 102448]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [13/08/2009 10:56 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [06/06/2009 23:36 273448]
R3 KeyScrambler;KeyScrambler;c:\windows\System32\driv ers\keyscrambler.sys [15/08/2009 07:17 115312]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [06/03/2009 06:30 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [08/03/2009 16:06 280096]
R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [25/10/2009 13:18 30800]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [25/10/2009 13:18 3316936]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14/10/2009 03:03 29736]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1170768]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\System32\2BB2.tmp [21/10/2009 23:41 6144]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17/06/2009 12:20 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [13/08/2009 15:29 1527900]
S4 gupdate1ca259412019db1;Google Update Service (gupdate1ca259412019db1);c:\program files\Google\Update\GoogleUpdate.exe [25/08/2009 14:55 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:55]

2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:55]

2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{8946D91A-E38D-49E9-99D3-234049A8A4BD}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {4C0C75AA-FE3D-4E8B-BC3A-B977B175ED9A} = 192.168.0.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\6r8uq9l6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt - BT search
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\c oFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\ IPSFFPl.dll
FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\6r8uq9l6.default\extensions\keyscrambler@qfx. software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
AddRemove-ZoneAlarm Pro - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-26 16:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2BB2.tmp"
.
Completion time: 2009-10-26 16:57
ComboFix-quarantined-files.txt 2009-10-26 16:57
ComboFix2.txt 2009-10-24 15:57

Pre-Run: 154,878,418,944 bytes free
Post-Run: 154,850,930,688 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,7
- - End Of File - - 0911DE630AE8160EC6E189FBCA8A95F9

Pancake · 3 Weeks Ago

That looks ok.I dont see any more malware.

scrypt · 3 Weeks Ago

Okay Eddy.

Cheers for checking it over for me.
Appreciate it.

Scrypt

Pancake · 3 Weeks Ago

Your welcome.

3 Weeks Ago	#15
scrypt Tech Member Join Date: Jan 2009 Posts: 160 PC Experience: Experienced	Re: Still having issues after resolved Last H Eddy... Here is my Combofix Output : ComboFix 09-10-25.02 - Mark 26/10/2009 16:45.3.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1876 [GMT 0:00] Running from: c:\users\Mark\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning disabled (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: Sunbelt Personal Firewall disabled {82B1150E-9B37-49FC-83EB-D52197D900D0} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: SUPERAntiSpyware disabled (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware enabled (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\winsbak.reg . ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\users\Mark\AppData\Roaming\OnlineArmor 2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\programdata\OnlineArmor 2009-10-25 13:18 . 2009-09-30 08:51 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-10-25 13:18 . 2009-09-30 08:51 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-10-25 13:18 . 2009-09-17 22:44 30800 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-10-25 12:55 . 2009-10-25 12:55 -------- d-----w- c:\programdata\ZA_PreservedFiles 2009-10-25 00:24 . 2009-10-25 00:24 -------- d-----w- c:\program files\Tall Emu 2009-10-24 15:57 . 2009-10-25 13:00 -------- d-----w- c:\users\Mark\AppData\Local\temp(78) 2009-10-22 11:52 . 2009-10-22 11:56 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-22 11:52 . 2009-10-22 11:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-22 11:52 . 2009-10-22 11:52 -------- d-----w- c:\windows\system32\drivers\NIS 2009-10-22 11:52 . 2009-10-22 11:52 -------- d-----w- c:\program files\Norton Internet Security 2009-10-22 05:15 . 2009-10-22 05:15 -------- d---a-w- c:\windows\rundll16.exe 2009-10-22 05:15 . 2009-10-22 05:15 -------- d---a-w- c:\windows\logo1_.exe 2009-10-21 18:42 . 2008-08-06 08:26 286720 ----a-w- c:\temp\SbFwCleaner.exe 2009-10-21 18:42 . 2008-08-06 08:26 94720 ----a-w- c:\temp\MsiZap.exe 2009-10-21 17:30 . 2009-10-21 18:42 -------- d-----w- C:\Temp 2009-10-21 17:09 . 2007-07-25 07:42 126976 ----a-w- c:\windows\system32\iavlsp.dll 2009-10-21 16:28 . 2007-09-20 12:12 12800 ----a-w- c:\windows\system32\drivers\elrawdsk.sys 2009-10-21 16:28 . 2007-10-02 10:41 39424 ----a-w- c:\windows\system32\xpacket.sys 2009-10-21 16:28 . 2009-10-21 23:31 -------- d-----w- c:\program files\iolo 2009-10-21 16:24 . 2009-10-21 16:24 74703 ----a-w- c:\windows\system32\mfc45.dll 2009-10-21 15:25 . 2009-10-21 15:25 -------- d-----w- c:\program files\Mozilla Thunderbird(12) 2009-10-21 06:49 . 2009-10-21 06:49 -------- d-----w- c:\users\Mark\AppData\Roaming\CheckPoint 2009-10-21 04:12 . 2009-10-21 05:09 -------- d-----w- c:\program files\Spyware Doctor(14) 2009-10-19 23:16 . 2009-10-22 00:46 -------- d-----w- c:\program files\Agnitum 2009-10-19 22:35 . 2009-10-21 18:43 -------- d-----w- c:\program files\Sunbelt Software 2009-10-19 17:43 . 2009-10-19 17:43 -------- d-----w- c:\users\Mark\AppData\Local\Blizzard Entertainment 2009-10-19 12:44 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-19 12:40 . 2009-10-19 12:42 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-19 12:11 . 2009-10-19 12:11 -------- d-----w- c:\program files\FileHippo.com 2009-10-19 02:12 . 2009-10-19 02:11 74328 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-10-18 14:57 . 2009-10-18 14:58 13755628 ----a-w- c:\windows\REGBK00.ZIP 2009-10-18 14:32 . 2009-10-18 14:32 -------- d-----w- c:\windows\$ESUPD_ROLLBACK$ 2009-10-18 14:28 . 2009-05-08 15:39 270472 ------w- c:\windows\system32\drivers\bdfsfltr.sys 2009-10-18 14:27 . 2009-10-18 14:27 -------- d-----w- c:\users\Mark\AppData\Roaming\MicroWorld 2009-10-18 14:23 . 2009-07-15 18:08 13840 ----a-w- c:\windows\system32\sporder.dll 2009-10-18 14:23 . 2009-07-30 23:52 237576 ----a-w- c:\windows\inst_tspx.exe 2009-10-18 12:28 . 2009-10-18 12:28 237112 ----a-w- c:\windows\winsbak2.reg 2009-10-18 12:08 . 2009-10-25 12:40 -------- d-----w- c:\program files\AskBarDis 2009-10-18 12:04 . 2009-10-18 12:04 -------- d-----w- c:\programdata\CheckPoint 2009-10-18 11:36 . 2009-07-30 23:51 125448 ----a-w- c:\windows\killproc.exe 2009-10-18 11:35 . 2009-10-18 14:34 1120776 ----a-w- c:\windows\system32\contfilt.dll 2009-10-18 11:35 . 2009-10-18 14:34 178696 ----a-w- c:\windows\system32\mwnsp.dll 2009-10-18 11:35 . 2009-07-31 00:01 182792 ----a-w- c:\windows\system32\BACKUP.12031285.mwnsp.dll 2009-10-18 11:35 . 2009-07-31 00:00 1124872 ----a-w- c:\windows\system32\BACKUP.35534784.contfilt.dll 2009-10-18 11:35 . 1997-09-18 05:12 7680 ----a-w- c:\windows\sporder.exe 2009-10-18 11:35 . 1997-09-18 05:12 9488 ----a-w- c:\windows\sporder.dll 2009-10-18 11:35 . 2009-10-22 05:07 539144 ----a-w- c:\windows\system32\mwtsp.dll 2009-10-18 11:35 . 2009-07-31 16:41 543240 ----a-w- c:\windows\system32\BACKUP.42325722.mwtsp.dll 2009-10-18 11:35 . 2009-07-30 23:52 543240 ----a-w- c:\windows\system32\BACKUP.80163111.mwtsp.dll 2009-10-18 11:35 . 2009-07-30 23:52 178696 ----a-w- c:\windows\inst_tsp.exe 2009-10-18 11:35 . 2005-10-09 17:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL 2009-10-18 11:35 . 2000-04-03 21:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL 2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\VDLL.DLL 2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\system32\runouce.exe 2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\RUNDL132.EXE 2009-10-18 11:20 . 2009-10-18 11:20 -------- d---a-w- c:\windows\logo_1.exe 2009-10-18 11:16 . 2009-10-18 11:16 632064 ----a-w- c:\windows\system32\msvcr80.dll 2009-10-18 11:16 . 2009-10-18 11:16 554240 ----a-w- c:\windows\system32\msvcp80.dll 2009-10-18 11:16 . 2009-10-22 04:31 -------- d-----w- c:\program files\Common Files\MicroWorld 2009-10-18 11:16 . 2009-10-22 11:24 -------- d-----w- c:\programdata\MicroWorld 2009-10-18 11:09 . 2009-10-18 14:19 -------- d-----w- c:\users\Mark\AppData\Roaming\Download Manager 2009-10-18 02:07 . 2009-10-19 23:49 -------- d-----w- c:\programdata\Webroot 2009-10-18 02:07 . 2009-10-18 02:07 -------- d-----w- c:\program files\Common Files\Webroot Shared 2009-10-18 02:07 . 2007-11-26 13:47 194888 ----a-w- c:\windows\Unwash6.exe 2009-10-18 01:42 . 2009-09-24 07:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2009-10-17 12:31 . 2009-10-22 12:12 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-16 18:30 . 2009-10-22 04:34 -------- d-----w- c:\programdata\Google Updater 2009-10-16 18:14 . 2009-10-21 04:12 -------- d-----w- c:\users\Mark\AppData\Roaming\PC Tools 2009-10-16 17:54 . 2009-10-16 17:54 -------- d-----w- c:\users\Mark\AppData\Roaming\TuneUp Software 2009-10-16 17:52 . 2009-10-16 17:52 -------- d-----w- c:\programdata\TuneUp Software 2009-10-16 17:02 . 2009-10-16 17:02 -------- d-----w- c:\program files\ThreatFire 2009-10-15 14:26 . 2009-10-15 14:26 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-15 14:26 . 2009-10-15 14:30 -------- d-----w- c:\program files\Windows Live 2009-10-15 05:47 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-15 03:01 . 2009-10-15 03:01 -------- d-----w- C:\#GDATA.Trash.Store# 2009-10-15 02:49 . 2009-10-15 02:49 46536 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2009-10-15 02:48 . 2009-10-15 02:48 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\programdata\G DATA 2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\program files\G Data 2009-10-15 02:46 . 2009-10-15 05:39 -------- d-----w- c:\program files\Common Files\G DATA 2009-10-14 17:13 . 2009-10-14 17:14 -------- d-----w- C:\ComFx 2009-10-14 16:08 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 14:15 . 2009-10-14 14:15 -------- d-----w- c:\users\Mark\AppData\Local\Broadcom 2009-10-14 03:09 . 2009-06-29 11:44 485888 ----a-w- c:\windows\system32\stapi32.dll 2009-10-14 03:07 . 2009-10-25 21:27 -------- d-----w- c:\program files\IDT 2009-10-14 03:03 . 2008-11-12 20:23 84008 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-10-14 03:03 . 2008-11-12 20:23 109096 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-10-14 03:03 . 2008-11-12 20:23 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-10-14 03:03 . 2008-07-25 14:41 29736 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2009-10-14 03:02 . 2008-11-17 18:04 225280 ----a-w- c:\windows\system32\BtwRSupport.dll 2009-10-14 02:59 . 2009-07-29 12:46 212528 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2009-10-14 02:59 . 2009-05-08 13:47 108606 ----a-w- c:\windows\system32\Vxdif.dll 2009-10-14 02:55 . 2009-10-14 02:55 -------- d-----w- c:\programdata\ATI 2009-10-13 02:07 . 2009-10-26 16:45 -------- d-----w- c:\users\Mark\AppData\Local\CrashDumps 2009-10-12 13:06 . 2009-10-12 14:22 -------- d-----w- c:\users\Mark\Tracing 2009-10-11 00:04 . 2009-10-11 00:04 -------- d-----w- c:\users\Mark\AppData\Local\COMODO 2009-10-10 20:41 . 2009-10-12 12:14 222225 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-10-10 20:36 . 2009-10-24 14:57 -------- d-----w- c:\program files\COMODO 2009-10-08 16:25 . 2009-10-08 16:25 -------- d-----w- c:\program files\SimBin 2009-10-08 16:25 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll 2009-10-08 16:25 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2009-10-08 16:25 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2009-10-08 14:46 . 2009-10-21 23:44 -------- d-----w- c:\program files\ThreatExpert Memory Scanner 2009-10-08 14:32 . 2009-10-08 14:32 524288 ----a-w- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr 2009-10-08 14:32 . 2009-10-08 14:32 -------- d-----w- c:\programdata\Screentime 2009-10-08 14:31 . 2009-10-08 14:32 -------- d-----w- c:\users\Mark\AppData\Local\Screentime 2009-10-07 18:58 . 2009-10-07 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-10-07 18:57 . 2009-10-21 17:23 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-07 18:57 . 2009-10-07 18:57 -------- d-----w- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com 2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\users\Mark\AppData\Local\Tific 2009-10-07 17:39 . 2009-10-07 17:39 -------- d-----w- c:\users\Mark\AppData\Roaming\Tific 2009-10-06 22:09 . 2009-10-06 22:09 -------- d-----w- c:\program files\ATI 2009-10-05 20:25 . 2008-12-27 01:15 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys 2009-10-05 20:25 . 2009-10-06 12:27 -------- d-----w- c:\program files\Paragon Software 2009-10-05 18:53 . 2009-10-15 00:34 -------- d-----w- c:\program files\EASEUS 2009-10-05 06:30 . 2009-10-05 06:30 -------- d-----w- c:\program files\AeriaGames 2009-10-05 03:23 . 2009-10-15 00:47 -------- d-----w- C:\AeriaGames 2009-10-05 02:41 . 2009-10-12 12:02 -------- d-----w- c:\program files\Common Files\Akamai 2009-10-04 20:58 . 2009-10-04 20:58 191008 ----a-w- c:\windows\system32\npkcmsvc.exe 2009-10-04 20:05 . 2009-10-05 12:07 -------- d-----w- c:\program files\Games-Masters.com 2009-10-04 19:37 . 2009-10-04 19:37 65536 ----a-w- c:\windows\IFinst27.exe 2009-10-04 19:00 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-03 18:14 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-10-26 16:31 . 2009-08-14 15:11 -------- d-----w- c:\program files\isposure 2009-10-26 16:02 . 2009-08-14 15:11 -------- d-----w- c:\programdata\Epitiro 2009-10-25 21:27 . 2009-08-13 14:26 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy 2009-10-25 13:38 . 2009-08-13 10:48 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-25 12:56 . 2009-08-13 15:16 -------- d-----w- c:\program files\Desktop Maestro 2009-10-25 12:41 . 2009-09-24 10:33 -------- d-----w- c:\program files\Ashampoo 2009-10-23 10:27 . 2009-08-13 10:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-22 11:52 . 2009-08-13 12:39 -------- d-----w- c:\program files\Symantec 2009-10-22 11:52 . 2009-10-22 11:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-22 11:52 . 2009-10-22 11:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-22 11:52 . 2009-08-13 12:38 -------- d-----w- c:\programdata\Norton 2009-10-22 11:52 . 2009-08-14 09:21 -------- d-----w- c:\program files\NortonInstaller 2009-10-22 00:47 . 2009-09-13 12:44 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-21 04:12 . 2009-08-17 22:49 -------- d-----w- c:\programdata\PC Tools 2009-10-19 23:49 . 2009-08-15 19:28 -------- d-----w- c:\program files\Webroot 2009-10-19 12:16 . 2009-08-15 01:40 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-17 17:37 . 2009-08-13 14:42 -------- d-----w- c:\users\Mark\AppData\Roaming\Thunderbird 2009-10-17 17:37 . 2009-09-25 17:54 -------- d-----w- c:\programdata\page 2009-10-17 17:37 . 2009-09-13 13:18 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-17 17:37 . 2009-08-15 02:12 -------- d-----w- c:\programdata\Microsoft Help 2009-10-17 17:37 . 2009-08-14 09:36 -------- d-----r- c:\program files\Norton Support 2009-10-17 17:37 . 2009-08-13 12:44 -------- d-----w- c:\program files\CCleaner 2009-10-17 11:50 . 2009-08-31 10:34 -------- d-----w- c:\users\Mark\AppData\Roaming\Webroot 2009-10-16 18:32 . 2009-08-25 14:51 -------- d-----w- c:\program files\Google 2009-10-15 01:28 . 2009-08-20 22:10 -------- d-----w- c:\users\Mark\AppData\Roaming\TeamViewer 2009-10-15 01:26 . 2009-08-20 22:10 -------- d-----w- c:\program files\TeamViewer 2009-10-15 00:39 . 2009-09-18 16:34 -------- d-----w- c:\programdata\Apple Computer 2009-10-14 17:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-14 02:59 . 2009-08-15 03:41 -------- d-----w- c:\program files\DellTPad 2009-10-14 02:54 . 2009-08-15 04:16 -------- d-----w- c:\program files\ATI Technologies 2009-10-13 09:27 . 2009-08-15 07:40 -------- d-----w- c:\program files\Trend Micro 2009-10-12 16:17 . 2009-08-15 07:17 -------- d-----w- c:\program files\KeyScrambler 2009-10-08 16:53 . 2009-08-13 11:52 -------- d-----w- c:\program files\Microsoft 2009-10-07 15:33 . 2009-08-14 15:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-06 22:04 . 2009-08-13 10:41 680 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat 2009-10-05 18:28 . 2009-10-05 18:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf 2009-10-04 21:33 . 2009-08-15 07:17 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2009-10-04 20:36 . 2009-08-13 10:41 118552 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-03 12:39 . 2009-09-15 02:20 -------- d-----w- c:\program files\Sophos 2009-10-03 12:33 . 2009-09-18 16:32 -------- d-----w- c:\program files\Common Files\Apple 2009-09-29 10:04 . 2009-09-20 11:07 -------- d-----w- c:\program files\DivX 2009-09-29 10:04 . 2009-08-25 14:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-09-25 21:21 . 2009-09-25 21:21 -------- d-----w- c:\program files\Curse 2009-09-25 18:20 . 2009-09-25 18:02 -------- d-----w- c:\programdata\Blizzard Entertainment 2009-09-25 16:50 . 2009-08-13 13:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-09-25 15:45 . 2009-09-18 16:38 -------- d-----w- c:\users\Mark\AppData\Roaming\Apple Computer 2009-09-25 12:55 . 2009-08-15 18:48 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-09-25 02:56 . 2009-09-20 11:54 -------- d-----w- c:\program files\CyberLink 2009-09-24 10:37 . 2009-09-24 10:33 -------- d-----w- c:\users\Mark\AppData\Roaming\Ashampoo 2009-09-24 10:33 . 2009-09-24 10:33 -------- d-----w- c:\programdata\ashampoo 2009-09-24 07:55 . 2009-09-13 12:45 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-23 14:10 . 2009-09-13 12:44 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-20 12:02 . 2009-09-20 12:02 -------- d-----w- c:\programdata\CyberLink 2009-09-20 11:59 . 2009-09-20 11:59 -------- d-----w- c:\users\Mark\AppData\Roaming\CyberLink 2009-09-20 11:11 . 2009-09-20 11:11 -------- d-----w- c:\users\Mark\AppData\Roaming\DivX 2009-09-19 12:49 . 2009-09-19 12:24 -------- d-----w- c:\program files\Common Files\Symantec Shared(159) 2009-09-19 12:09 . 2009-08-31 05:45 -------- d-----w- c:\programdata\NortonInstaller 2009-09-18 13:08 . 2009-08-15 19:28 1563008 ----a-w- c:\windows\WRSetup.dll 2009-09-17 22:48 . 2009-09-13 20:58 -------- d-----w- c:\programdata\Skype 2009-09-16 13:19 . 2009-09-13 12:44 87656 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-16 01:20 . 2009-10-15 17:14 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 00:12 . 2009-10-18 01:42 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 00:01 . 2009-10-18 01:42 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-14 09:29 . 2009-10-14 16:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-13 13:03 . 2009-09-03 23:43 -------- dc-h--w- c:\programdata\~3 2009-09-11 18:28 . 2009-09-09 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-11 17:00 . 2009-08-15 01:56 -------- d-----w- c:\users\Mark\AppData\Roaming\Ahead 2009-09-11 15:22 . 2009-09-11 09:57 -------- d-----w- c:\program files\Common Files\Nero 2009-09-11 15:21 . 2009-08-15 01:53 -------- d-----w- c:\program files\Nero 2009-09-11 10:01 . 2009-09-11 10:00 -------- d-----w- c:\users\Mark\AppData\Roaming\Nero 2009-09-11 09:59 . 2009-08-15 01:53 -------- d-----w- c:\programdata\Nero 2009-09-10 14:30 . 2009-09-10 07:30 -------- d-----w- c:\programdata\Symantec 2009-09-10 13:54 . 2009-08-15 07:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-08-15 07:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-08 18:24 . 2009-08-13 11:54 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 16:44 . 2009-10-05 03:51 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2009-09-04 16:44 . 2009-10-05 03:51 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2009-09-04 16:44 . 2009-10-05 03:51 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-09-04 16:29 . 2009-10-05 03:51 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2009-09-04 16:29 . 2009-10-05 03:51 235344 ----a-w- c:\windows\system32\d3dx11_42.dll 2009-09-04 16:29 . 2009-10-05 03:51 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll 2009-09-04 16:29 . 2009-10-05 03:51 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2009-09-04 16:29 . 2009-10-05 03:51 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2009-09-04 11:41 . 2009-10-14 16:07 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 23:43 . 2009-08-28 11:39 -------- d-----w- c:\programdata\Lavasoft 2009-09-03 23:43 . 2009-08-28 11:39 -------- d-----w- c:\program files\Lavasoft 2009-09-03 09:17 . 2009-09-25 09:29 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-09-01 22:56 . 2009-09-01 01:16 -------- dc-h--w- c:\programdata\~2 2009-09-01 22:05 . 2009-09-01 22:05 -------- d-----w- c:\program files\JRE 2009-09-01 22:04 . 2009-08-27 06:32 -------- d-----w- c:\program files\OpenOffice.org 3 2009-09-01 22:01 . 2009-08-15 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-01 01:02 . 2009-08-29 11:10 -------- dc-h--w- c:\programdata\~1 2009-09-01 00:39 . 2009-08-15 02:17 -------- d-----w- c:\program files\Microsoft.NET 2009-09-01 00:39 . 2009-08-15 02:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-31 11:34 . 2009-08-31 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(165) 2009-08-31 10:34 . 2009-08-31 10:34 -------- d-----w- c:\programdata\Webroot(246) 2009-08-31 10:34 . 2009-08-31 10:34 -------- d-----w- c:\program files\Webroot(179) 2009-08-31 06:57 . 2009-08-31 06:26 -------- d-----w- c:\program files\Norton Internet Security(174) 2009-08-31 06:51 . 2009-08-31 05:46 -------- d-----w- c:\program files\Common Files\Symantec Shared(145) 2009-08-31 06:50 . 2009-08-31 05:46 -------- d-----w- c:\program files\Symantec(178) . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-10-13 529928] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\OAui.exe" [2009-09-30 6393544] c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-17 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-09-30 852680] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^QuickSet.lnk] backup=c:\windows\pss\QuickSet.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming ^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] backup=c:\windows\pss\Xfire.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):52,a1,6b,ed,1f,1c,ca,01 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19/10/2009 12:44 64288] R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [13/09/2009 12:44 207280] R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1100000.088\ SymDS.sys [22/10/2009 11:52 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1100000 .088\SymEFA.sys [22/10/2009 11:52 169008] R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20090921.001\BHDrvx86.sys [21/09/2009 23:07 507440] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1100000.0 88\ccHPx86.sys [22/10/2009 11:52 501888] R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\el rawdsk.sys [21/10/2009 16:28 12800] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0091021.001\IDSvix86.sys [23/10/2009 09:58 342576] R1 OADevice;OADriver;c:\windows\System32\drivers\OADr iver.sys [25/10/2009 13:18 200784] R1 OAmon;OAmon;c:\windows\System32\drivers\OAmon.sys [25/10/2009 13:18 24656] R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [13/09/2009 12:45 229304] R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [13/08/2009 11:47 58728] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [13/08/2009 11:47 301928] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480] R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1100000.088 \Ironx86.sys [22/10/2009 11:52 114736] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1100000.088 \symtdiv.sys [22/10/2009 11:52 338480] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [14/10/2009 02:47 176128] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584] R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [21/10/2009 16:34 628584] R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 07:43 761856] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [22/10/2009 11:52 126392] R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [25/10/2009 13:18 1244360] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [13/08/2009 11:47 918760] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [18/10/2009 02:07 598856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/10/2009 12:49 102448] R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [13/08/2009 10:56 54784] R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [06/06/2009 23:36 273448] R3 KeyScrambler;KeyScrambler;c:\windows\System32\driv ers\keyscrambler.sys [15/08/2009 07:17 115312] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [06/03/2009 06:30 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [08/03/2009 16:06 280096] R3 OAnet;OnlineArmor Service;c:\windows\System32\drivers\OAnet.sys [25/10/2009 13:18 30800] S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [25/10/2009 13:18 3316936] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14/10/2009 03:03 29736] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1170768] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\System32\2BB2.tmp [21/10/2009 23:41 6144] S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17/06/2009 12:20 12648] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [13/08/2009 15:29 1527900] S4 gupdate1ca259412019db1;Google Update Service (gupdate1ca259412019db1);c:\program files\Google\Update\GoogleUpdate.exe [25/08/2009 14:55 133104] --- Other Services/Drivers In Memory --- NewlyCreated - MBR Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:55] 2009-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 14:55] 2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{8946D91A-E38D-49E9-99D3-234049A8A4BD}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] . . ------- Supplementary Scan ------- . IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {4C0C75AA-FE3D-4E8B-BC3A-B977B175ED9A} = 192.168.0.1 FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\6r8uq9l6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - isoHunt - BT search FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\c oFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\ IPSFFPl.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\6r8uq9l6.default\extensions\keyscrambler@qfx. software.corporation\components\KeyScramblerIE.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) AddRemove-ZoneAlarm Pro - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe ************************************************ ******************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-26 16:55 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N IS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M EMSWEEP2] "ImagePath"="\??\c:\windows\system32\2BB2.tmp" . Completion time: 2009-10-26 16:57 ComboFix-quarantined-files.txt 2009-10-26 16:57 ComboFix2.txt 2009-10-24 15:57 Pre-Run: 154,878,418,944 bytes free Post-Run: 154,850,930,688 bytes free Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,7 - - End Of File - - 0911DE630AE8160EC6E189FBCA8A95F9

3 Weeks Ago	#16
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,862 PC Experience: Elite PC Guru	Re: Still having issues after resolved Last H That looks ok.I dont see any more malware. __________________ An Australian Member of and My real name is Eddy

3 Weeks Ago	#17
scrypt Tech Member Join Date: Jan 2009 Posts: 160 PC Experience: Experienced	Re: Still having issues after resolved Last H Okay Eddy. Cheers for checking it over for me. Appreciate it. Scrypt

3 Weeks Ago	#18
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,862 PC Experience: Elite PC Guru	Re: Still having issues after resolved Last H Your welcome. __________________ An Australian Member of and My real name is Eddy

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
[Resolved] IE 7 issues	Tarry	General Software	2	01-28-2008 07:57 PM
[Resolved] Wireless Issues	azza1988	Wireless Help	2	10-11-2007 06:04 PM
[Resolved] shutting down issues	optimusprimer	Windows XP/2000	3	08-21-2007 07:24 PM
[Resolved] Having some issues on this machine	sumodeluxe	[Fixed] Hijackthis! Logs	2	10-14-2006 08:11 PM
[Resolved] audio issues	smokeycheech	Sound etc	2	08-07-2006 12:51 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode