Personal Protector Seems Invincible At the Moment (Along wit

View previous topic View next topic Go down

Personal Protector Seems Invincible At the Moment (Along with Other Issues)

Post by Saiko_Maiko on 26th November 2009, 11:54 pm

Hi, I'm a pretty new official member to this community. Although, I have read a lot of the forums and guides on this site in the past for various computer problems. Anyways, my current issue is a seemingly invincible Personal Protector that likes to keep popping back up.

Here's my recent malware history: A few weeks ago or so, I had a big hit from System Defender. I ended up having to repair my OS with the OS CD, and a lot of files failed to back (though after some research, it seemed mainly to be backup type files). Either ways, I got rid of it after 4 hours or so of constant hammering, and in the end I had to manually remove its entries anyways. Only aftereffect, except system running 'normally' again, was that I couldn't load Windows Task Manager. I've been using Daphne thus far in lieu of WTM, but if that could also be fixed, that would be nice Wink

Anyways, current status: I'm being infected by a reviving Personal Protector. I've read Doctor Inferno's removal guide to Personal Guard 2009 as well as about 4 other topics regarding PG 2009, since many of my search results lead me to PG 2009 and many of the file locations are very similar. So far, nothing's completely worked. Here's a basic summary:

a) The malware infecting me is run as Personal Protector, but its program and registry files are very similar to those of Personal Guard 2009 (not sure if this matters).

b) I've run Malwarebyte's Anti-Malware. It doesn't find PP as a threat during Quick Scan (I've Quick Scanned about 4 times now). I've also scanned with Spybot SD, but it doesn't find it either.

c) I've run Registry Mechanic and fixed all found problems (but it doesn't fix this)

d) I've manually deleted Personal Protector about 10 times now. Removal includes:

C:\Personal Protector

C:\Program Files\Personal Protector, this includes:
an empty folder named 'q'
base.wdb
baseadd.wdb
conf.wcf
personalprotector.exe
quarant.wdb
queue.wdb
un.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Personal Protector (manual deletion possible)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Personal Protector (manual not possible, so I used Malwarebyte's RegASSASSIN to delete it)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "personalprotector" (removed via HiJack)

e) After each removal, PP would automatically run again, popping up in the taskbar and all of the removed files would suddenly reappear. However, I have denied the entry change of the Run "personalguard" into the registry via Spybot SD Resident.
**Although, there is one instance that, after deleting PP and its files, Malwarebytes Anti-Malware Protection notified me of a program called De3.exe in my E:\{Recovery} something or other. I accidentally clicked 'Ignore', in which PP then promptly popped back up. Since then, I haven't had the notification again (I wish I did), but it's not in the Ignore list or logs for Anti-Malware either.

f) Here's my hijackthis log after the previous actions with Personal Protector running (I can get it to run after I delete its files in Program Files, but if I exit it at the taskbar, it hasn't popped back up again thus far unless I delete its files again).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:46 PM, on 11/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Documents and Settings\All Users\Microsoft PData\setup.exe
C:\Program Files\Daphne\Daphne.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Personal Protector\personalprotector.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TheLaptopLock] C:\Program Files\The LaptopLock\LaptopLock.exe /startup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://blc.arizona.edu/courses/181lab/Database/NetIDLogin/Assessor.cfm?CFID=969006&CFTOKEN=44594837"
O4 - HKUS\S-1-5-21-507921405-1677128483-725345543-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Family')
O4 - Global Startup: Magic-i.lnk = C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: InternetProvider - {BA86BA6C-263E-4416-9341-E73CE61B1258} - C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 13651 bytes

Also, I've been a bit unsure of the files in my C:\WINDOWS\system32\wbem folder. There's the unsecapp.exe (I italicized it in the log) as well as wmiprvse.exe that has been brought to my attention by my programs. I've done research and wound up being inconclusive, but generally leaning more to it being a safe Microsoft networking product.

Malwarebyte's Anti-Malware Protection is also constantly preventing access to malicious IPs (though I'm not sure if this is directly related to Personal Protector, irregardless I don't think my computer should be attempting to access malicious IPs anyways Yikes)

Anyways, I'm at my rope's end. My internet browser's running slowly (its on and off, but more on than off), my system is a bit bogged down when I go through my directories, but once I'm in or a program is running it typically runs fine. Please help me. Thanks for all your time.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 27th November 2009, 12:43 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 27th November 2009, 5:01 am

MBAM Log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

11/26/2009 9:58:38 PM
mbam-log-2009-11-26 (21-58-38).txt

Scan type: Quick Scan
Objects scanned: 104186
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Like I had stated earlier in my post in point b), I've had MBAM installed and Quick Scanned my systems 4 times before coming here. MBAM does not acknowledge the threat of Personal Protector, though its Protection is preventing contact with malicious IPs.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 27th November 2009, 10:14 am

MBAM isn't up to date, infact it has a rather old database now.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 28th November 2009, 8:20 am

Ah, I see. Thanks, I didn't know I was out of date. I updated and MBAM found 7 infections, with Personal Protector among them. Here's the log.

Malwarebytes' Anti-Malware 1.41
Database version: 3247
Windows 5.1.2600 Service Pack 2

11/28/2009 1:19:42 AM
mbam-log-2009-11-28 (01-19-42).txt

Scan type: Quick Scan
Objects scanned: 115215
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 34
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 18

Memory Processes Infected:
C:\Documents and Settings\All Users\Microsoft PData\setup.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba86ba6c-263e-4416-9341-e73ce61b1258} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\personal protector (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\internetprovider (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\WSDDSys (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sensei\Application Data\Windows System Defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\q (Rogue.PersonalProtector) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Microsoft PData\setup.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Microsoft PData\inetprovider.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sensei\Application Data\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\base.wdb (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\baseadd.wdb (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\conf.wcf (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\personalprotector.exe (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\quarant.wdb (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\queue.wdb (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\Program Files\Personal Protector\un.exe (Rogue.PersonalProtector) -> Quarantined and deleted successfully.
C:\WINDOWS\certofSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorers.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Microsoftdefend.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\regp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\secureit.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\spoos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Microsoft PData\track.wid (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 28th November 2009, 6:47 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 29th November 2009, 2:20 am

Here's the DDS log:



DDS (Ver_09-11-29.01) - NTFSx86
Run by Sensei at 19:10:38.81 on Sat 11/28/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3838.2837 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 091124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Windows System Defender *On-access scanning enabled* (Updated) {9CC8F1DD-08EA-4ECA-B312-D53C145E6B39}
FW: Windows System Defender *enabled* {9181A682-B7D8-4EA0-9CB2-3C1ADC7F2694}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sensei\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Administrator\comp_chex\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\logon\CurrentLogon.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CoTGT_BHO Class: {c333cf63-767f-4831-94ac-e683d962c63c} - c:\program files\tgtsoft\stylexp\TGT_BHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Aim6]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [Google Update] "c:\documents and settings\sensei\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://blc.arizona.edu/courses/181lab/Database/NetIDLogin/Assessor.cfm?CFID=969006&CFTOKEN=44594837"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TheLaptopLock] c:\program files\the laptoplock\LaptopLock.exe /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [MultiScreen] c:\program files\multiscreen\MultiScreen.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\magic-i.lnk - c:\program files\arcsoft\magic-i 3\Magic-i.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: >{Z99999999-999-9999-9999-MOT-2K3} - c:\windows\2k3_USR.EXE
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sensei\applic~1\mozilla\firefox\profiles\w622m1e0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\sensei\application data\mozilla\firefox\profiles\w622m1e0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\sensei\application data\mozilla\firefox\profiles\w622m1e0.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\sensei\application data\mozilla\firefox\profiles\w622m1e0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\sensei\application data\mozilla\firefox\profiles\w622m1e0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\sensei\application data\mozilla\firefox\profiles\w622m1e0.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\sensei\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLM32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-7 114768]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-13 127768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-13 394952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-7 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-23 10384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-27 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-11-25 583640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-11 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-7 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-7 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-9 19160]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-9 269648]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-11-26 23:35:44 0 d-----w- C:\Personal Protector
2009-11-26 21:00:49 0 d-----w- c:\program files\Super Rabbit
2009-11-26 21:00:48 153088 ----a-w- c:\windows\UNWISE.EXE
2009-11-26 11:42:14 184 ----a-w- c:\windows\tempfile2.bat
2009-11-26 11:40:33 0 d-----w- c:\documents and settings\all users\Microsoft PData
2009-11-25 16:48:03 71424 ----a-w- c:\windows\system32\drivers\yujcsudrlvrdivg.sys
2009-11-25 10:53:41 0 d-----w- c:\program files\Trend Micro
2009-11-25 10:35:09 0 d-----w- c:\docume~1\sensei\applic~1\Registry Mechanic
2009-11-25 10:34:13 6062080 ----a-w- c:\documents and settings\sensei\s-1-5-21-507921405-1677128483-725345543-1004.rrr
2009-11-25 10:19:42 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2009-11-25 10:19:42 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2009-11-25 10:19:42 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2009-11-25 09:59:37 0 d-----w- c:\program files\RegDefense
2009-11-24 09:29:25 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-11-24 09:27:09 1529216 ----a-w- C:\GenuineCheck.exe
2009-11-15 21:03:00 0 d-----w- c:\program files\LiveMath
2009-11-11 23:42:29 0 d-----w- c:\program files\LogMeIn Hamachi
2009-11-11 10:06:32 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SecuROM
2009-11-10 23:18:42 0 d-----w- C:\BDS
2009-11-10 19:57:08 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-10 19:57:04 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-10 19:57:00 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-10 19:55:59 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys
2009-11-10 19:54:57 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-10 19:53:59 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-10 19:52:58 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-10 19:51:58 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-10 19:50:58 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-11-10 19:49:58 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2009-11-10 19:48:59 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-10 19:47:57 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2009-11-10 19:46:59 59648 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-11-10 19:45:58 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2009-11-10 19:44:59 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2009-11-10 19:43:58 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-11-10 19:42:57 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2009-11-10 19:41:52 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-10 19:40:59 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2009-11-10 19:39:50 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-10 19:38:57 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-10 19:38:54 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-10 19:38:27 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-11-10 19:38:24 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-11-10 19:38:22 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-11-10 19:38:19 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-11-10 19:38:17 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-11-10 19:38:14 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2009-11-10 19:38:12 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-11-10 19:38:09 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2009-11-10 19:38:07 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2009-11-10 19:38:04 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2009-11-10 19:38:02 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2009-11-10 19:36:59 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2009-11-10 19:35:59 19200 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2009-11-10 19:34:55 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-11-10 19:33:58 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2009-11-10 19:32:58 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2009-11-10 19:31:59 27648 -c--a-w- c:\windows\system32\dllcache\cyyports.dll
2009-11-10 19:30:59 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2009-11-10 19:29:59 2944 -c--a-w- c:\windows\system32\dllcache\brfilt.sys
2009-11-10 19:28:59 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2009-11-10 19:27:59 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-11-10 19:27:58 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2009-11-10 19:27:58 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2009-11-10 19:27:57 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2009-11-10 19:27:57 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2009-11-10 19:27:03 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-10 19:17:03 1875968 -c--a-w- c:\windows\system32\dllcache\msir3jp.lex
2009-11-10 19:17:02 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-11-10 19:15:53 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2009-11-10 19:14:43 2179584 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-10 19:14:43 2056832 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-10 19:13:01 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-11-10 19:12:56 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-11-10 19:12:56 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-11-10 19:12:56 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-11-10 19:12:56 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-11-10 19:11:23 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-11-10 19:08:21 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-11-10 19:06:50 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-11-10 19:06:44 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-11-10 19:06:31 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-11-10 10:40:14 0 d-----w- c:\program files\common files\PC Tools
2009-11-10 10:28:40 0 d-sh--w- c:\docume~1\alluse~1\applic~1\188e2bd
2009-11-10 04:09:30 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-06 19:16:32 0 d-----w- c:\documents and settings\sensei\Tracing
2009-11-06 19:14:28 0 d-----w- c:\program files\Microsoft
2009-11-06 19:14:04 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 19:11:23 0 d-----w- c:\program files\common files\Windows Live
2009-11-03 12:43:07 25 ----a-w- c:\windows\popcinfot.dat
2009-11-02 00:38:50 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games

==================== Find3M ====================

2009-11-29 02:10:37 107950112 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-28 19:33:42 1272896 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-26 10:49:50 327242 ----a-w- c:\windows\system32\nvModes.dat
2009-11-10 19:01:05 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-10 05:26:50 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

============= FINISH: 19:12:49.96 ===============


Here's the Attach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-11-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2009 12:17:33 PM
System Uptime: 11/28/2009 6:25:48 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1595/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1595/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 25 GiB total, 0.417 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 124 GiB total, 0.363 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP16: 11/28/2009 2:08:58 PM - Made by Registry Mechanic O

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
AIMTunes
Alarm 2.0.4
American McGee's Alice(tm)
Apple Software Update
ArcSoft Magic-i 3
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
Audacity 1.2.6
Audiosurf
AutoUpdate
avast! Antivirus
Bluesoleil2.6.0.1 Release 070402
Borderlands
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Brother BRAdmin Light 1.11
Brother HL-2170W
Brother MFL-Pro Suite
Carbonite Online Backup Setup
Combined Community Codec Pack 2008-09-21 16:18
Command & Conquer™ Red Alert™ 3
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
Cool Edit Pro 2.1
DAEMON Tools Toolbar
Daphne 1.37
Dell Resource CD
Dell Touchpad
Disk Heal
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Driver Detective
DVD Flick
EatCam Webcam Recorder 4.0 for AIM
erLT
Fraps
G9x User's Guide
Gears of War
GIMP 2.4.0
Google Chrome
Google Talk (remove only)
GoToAssist 8.0.0.514
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB934428-v3)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 14
Java(TM) 6 Update 7
kuler
Laptop Integrated Webcam Driver (1.00.10.0320)
LiveMath Plug-In & ActiveX 3.5.9 [U18] - August 2008
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech SetPoint 5.10
Logitech Video Enumerator
Logitech® Camera Driver
LogMeIn
LogMeIn Hamachi
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
MediaMonkey 3.0
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Organization Chart 2.0
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Monkey's Audio
Mozilla Firefox (3.5.1)
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MultiScreen
MVision
mWlsSafe
Notepad++
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org Installer 1.0
PaperPort Image Printer
PDF Settings CS4
Peggle Deluxe
Pepakura Viewer 3
Photoshop Camera Raw
PowerDirector Express
PowerDVD
PowerISO
PowerProducer
PSP ISO Compressor
QuickSet
QuickTime
Rainmeter (remove only)
RealPlayer
Registry Mechanic 9.0
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB923789)
Segoe UI
SigmaTel Audio
Sins of a Solar Empire
Skype™ 4.1
Spybot - Search & Destroy
Starcraft
StyleXP (remove only)
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
System Requirements Lab
The LaptopLock 0.94
Trillian
UltraEdit-32 Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Virtual DJ - Atomix Productions
VLC media player 0.9.9
VOCALOID2 Editor V2.0.2.4J
VOCALOID2 Expression DB (Standard)
VOCALOID2 Voice DB (Miku)
VOCALOID2 VSTi V2.0.2.0
Warcraft III: All Products
WebFldrs XP
Winamp
Winamp Toolbar for Firefox
Winamp Toolbar for Internet Explorer
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
World of Warcraft
X-Blades
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Yawcam v0.3.0
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

11/28/2009 2:11:30 PM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 001CBF1D6D6A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/26/2009 6:32:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LogMeIn with arguments "" in order to run the server: {C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}
11/26/2009 4:48:19 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/25/2009 9:05:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
11/25/2009 9:05:49 PM, error: WMPNetworkSvc [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.
11/25/2009 9:05:15 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
11/25/2009 2:50:01 AM, error: Service Control Manager [7034] - The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Also, after the MBAM removal, Personal Protector has not sprouted again. However, for some time, I've been randomly hearing audio commercials being streamed to my computer somehow, especially during when I would watch videos or play music.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 29th November 2009, 6:53 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 14
    Java(TM) 6 Update 7
    Viewpoint Media Player


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Personal Protector
    c:\windows\system32\drivers\yujcsudrlvrdivg.sys

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe]


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 30th November 2009, 2:18 am

Thank you for all your help so far. I'm getting the feeling that my computer was in a much worse condition than I initially thought. Here's the Results:

========== FILES ==========
C:\Personal Protector folder moved successfully.
c:\windows\system32\drivers\yujcsudrlvrdivg.sys moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe\ deleted successfully.

OTM by OldTimer - Version 3.1.2.0 log created on 11292009_191717

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 30th November 2009, 8:39 pm

Hello.
That should shifted it.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This special release provides a few key fixes.".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe that you downloaded to install the newest version.

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 1st December 2009, 6:24 am

Great! The machine seems to be running better. My Google Chrome web browser doesn't lag as significantly as before and seems to be acting normally again. Personal Protector is no longer bothering me, nor present on my computer as far as I can tell. Thank you for all your help!

But there still seems to be some other issues, including a new one that wasn't present before.

1) An advertisement website, such as cable advertisement, will randomly pop up in a new tab as I surf the internet with my web browser (currently I'm using Google Chrome 3.0.195.33). Also, many of the times when I click on a link, such as from a Google search result, or ctrl+click it, the loading webpage will change URLs (sometimes a couple times) and wind up at an advertisement website rather than the website I tried to open. This is a new thing that popped up during the removal of Personal Protector as I followed your steps that didn't use to happen before.

2) I'm hearing random bits and pieces of audio commercials being played from my computer at random moments, including when I listen to music, play games, browse the internet, and do work. Out of nowhere, a woman will be talking about a product, or a man will be talking about a challenge, or some random loud music will be playing as a prequel to an advertisement. This happens even when I do not have any programs running, including my web browser, media player, and so forth. I don't understand how or why this is happening, but it is. I think this may have started occurring about when I became infected with Personal Protector, or maybe a little after, I'm not sure, but it was definitely present when Personal Protector was still in my system.

Could you please help me? Thanks.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 1st December 2009, 10:10 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 2nd December 2009, 4:35 am

Here's the ComboFix log

ComboFix 09-12-01.01 - Sensei 12/01/2009 21:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3838.3281 [GMT -7:00]
Running from: e:\administrator\comp_chex\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 091124-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK
c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK
c:\windows\system32\kernel1.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-02 to 2009-12-02 )))))))))))))))))))))))))))))))
.

2009-11-30 00:07 . 2009-11-30 00:07 78720 ----a-w- c:\windows\system32\drivers\slyqzcpchmyd.sys
2009-11-26 21:00 . 2009-11-26 21:00 -------- d-----w- c:\program files\Super Rabbit
2009-11-26 21:00 . 2002-07-27 00:02 153088 ----a-w- c:\windows\UNWISE.EXE
2009-11-26 12:31 . 2009-11-26 12:35 -------- d-----w- c:\documents and settings\GGW-Freshman Orientation 2
2009-11-26 11:42 . 2009-11-26 11:42 184 ----a-w- c:\windows\tempfile2.bat
2009-11-26 11:40 . 2009-11-28 08:23 -------- d-----w- c:\documents and settings\All Users\Microsoft PData
2009-11-25 23:12 . 2009-11-25 23:12 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2009-11-25 10:53 . 2009-11-25 10:53 -------- d-----w- c:\program files\Trend Micro
2009-11-25 10:35 . 2009-11-26 22:02 -------- d-----w- c:\documents and settings\Sensei\Application Data\Registry Mechanic
2009-11-25 09:59 . 2009-11-25 09:59 -------- d-----w- c:\program files\RegDefense
2009-11-25 08:09 . 2009-11-25 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-11-25 08:09 . 2009-11-25 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Winamp Toolbar
2009-11-24 09:29 . 2007-11-22 11:23 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-11-24 09:27 . 2009-11-24 09:27 1529216 ----a-w- C:\GenuineCheck.exe
2009-11-19 22:51 . 2009-11-19 22:51 -------- d-----w- c:\documents and settings\Godzilla 1998 BRRip H264 Wrath
2009-11-17 10:07 . 2009-11-28 08:27 -------- d-----w- c:\documents and settings\Velvet.Assassin-Razor1911
2009-11-15 21:03 . 2009-11-15 21:03 -------- d-----w- c:\program files\LiveMath
2009-11-11 23:42 . 2009-11-11 23:46 -------- d-----w- c:\documents and settings\Sensei\Local Settings\Application Data\LogMeIn Hamachi
2009-11-11 23:42 . 2009-12-02 04:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2009-11-11 23:42 . 2009-11-11 23:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-11 10:06 . 2009-11-11 10:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2009-11-10 23:18 . 2009-11-10 23:28 -------- d-----w- C:\BDS
2009-11-10 21:22 . 2009-11-10 21:22 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-10 19:57 . 2004-08-04 07:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-10 19:57 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-10 19:57 . 2001-08-18 05:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-10 19:55 . 2004-08-04 05:29 25471 -c--a-w- c:\windows\system32\dllcache\watv10nt.sys
2009-11-10 19:54 . 2001-08-17 20:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-10 19:53 . 2001-08-18 05:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-10 19:52 . 2001-08-17 21:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-10 19:51 . 2001-08-18 05:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-10 19:50 . 2001-08-17 21:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2009-11-10 19:49 . 2004-08-04 10:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2009-11-10 19:48 . 2001-07-21 21:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-11-10 19:47 . 2001-08-17 19:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2009-11-10 19:46 . 2004-08-04 06:10 59648 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2009-11-10 19:45 . 2001-08-18 05:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2009-11-10 19:44 . 2001-08-17 19:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2009-11-10 19:43 . 2001-08-17 19:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-11-10 19:42 . 2001-08-17 19:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2009-11-10 19:41 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-11-10 19:40 . 2001-08-17 19:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2009-11-10 19:39 . 2001-08-18 05:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-10 19:38 . 2001-08-17 20:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-11-10 19:38 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-11-10 19:38 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-11-10 19:38 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-11-10 19:38 . 2001-08-18 05:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-11-10 19:38 . 2001-08-18 05:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2009-11-10 19:38 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-11-10 19:38 . 2001-08-18 05:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2009-11-10 19:38 . 2001-08-18 05:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-11-10 19:38 . 2001-08-18 05:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2009-11-10 19:38 . 2001-08-17 21:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2009-11-10 19:38 . 2001-08-17 21:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2009-11-10 19:38 . 2001-08-17 19:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2009-11-10 19:36 . 2001-08-17 20:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2009-11-10 19:35 . 2001-08-17 20:58 19200 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2009-11-10 19:34 . 2001-08-17 19:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-11-10 19:33 . 2001-08-17 19:12 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2009-11-10 19:32 . 2001-08-18 05:36 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2009-11-10 19:31 . 2001-08-18 05:36 27648 -c--a-w- c:\windows\system32\dllcache\cyyports.dll
2009-11-10 19:30 . 2004-08-04 07:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2009-11-10 19:29 . 2001-08-18 05:36 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2009-11-10 19:28 . 2004-08-04 05:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2009-11-10 19:27 . 2004-08-04 06:00 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-11-10 19:27 . 2001-08-17 21:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2009-11-10 19:27 . 2001-08-17 19:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2009-11-10 19:27 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2009-11-10 19:27 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2009-11-10 19:27 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-10 19:17 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-11-10 19:15 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe
2009-11-10 19:14 . 2005-03-30 01:23 2179584 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-11-10 19:14 . 2005-03-30 01:01 2056832 -c--a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-10 19:11 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-11-10 19:08 . 2004-08-04 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-11-10 19:06 . 2004-08-04 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-11-10 19:06 . 2004-08-04 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-11-10 19:06 . 2004-08-04 10:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-11-10 18:30 . 2009-11-10 18:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Malwarebytes
2009-11-10 18:13 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-11-10 18:13 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-11-10 18:13 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-11-10 18:13 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-11-10 10:40 . 2009-11-25 10:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-10 10:28 . 2009-11-10 21:12 -------- d-sh--w- c:\documents and settings\All Users\Application Data\188e2bd
2009-11-10 04:09 . 2009-11-10 04:09 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2009-11-06 19:16 . 2009-11-30 19:25 -------- d-----w- c:\documents and settings\Sensei\Tracing
2009-11-06 19:15 . 2009-11-07 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-06 19:14 . 2009-11-06 19:14 -------- d-----w- c:\program files\Microsoft
2009-11-06 19:14 . 2009-11-06 19:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 19:11 . 2009-11-06 19:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-03 12:43 . 2009-11-09 10:26 25 ----a-w- c:\windows\popcinfot.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 04:18 . 2008-10-14 05:23 110938144 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-02 02:59 . 2008-12-18 17:42 10663602 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-12-02 02:58 . 2008-10-14 05:23 1307936 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-01 17:56 . 2008-12-11 00:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-01 17:25 . 2009-08-01 08:32 -------- d-----w- c:\documents and settings\Sensei\Application Data\Skype
2009-12-01 15:05 . 2009-08-01 08:51 -------- d-----w- c:\documents and settings\Sensei\Application Data\skypePM
2009-12-01 06:03 . 2008-10-10 19:54 327242 ----a-w- c:\windows\system32\nvModes.dat
2009-12-01 05:53 . 2009-08-01 09:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-01 04:31 . 2008-10-11 07:06 -------- d-----w- c:\documents and settings\Sensei\Application Data\uTorrent
2009-11-30 02:18 . 2008-10-11 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-11 23:42 . 2009-08-03 07:04 -------- d-----w- c:\program files\Hamachi
2009-11-11 23:42 . 2009-08-31 00:22 -------- d-----w- c:\documents and settings\Sensei\Application Data\Hamachi
2009-11-10 23:29 . 2008-10-10 18:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 23:04 . 2008-10-10 18:38 50720 ----a-w- c:\documents and settings\Sensei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 21:52 . 2009-02-09 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 21:43 . 2009-02-09 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 19:01 . 2008-10-10 18:19 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-10 05:26 . 2009-07-13 22:54 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-10 04:09 . 2008-10-10 19:59 -------- d-----w- c:\program files\DIFX
2009-11-10 04:09 . 2009-01-17 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-06 19:14 . 2009-01-28 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-11-06 19:13 . 2009-01-28 06:56 -------- d-----w- c:\program files\Windows Live
2009-11-02 00:38 . 2009-11-02 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-10-24 12:18 . 2009-08-03 05:26 -------- d-----w- c:\program files\Trillian
2009-10-20 05:49 . 2009-05-01 16:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-13 04:47 . 2009-10-13 04:47 -------- d-----w- c:\program files\danny_kay1710
2009-10-08 05:07 . 2009-08-09 22:16 -------- d-----w- c:\documents and settings\Family\Application Data\ArcSoft
2009-10-08 05:07 . 2009-05-25 22:02 50136 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 03:04 . 2009-08-06 08:43 177024 ----a-w- c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\FlashGot.exe
2009-09-23 16:41 . 2009-01-10 19:55 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-09-10 21:54 . 2009-02-09 14:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-02-09 14:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Google Update"="c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe Autorun" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TheLaptopLock"="c:\program files\The LaptopLock\LaptopLock.exe" [2007-02-02 397312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-01 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2009-05-01 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-7-3 530944]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-10 19:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Administrator\\Games\\Sins of a Solar Empire\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/7/2009 1:25 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2009 1:25 AM 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/23/2009 9:54 PM 10384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/27/2009 9:45 PM 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/25/2009 3:19 AM 583640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/9/2009 7:50 AM 19160]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/31/2009 11:54 AM 721904]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/9/2009 7:50 AM 269648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{Z99999999-999-9999-9999-MOT-2K3}]
c:\windows\2k3_USR.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1677128483-725345543-1004Core.job
- c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 07:19]

2009-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1677128483-725345543-1004UA.job
- c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 07:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLM32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-QcDrv - c:\program files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-Sins of a Solar Empire - c:\documents and settings\Sensei\Local Settings\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe REMOVE=TRUE MODIFY=FALSE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-01 21:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-1677128483-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,a1,5f,76,2b,de,c6,9a,6c,04,44,14,8a,e4,84,f9,34,84,53,3d,93,64,54,
c0,8b,81,8a,23,4e,c1,c9,b4,f4,40,2f,ea,84,d9,a9,63,e6,f7,29,b7,c7,ce,d6,c2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-12-01 21:22
ComboFix-quarantined-files.txt 2009-12-02 04:21

Pre-Run: 150,556,672 bytes free
Post-Run: 802,361,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EC6988F29E90EDA40409005D7C5E355F

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 2nd December 2009, 9:01 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\drivers\slyqzcpchmyd.sys
    c:\windows\Internet Logs\tvDebug.zip

    Folder::
    c:\documents and settings\Sensei\Application Data\uTorrent
    c:\documents and settings\All Users\Application Data\Viewpoint
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 13th December 2009, 10:57 pm

Hi Belahzur, sorry I haven't replied back in a bit. I've been busy with finals and all now. Anyways, here's the ComboFix log:

ComboFix 09-12-01.01 - Sensei 12/13/2009 15:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3838.3076 [GMT -7]
Running from: e:\administrator\comp_chex\Combo-Fix.exe
Command switches used :: e:\administrator\comp_chex\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 091124-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\windows\Internet Logs\tvDebug.zip"
"c:\windows\system32\drivers\slyqzcpchmyd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Sensei\Application Data\uTorrent
c:\documents and settings\Sensei\Application Data\uTorrent\dht.dat
c:\documents and settings\Sensei\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Sensei\Application Data\uTorrent\resume.dat
c:\documents and settings\Sensei\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\Sensei\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Sensei\Application Data\uTorrent\rss.dat
c:\documents and settings\Sensei\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Sensei\Application Data\uTorrent\settings.dat
c:\documents and settings\Sensei\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Sensei\Application Data\uTorrent\utorrent.lng
c:\windows\Internet Logs\tvDebug.zip
c:\windows\system32\drivers\slyqzcpchmyd.sys
c:\windows\system32\sdra64.exe
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-07 12:31 . 2009-12-07 12:31 -------- d-----w- c:\documents and settings\Cloudy.with.a.Chance.of.Meatballs.R5.LiNE.XviD-DEViSE\Sample
2009-12-07 12:30 . 2009-12-08 12:28 -------- d-----w- c:\documents and settings\Cloudy.with.a.Chance.of.Meatballs.R5.LiNE.XviD-DEViSE
2009-12-07 12:10 . 2009-12-07 12:10 -------- d-----w- c:\documents and settings\[PSP]Brain.Pipe.[EUR][FIX].-.[ESPALPSP.com]
2009-12-07 12:10 . 2009-11-26 22:23 -------- d-----w- c:\documents and settings\[PSP]Brain.Pipe.[EUR][FIX].-.[ESPALPSP.com]\[PSP]Brain.Pipe.[EUR][FIX].-.[ESPALPSP.com]
2009-12-03 17:57 . 2000-02-22 23:46 9152 ----a-w- c:\windows\system32\drivers\Ticalc.sys
2009-12-03 17:57 . 2009-12-03 17:57 -------- d-----w- c:\program files\TI Education
2009-12-03 12:31 . 2009-12-03 12:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-12-02 06:40 . 2009-12-02 06:40 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-26 21:00 . 2009-11-26 21:00 -------- d-----w- c:\program files\Super Rabbit
2009-11-26 21:00 . 2002-07-27 00:02 153088 ----a-w- c:\windows\UNWISE.EXE
2009-11-26 12:31 . 2009-11-26 12:35 -------- d-----w- c:\documents and settings\GGW-Freshman Orientation 2
2009-11-26 11:42 . 2009-11-26 11:42 184 ----a-w- c:\windows\tempfile2.bat
2009-11-26 11:40 . 2009-11-28 08:23 -------- d-----w- c:\documents and settings\All Users\Microsoft PData
2009-11-25 23:12 . 2009-11-25 23:12 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2009-11-25 10:53 . 2009-11-25 10:53 -------- d-----w- c:\program files\Trend Micro
2009-11-25 10:35 . 2009-11-26 22:02 -------- d-----w- c:\documents and settings\Sensei\Application Data\Registry Mechanic
2009-11-25 09:59 . 2009-11-25 09:59 -------- d-----w- c:\program files\RegDefense
2009-11-25 08:09 . 2009-11-25 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-11-25 08:09 . 2009-11-25 08:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Winamp Toolbar
2009-11-24 09:29 . 2007-11-22 11:23 10240 -c----w- c:\windows\system32\dllcache\sffp_mmc.sys
2009-11-24 09:27 . 2009-11-24 09:27 1529216 ----a-w- C:\GenuineCheck.exe
2009-11-15 21:03 . 2009-11-15 21:03 -------- d-----w- c:\program files\LiveMath

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 22:49 . 2008-10-14 05:23 116455456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-13 16:06 . 2008-12-11 00:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-11 18:19 . 2008-10-10 19:54 327242 ----a-w- c:\windows\system32\nvModes.dat
2009-12-10 18:08 . 2008-10-14 05:23 1343816 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-04 18:01 . 2008-10-10 18:38 51168 ----a-w- c:\documents and settings\Sensei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 06:41 . 2008-11-01 21:58 -------- d-----w- c:\program files\DivX
2009-12-01 17:25 . 2009-08-01 08:32 -------- d-----w- c:\documents and settings\Sensei\Application Data\Skype
2009-12-01 15:05 . 2009-08-01 08:51 -------- d-----w- c:\documents and settings\Sensei\Application Data\skypePM
2009-12-01 05:53 . 2009-08-01 09:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-25 10:42 . 2009-11-10 10:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-11 23:42 . 2009-11-11 23:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-11 23:42 . 2009-08-03 07:04 -------- d-----w- c:\program files\Hamachi
2009-11-11 23:42 . 2009-08-31 00:22 -------- d-----w- c:\documents and settings\Sensei\Application Data\Hamachi
2009-11-11 10:06 . 2009-11-11 10:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
2009-11-10 23:29 . 2008-10-10 18:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-10 21:52 . 2009-02-09 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 21:43 . 2009-02-09 14:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 21:22 . 2009-11-10 21:22 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-10 21:12 . 2009-11-10 10:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\188e2bd
2009-11-10 19:01 . 2008-10-10 18:19 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-10 18:30 . 2009-11-10 18:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Malwarebytes
2009-11-10 05:26 . 2009-07-13 22:54 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-10 04:09 . 2008-10-10 19:59 -------- d-----w- c:\program files\DIFX
2009-11-10 04:09 . 2009-01-17 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-09 10:26 . 2009-11-03 12:43 25 ----a-w- c:\windows\popcinfot.dat
2009-11-07 18:38 . 2009-11-06 19:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-06 19:14 . 2009-11-06 19:14 -------- d-----w- c:\program files\Microsoft
2009-11-06 19:14 . 2009-01-28 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2009-11-06 19:14 . 2009-11-06 19:14 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-06 19:13 . 2009-01-28 06:56 -------- d-----w- c:\program files\Windows Live
2009-11-06 19:11 . 2009-11-06 19:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 00:38 . 2009-11-02 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-10-29 05:48 . 2006-03-04 03:33 662016 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 12:18 . 2009-08-03 05:26 -------- d-----w- c:\program files\Trillian
2009-10-21 06:00 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 10:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 05:49 . 2009-05-01 16:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-13 10:53 . 2004-08-04 10:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 10:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 10:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 05:07 . 2009-05-25 22:02 50136 ----a-w- c:\documents and settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 03:04 . 2009-08-06 08:43 177024 ----a-w- c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\FlashGot.exe
2009-09-25 05:56 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-23 16:41 . 2009-01-10 19:55 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-10 18:37 . 2009-12-10 18:37 16384 c:\windows\Temp\Perflib_Perfdata_9c4.dat
+ 2009-12-10 18:36 . 2009-12-10 18:36 16384 c:\windows\Temp\Perflib_Perfdata_540.dat
+ 2008-10-10 18:20 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-04 10:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 10:00 . 2006-10-04 13:33 35840 c:\windows\system32\umandlg.dll
- 2008-07-14 11:09 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 10:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
- 2008-10-10 22:10 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-10-10 22:10 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-07-03 22:55 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-07-03 22:55 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 10:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-04 10:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2006-03-04 03:33 . 2009-10-29 05:48 39424 c:\windows\system32\pngfilt.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 10:00 . 2009-12-10 02:30 67714 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-11-15 20:00 67714 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 53760 c:\windows\system32\narrator.exe
+ 2004-08-04 10:00 . 2006-10-04 08:48 53760 c:\windows\system32\narrator.exe
+ 2008-10-10 18:18 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 10:00 . 2008-08-28 08:00 74752 c:\windows\system32\msw3prt.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2008-10-10 18:18 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 10:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2004-08-04 10:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 72704 c:\windows\system32\magnify.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 72704 c:\windows\system32\magnify.exe
+ 2004-08-04 10:00 . 2008-06-10 12:52 96768 c:\windows\system32\logagent.exe
- 2004-08-04 10:00 . 2005-01-28 19:44 96768 c:\windows\system32\logagent.exe
+ 2004-08-04 10:00 . 2009-10-29 05:48 16384 c:\windows\system32\jsproxy.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 96256 c:\windows\system32\inseng.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 10:00 . 2009-07-29 04:53 82432 c:\windows\system32\fontsub.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 55808 c:\windows\system32\extmgr.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 10:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2008-10-10 18:20 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 10:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 50176 c:\windows\system32\dllcache\utilman.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-04 10:00 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2004-08-04 10:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 10:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-04 10:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 10:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 69632 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 10:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 53760 c:\windows\system32\dllcache\narrator.exe
+ 2008-10-10 18:18 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-04 10:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-04 10:00 . 2008-08-28 08:00 74752 c:\windows\system32\dllcache\msw3prt.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-10-10 18:18 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 10:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2004-08-04 10:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 72704 c:\windows\system32\dllcache\magnify.exe
- 2004-08-04 10:00 . 2005-01-28 19:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 10:00 . 2008-06-10 12:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-04 10:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-04 10:00 . 2009-10-29 05:48 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 10:00 . 2009-09-25 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-10-10 18:19 . 2009-10-27 11:06 18432 c:\windows\system32\dllcache\iedw.exe
- 2008-10-10 18:19 . 2006-03-04 00:39 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 10:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2004-08-04 10:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-10 18:18 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
+ 2004-08-04 10:00 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 10:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 10:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-10-10 18:18 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2004-08-04 10:00 . 2009-08-07 02:24 96480 c:\windows\system32\cdm.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 84992 c:\windows\system32\avifil32.dll
+ 2004-08-04 10:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 58880 c:\windows\system32\atl.dll
+ 2004-08-04 10:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2009-11-07 01:57 . 2007-11-30 12:39 26488 c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\update\spcustom.dll
- 2009-11-07 01:57 . 2007-11-30 12:39 17272 c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\spmsg.dll
- 2009-08-11 17:52 . 2009-05-26 11:40 26488 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\spcustom.dll
- 2009-08-11 17:52 . 2009-05-26 11:40 17272 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spmsg.dll
- 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp3qfe\atl.dll
- 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp3gdr\atl.dll
- 2009-07-17 18:43 . 2009-07-17 18:43 58880 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp2qfe\atl.dll
- 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp2gdr\atl.dll
+ 2009-12-04 10:01 . 2009-12-04 10:01 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-06-25 08:17 . 2009-06-25 08:17 59392 c:\windows\$hf_mig$\KB968389\SP2QFE\wdigest.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 56320 c:\windows\$hf_mig$\KB968389\SP2QFE\secur32.dll
+ 2009-06-22 11:35 . 2009-06-22 11:35 92544 c:\windows\$hf_mig$\KB968389\SP2QFE\ksecdd.sys
+ 2009-12-03 12:22 . 2009-02-06 09:54 35328 c:\windows\$hf_mig$\KB956572\SP2QFE\sc.exe
+ 2009-12-03 12:22 . 2005-07-26 04:20 60416 c:\windows\$hf_mig$\KB956572\SP2QFE\colbact.dll
+ 2009-07-12 08:12 . 2009-07-12 08:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 08:09 . 2009-07-12 08:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 08:08 . 2009-07-12 08:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-10-10 18:22 . 2009-10-27 10:45 352768 c:\windows\system32\xpsp3res.dll
- 2008-10-10 18:22 . 2009-09-18 09:33 352768 c:\windows\system32\xpsp3res.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 209632 c:\windows\system32\wuweb.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 327896 c:\windows\system32\wucltui.dll
+ 2008-10-10 18:20 . 2009-08-07 02:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 10:00 . 2009-04-10 08:01 413032 c:\windows\system32\wmspdmod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 10:00 . 2009-07-13 09:18 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-04 10:00 . 2007-10-28 00:40 227328 c:\windows\system32\wmasf.dll
+ 2004-08-04 10:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-04 10:00 . 2009-08-25 09:47 352256 c:\windows\system32\winhttp.dll
+ 2004-08-04 10:00 . 2008-08-28 08:00 104448 c:\windows\system32\win32spl.dll
+ 2008-10-10 18:17 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-10-10 18:17 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-10-10 18:17 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 10:00 . 2007-12-18 14:40 417792 c:\windows\system32\vbscript.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 417792 c:\windows\system32\vbscript.dll
+ 2006-03-18 11:09 . 2009-10-29 05:48 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 10:00 . 2009-07-29 04:53 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 10:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2006-03-04 03:33 . 2009-09-25 05:56 473600 c:\windows\system32\shlwapi.dll
+ 2004-08-04 10:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-04 10:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-04 10:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-04 10:00 . 2009-11-15 20:00 432924 c:\windows\system32\perfh009.dat
+ 2004-08-04 10:00 . 2009-12-10 02:30 432924 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2004-08-04 10:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-04 10:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 215552 c:\windows\system32\osk.exe
+ 2004-08-04 10:00 . 2006-10-04 08:48 215552 c:\windows\system32\osk.exe
+ 2004-08-04 10:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 10:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 10:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 10:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-04 10:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll
+ 2008-10-10 18:18 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 532480 c:\windows\system32\mstime.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 532480 c:\windows\system32\mstime.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 146432 c:\windows\system32\msrating.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 146432 c:\windows\system32\msrating.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 449024 c:\windows\system32\mshtmled.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 10:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-04 10:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 10:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
+ 2008-10-10 18:19 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 251392 c:\windows\system32\iepeers.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 10:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
+ 2004-08-04 10:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 205312 c:\windows\system32\dxtrans.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 10:00 . 2009-10-29 05:48 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 10:00 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 10:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 10:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 10:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-04 10:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-04 10:00 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2004-08-04 10:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2004-08-04 10:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-10 18:20 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-10 18:20 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-10 18:18 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-04 10:00 . 2009-04-10 08:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-04 10:00 . 2009-07-13 09:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-10-10 18:17 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-10-10 18:17 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2004-08-04 10:00 . 2007-10-28 00:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2004-08-04 10:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 10:00 . 2009-08-25 09:47 352256 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 10:00 . 2008-08-28 08:00 104448 c:\windows\system32\dllcache\win32spl.dll
+ 2004-08-04 10:00 . 2007-12-18 14:40 417792 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2006-03-18 11:09 . 2009-10-29 05:48 624640 c:\windows\system32\dllcache\urlmon.dll
- 2008-10-10 18:19 . 2004-08-04 10:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-10-10 18:19 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 10:00 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 10:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 10:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 10:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 10:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2006-03-04 03:33 . 2009-09-25 05:56 473600 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 10:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 10:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2004-08-04 10:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2004-08-04 10:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 10:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys
- 2004-08-04 10:00 . 2004-08-04 10:00 112128 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-04 10:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 10:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-04 10:00 . 2006-10-04 08:48 215552 c:\windows\system32\dllcache\osk.exe
- 2004-08-04 10:00 . 2004-08-04 10:00 215552 c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 10:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 266752 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-04 10:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2004-08-04 10:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 10:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 10:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-08-04 10:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-10-10 18:18 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-10-10 18:18 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-10-10 18:19 . 2004-08-04 10:00 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-10-10 18:19 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2004-08-04 10:00 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2004-08-04 10:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2004-08-04 10:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2004-08-04 10:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 10:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 10:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
+ 2008-10-10 18:19 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 10:00 . 2009-10-20 14:58 263552 c:\windows\system32\dllcache\http.sys
+ 2004-08-04 10:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-10 18:17 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2004-08-04 10:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 10:00 . 2009-10-29 05:48 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 10:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 10:00 . 2008-06-13 13:10 272128 c:\windows\system32\dllcache\bthport.sys
+ 2004-08-04 10:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2004-08-04 10:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2004-08-04 10:00 . 2006-08-16 11:58 100352 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 151040 c:\windows\system32\cdfview.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 151040 c:\windows\system32\cdfview.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 10:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 100352 c:\windows\system32\6to4svc.dll
+ 2004-08-04 10:00 . 2006-08-16 11:58 100352 c:\windows\system32\6to4svc.dll
- 2009-11-07 01:57 . 2007-11-30 12:39 382840 c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\update\updspapi.dll
- 2009-11-07 01:57 . 2007-11-30 12:39 755576 c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\update\update.exe
- 2009-11-07 01:57 . 2007-11-30 12:39 231288 c:\windows\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\spuninst.exe
- 2009-08-11 17:52 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\updspapi.dll
- 2009-08-11 17:52 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe
- 2009-08-11 17:52 . 2009-05-26 11:40 231288 c:\windows\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spuninst.exe
+ 2009-12-04 10:09 . 2009-12-04 10:09 969728 c:\windows\Installer\b765d53.msi
+ 2009-12-04 10:01 . 2009-12-04 10:01 429568 c:\windows\Installer\b765d4c.msi
+ 2009-12-02 06:41 . 2009-12-02 06:41 169472 c:\windows\Installer\71b8a4.msi
+ 2009-12-03 12:20 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 14:58 . 2009-10-20 14:58 263552 c:\windows\Driver Cache\i386\http.sys
+ 2009-12-03 12:23 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
+ 2009-09-11 14:03 . 2009-09-11 14:03 136192 c:\windows\$hf_mig$\KB975467\SP2QFE\msv1_0.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 168448 c:\windows\$hf_mig$\KB968389\SP2QFE\schannel.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 136192 c:\windows\$hf_mig$\KB968389\SP2QFE\msv1_0.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 729600 c:\windows\$hf_mig$\KB968389\SP2QFE\lsasrv.dll
+ 2009-06-25 08:17 . 2009-06-25 08:17 301568 c:\windows\$hf_mig$\KB968389\SP2QFE\kerberos.dll
+ 2009-12-03 12:22 . 2009-02-06 09:41 227840 c:\windows\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe
+ 2009-02-11 01:31 . 2009-02-11 01:31 453120 c:\windows\$hf_mig$\KB956572\SP2QFE\wmiprvsd.dll
+ 2009-12-03 12:22 . 2009-02-06 10:22 110592 c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
+ 2009-12-03 12:22 . 2009-02-09 10:01 401408 c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
+ 2009-12-03 12:22 . 2009-03-06 14:00 284160 c:\windows\$hf_mig$\KB956572\SP2QFE\pdh.dll
+ 2009-12-03 12:22 . 2009-02-09 10:01 715264 c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll
+ 2009-12-03 12:22 . 2009-02-09 10:01 728576 c:\windows\$hf_mig$\KB956572\SP2QFE\lsasrv.dll
+ 2009-12-03 12:22 . 2009-02-09 10:01 473088 c:\windows\$hf_mig$\KB956572\SP2QFE\fastprox.dll
+ 2009-12-03 12:22 . 2009-02-09 10:01 617984 c:\windows\$hf_mig$\KB956572\SP2QFE\advapi32.dll
+ 2009-12-03 12:23 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
- 2009-10-14 04:12 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 07:03 . 2009-07-21 07:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-10-14 04:12 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\InstallTemp\178010007\GdiPlus.dll
+ 2008-10-10 18:20 . 2009-08-07 02:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-04 10:00 . 2009-05-20 19:24 2373504 c:\windows\system32\WMVCore.dll
+ 2004-08-04 10:00 . 2009-07-13 09:18 4960256 c:\windows\system32\wmp.dll
+ 2004-08-04 10:00 . 2008-06-10 13:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-04 10:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-04 10:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2006-03-30 09:16 . 2009-10-29 05:48 1506304 c:\windows\system32\shdocvw.dll
+ 2004-08-04 10:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 1435648 c:\windows\system32\query.dll
+ 2004-08-04 10:00 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
+ 2005-03-30 01:21 . 2009-08-04 12:49 2142720 c:\windows\system32\ntoskrnl.exe
+ 2005-03-30 01:01 . 2009-08-04 12:02 2020864 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-20 00:07 . 2009-08-20 00:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 07:05 . 2009-07-21 07:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 10:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2006-03-23 17:32 . 2009-10-29 05:48 3063296 c:\windows\system32\mshtml.dll
+ 2008-10-10 11:10 . 2009-12-04 10:27 2099008 c:\windows\system32\FNTCACHE.DAT
+ 2008-10-10 18:20 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-04 10:00 . 2009-05-20 19:24 2373504 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 10:00 . 2009-07-13 09:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-04 10:00 . 2008-06-10 13:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2004-08-04 10:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 10:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2006-03-30 09:16 . 2009-10-29 05:48 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 10:00 . 2004-08-04 10:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 10:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-04 10:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2009-11-10 19:14 . 2009-08-04 12:51 2185984 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2005-03-30 01:01 . 2009-08-04 12:02 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-11-10 19:14 . 2009-08-04 12:02 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2005-03-30 01:21 . 2009-08-04 12:49 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 10:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-10-10 18:19 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-03-23 17:32 . 2009-10-29 05:48 3063296 c:\windows\system32\dllcache\mshtml.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-03-04 03:33 . 2009-09-25 05:56 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-03-04 03:33 . 2009-09-25 05:56 1054208 c:\windows\system32\danim.dll
- 2006-03-04 03:33 . 2006-03-04 03:33 1054208 c:\windows\system32\danim.dll
+ 2006-03-04 03:33 . 2009-10-29 05:48 1023488 c:\windows\system32\browseui.dll
+ 2009-11-10 19:14 . 2009-08-04 12:51 2185984 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-11-10 19:14 . 2009-08-04 12:02 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-11-10 19:14 . 2009-08-04 12:02 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-11-10 19:14 . 2009-08-04 12:49 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-12-03 12:22 . 2009-02-06 10:32 2186112 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
+ 2009-12-03 12:22 . 2009-02-06 09:49 2020864 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrpamp.exe
+ 2009-12-03 12:22 . 2009-02-06 09:49 2062976 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
+ 2009-12-03 12:22 . 2009-02-06 10:29 2142720 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Google Update"="c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-01 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-03-18 2521464]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe Autorun" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TheLaptopLock"="c:\program files\The LaptopLock\LaptopLock.exe" [2007-02-02 397312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-01 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2009-05-01 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-7-3 530944]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2008-11-13 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-10 19:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Administrator\\Games\\Sins of a Solar Empire\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/7/2009 1:25 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/7/2009 1:25 AM 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/23/2009 9:54 PM 10384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/27/2009 9:45 PM 47640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11/25/2009 3:19 AM 583640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/9/2009 7:50 AM 19160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/31/2009 11:54 AM 721904]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/9/2009 7:50 AM 269648]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9dfdfb9-9529-11de-bd06-000000000000}]
\Shell\AutoRun\command - explorer .
\Shell\mobile\command - F:\MobileLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{Z99999999-999-9999-9999-MOT-2K3}]
c:\windows\2k3_USR.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1677128483-725345543-1004Core.job
- c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 07:19]

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1677128483-725345543-1004UA.job
- c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 07:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Sensei\Application Data\Mozilla\Firefox\Profiles\w622m1e0.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Sensei\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLM32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-13 15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-1677128483-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,a1,5f,76,2b,de,c6,9a,6c,04,44,14,8a,e4,84,f9,34,84,53,3d,93,64,54,
c0,8b,81,8a,23,4e,c1,c9,b4,f4,40,2f,ea,84,d9,a9,63,e6,f7,29,b7,c7,ce,d6,c2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-12-13 15:53
ComboFix-quarantined-files.txt 2009-12-13 22:53
ComboFix2.txt 2009-12-02 04:22

Pre-Run: 5,412,745,216 bytes free
Post-Run: 5,412,532,224 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AF7B647FFBDB465BC16506158D98C585

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 14th December 2009, 12:14 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 14th December 2009, 5:12 pm

The machine is running great! Thank you so much for your help.

So, just wondering, how bad was my computer? And what was the cause for the random audio commercials I would hear streaming to my computer?

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 14th December 2009, 7:36 pm

It was the infection causing that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 18th December 2009, 9:05 am

What specific infection was responsible for it? And which part in the cleaning up during this tutorial remove it? Thanks for answering my questions.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 18th December 2009, 9:27 am

A general smitfraud infection, fake alerts, etc, along with a patched system files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Saiko_Maiko on 19th December 2009, 1:45 am

Ah okay. Do you have any suggestions for active protection to prevent such infections (etc) happening while I browse the internet?

For example, I have the ScriptBlock plugin for my Mozilla Firefox browser, but I've been using Chrome recently and there aren't any plugins for Chrome like ScriptBlock.

Also, was the ComboFix removal of

c:\windows\system32\drivers\slyqzcpchmyd.sys
c:\windows\Internet Logs\tvDebug.zip

the key to removing that specific infection?

And just wondering as well, why did you instruct me to remove ComboFix and OTM? If they're vital to removal of infections such as these, wouldn't it be better to keep them? Again, thanks for taking the time to answer all my questions. I'm just trying to figure out ways to better protect myself.

Also, I seem to be reinfected with the streaming audio commercials Indifferent or Blank and I'm really not sure as to why. I've just been browsing the internet like I normally do, so I'm suspecting it's probably a site that's causing the infection.

Saiko_Maiko
Novice
Novice

Posts Posts : 12
Joined Joined : 2009-11-26
OS OS : Windows XP
Points Points : 25856
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Protector Seems Invincible At the Moment (Along wit

Post by Belahzur on 19th December 2009, 2:04 am

slyqzcpchmyd.sys is an infection file. tvDebug.zip is related to Zonealarm.

Open a new topic and we'll start this again. LMBO or ROFL

[edit]

Combofix and OTM are very powerful tools, they delete what you tell them to, without question. Pretty sure you don't want to end up deleting your system files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum