Disabled Virus scanner/system restore

View previous topic View next topic Go down

Disabled Virus scanner/system restore

Post by khaini1 on Thu Dec 31, 2009 6:07 am

My computer recived a virus I don't know how and I installed Malwarebytes and deleted everything that was found. It found a bunch of trojans and a rootkit.
After this is restarted and im still having problems esp with system restore is says some dll error or somthing.
no other virus scanner will work, Super antispyware wont install
Malwarebytes Results

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/12/2009 3:32:58 PM
mbam-log-2009-12-31 (15-32-58).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 397584
Time elapsed: 26 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\Installer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\lol\My Documents\downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Joshua's 'HARD TO GET' stuff\PCSX2_0.9.6_binary\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1982B28-D234-4BF6-8D95-36F35214EE60}\RP62\A0016371.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1982B28-D234-4BF6-8D95-36F35214EE60}\RP62\A0020188.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D1982B28-D234-4BF6-8D95-36F35214EE60}\RP62\A0023178.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
E:\RECYCLER\S-1-5-21-2459177635-2233214028-124344302-1003\De1\npkcusb.sys (Trojan.Goldun) -> Quarantined and deleted successfully.


Hijack results AFTER I deleted the stuff Malwarebytes found
*edit* i belive one of the files deleted was Malware Defence
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:25 PM, on 31/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.JOSHCOMP.000\My Documents\Downloads\winlogon.scr
C:\Program Files\Internet Explorer\Iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{76F99488-B9A5-4270-B09B-D602DDB7755F}: NameServer = 203.12.160.35,203.12.160.36
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7180 bytes

khaini1
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-12-31
OS : Windows XP

View user profile

Back to top Go down

Re: Disabled Virus scanner/system restore

Post by khaini1 on Thu Dec 31, 2009 8:21 am

Combo fix log

ComboFix 09-12-30.01 - lol 31/12/2009 18:07:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.730 [GMT 10:00]
Running from: c:\documents and settings\lol\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1003
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1004
c:\recycler\S-1-5-21-450527525-4178427298-2679724567-1003
c:\windows\system32\drivers\H8SRTcnowejltwh.sys
c:\windows\system32\H8SRTiuogxnraoy.dll
c:\windows\system32\H8SRTmctfvwgsps.dll
c:\windows\system32\H8SRTovklpqcbmh.dat
c:\windows\system32\H8SRTpojquymewp.dll
C:\desktop.ini
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1003\INFO2
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1004\desktop.ini
c:\recycler\S-1-5-21-1409082233-838170752-839522115-1004\INFO2
c:\recycler\S-1-5-21-450527525-4178427298-2679724567-1003\desktop.ini
c:\recycler\S-1-5-21-450527525-4178427298-2679724567-1003\INFO2
c:\windows\system32\drivers\H8SRTcnowejltwh.sys
c:\windows\system32\H8SRTiuogxnraoy.dll
c:\windows\system32\H8SRTmctfvwgsps.dll
c:\windows\system32\H8SRTovklpqcbmh.dat
c:\windows\system32\H8SRTpojquymewp.dll
c:\windows\system32\srcr.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 07:32 . 2009-12-31 07:32 879 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-31 06:49 . 2009-12-31 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-31 05:55 . 2009-12-31 05:55 -------- d-----w- c:\documents and settings\Administrator.JOSHCOMP.000\Local Settings\Application Data\Mozilla
2009-12-31 04:43 . 2009-12-30 04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 04:43 . 2009-12-30 04:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 20:24 . 2009-12-30 20:24 -------- d-----w- c:\documents and settings\lol\Application Data\Malwarebytes
2009-12-30 20:20 . 2009-12-30 20:20 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\Mozilla
2009-12-22 12:05 . 2009-12-22 12:05 45056 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\MapleStory.exe1_24EEF6D7A7B64AA9AFD9407185A7769F.exe
2009-12-22 12:05 . 2009-12-22 12:05 45056 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\MapleStory.exe_24EEF6D7A7B64AA9AFD9407185A7769F.exe
2009-12-22 12:05 . 2009-12-22 12:05 10134 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\ARPPRODUCTICON.exe
2009-12-22 10:38 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\ApplicationHistory
2009-12-22 10:38 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2009-12-22 10:32 . 2009-12-22 10:32 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-22 10:32 . 2009-12-22 10:32 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-22 08:12 . 2009-12-22 09:03 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7CD6575D-6397-4662-BD7A-C5DE187E71ED}\MapleStory.exe1_7CD6575D63974662BD7AC5DE187E71ED.exe
2009-12-22 08:12 . 2009-12-22 09:03 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7CD6575D-6397-4662-BD7A-C5DE187E71ED}\MapleStory.exe_7CD6575D63974662BD7AC5DE187E71ED.exe
2009-12-18 14:34 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-18 14:34 . 2009-11-25 02:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-18 14:34 . 2009-11-25 02:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-18 14:34 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-18 14:34 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-12-18 14:34 . 2009-12-18 14:34 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2009-12-18 14:34 . 2009-12-18 14:49 -------- d-----w- c:\program files\ATI
2009-12-18 14:33 . 2009-12-18 14:33 -------- d-----w- C:\ATI
2009-12-06 09:37 . 2009-12-06 09:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Nokia
2009-12-06 06:47 . 2009-12-06 06:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\IsolatedStorage
2009-12-06 06:42 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-06 06:42 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-06 06:41 . 2008-03-21 03:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-06 05:07 . 2009-12-06 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-06 05:07 . 2009-12-06 06:45 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2009-12-06 05:07 . 2009-12-06 05:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NokiaAccount
2009-12-06 05:07 . 2009-12-11 02:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2009-12-06 05:01 . 2009-12-06 05:01 -------- d-----w- c:\program files\MSXML 6.0
2009-12-06 05:00 . 2009-12-06 06:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nokia
2009-12-06 05:00 . 2009-12-06 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-06 05:00 . 2009-12-11 02:17 -------- d-----w- c:\windows\Globalization
2009-12-06 04:54 . 2009-12-19 07:17 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-06 04:54 . 2009-12-06 04:54 -------- d-----w- c:\program files\DIFX
2009-12-06 04:54 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-06 04:54 . 2009-12-06 04:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-06 04:53 . 2009-02-08 22:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-06 04:52 . 2009-12-06 04:52 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-06 04:52 . 2009-12-06 04:52 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-06 04:52 . 2009-12-06 04:52 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-06 04:52 . 2009-12-06 04:52 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-06 04:52 . 2009-12-06 04:52 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-06 04:52 . 2009-12-06 04:52 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-06 04:52 . 2009-12-06 04:52 94628904 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-12-06 04:52 . 2009-12-11 04:46 -------- d-----w- c:\program files\Nokia
2009-12-06 04:52 . 2009-12-06 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 06:54 . 2009-06-16 08:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 05:52 . 2009-12-31 05:52 -------- d-----w- c:\documents and settings\Administrator.JOSHCOMP.000\Application Data\Malwarebytes
2009-12-31 04:59 . 2009-06-16 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 20:35 . 2009-06-16 08:37 -------- d-----w- c:\program files\CCleaner
2009-12-22 10:59 . 2009-06-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-22 10:39 . 2009-12-22 10:39 -------- d-----w- c:\documents and settings\lol\Application Data\Ideazon
2009-12-22 10:39 . 2009-12-22 10:39 29128 ----a-w- c:\documents and settings\lol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 10:32 . 2009-06-16 08:48 -------- d-----w- c:\program files\MSECache
2009-12-21 16:40 . 2009-06-16 08:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-12-21 16:40 . 2009-06-16 08:58 -------- d-s---w- c:\program files\Xfire
2009-12-20 03:28 . 2008-11-14 03:51 29128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 16:02 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-12-19 06:32 . 2009-06-16 08:46 -------- d-----w- c:\program files\DNA
2009-12-19 04:00 . 2009-07-01 14:37 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-18 14:34 . 2003-12-31 18:22 -------- d-----w- c:\program files\ATI Technologies
2009-12-06 06:41 . 2009-12-06 06:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-06 06:41 . 2009-12-06 06:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-25 03:50 . 2008-11-13 21:32 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2003-12-31 18:23 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2008-11-13 21:34 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2008-08-08 08:38 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2008-08-08 08:38 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2008-08-08 08:38 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2008-08-08 08:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2008-08-08 08:37 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2008-08-08 08:36 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2008-08-08 08:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2003-12-31 18:23 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2008-11-13 21:34 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2008-08-08 08:33 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2008-11-13 21:34 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2003-12-31 18:23 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2003-12-31 18:23 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2008-08-08 07:58 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2008-08-08 07:54 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:19 . 2008-08-08 07:53 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2008-08-08 07:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2008-08-08 07:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2008-08-08 07:52 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2008-11-13 21:34 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-03 11:06 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-10-29 07:46 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-24 02:50 . 2009-10-24 02:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-23 10:21 . 2009-10-23 10:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 15:59 . 2003-12-31 18:23 196565 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 06:35 . 2008-11-14 03:31 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-13 10:30 . 2004-08-04 07:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 07:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 07:56 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 07:52 . 2009-09-22 10:56 286720 ------w- c:\windows\Setup1.exe
2009-10-06 07:52 . 2009-09-22 10:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-29 20480]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:22 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 19:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 18:07 61952 ----a-w- c:\windows\system32\hdashcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 15:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-05 15:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 06:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 15:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2005-10-04 23:23 86016 ----a-w- c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 15:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-03-08 13:26 13924864 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssdiag]
2004-12-02 01:04 57401 ----a-w- c:\windows\ssdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-09 19:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"Sophos AutoUpdate Service"=2 (0x2)
"SAVService"=2 (0x2)
"SAVAdminService"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"hpqwmi"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\Half-Life 2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.1.2-enUS-downloader.exe"=
"e:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"e:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58050:TCP"= 58050:TCP:Pando Media Booster
"58050:UDP"= 58050:UDP:Pando Media Booster
"56991:TCP"= 56991:TCP:Pando Media Booster
"56991:UDP"= 56991:UDP:Pando Media Booster

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2/06/2009 4:00 PM 8576]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/12/2009 2:43 PM 19160]
S0 tpggmru;tpggmru;c:\windows\system32\drivers\rncxil.sys --> c:\windows\system32\drivers\rncxil.sys [?]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2/05/2009 4:27 PM 99248]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/12/2009 2:43 PM 235344]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\Owner\LOCALS~1\Temp\nsi75.tmp\TfFRegNt.sys --> c:\docume~1\Owner\LOCALS~1\Temp\nsi75.tmp\TfFRegNt.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [31/12/2009 2:43 PM 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva264;XDva264;\??\c:\windows\system32\XDva264.sys --> c:\windows\system32\XDva264.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {76F99488-B9A5-4270-B09B-D602DDB7755F} = 203.12.160.35,203.12.160.36
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lol\Application Data\Mozilla\Firefox\Profiles\e5uo2t53.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
AddRemove-Battleships Forever_is1 - f:\battleships forever\unins000.exe
AddRemove-BrothersInArmsEiB - f:\ubisoft\Gearbox Software\BrothersInArmsEiB\System\Setup.exe
AddRemove-CABAL Online (GSC)_is1 - f:\cabal online (gsc)\unins000.exe
AddRemove-Deus Ex - f:\deusex\System\Setup.exe
AddRemove-Devastation Zone Troopers_is1 - f:\program files\Devastation Zone Troopers\ReflexiveArcade\unins000.exe
AddRemove-Diner Dash 2_is1 - f:\program files\Diner Dash 2\ReflexiveArcade\unins000.exe
AddRemove-DriftCity - f:\driftcity\uninstall.exe
AddRemove-Dyson_is1 - f:\dyson\unins000.exe
AddRemove-Escape Rosecliff Island_is1 - f:\program files\Escape Rosecliff Island\ReflexiveArcade\unins000.exe
AddRemove-Gunz - f:\ijji\ENGLISH\Gunz\Uninstall.exe
AddRemove-Heavy Weapon_is1 - f:\program files\Heavy Weapon\ReflexiveArcade\unins000.exe
AddRemove-HijackThis - c:\documents and settings\Administrator.JOSHCOMP.000\My Documents\Downloads\HijackThis.exe
AddRemove-Island Wars 2_is1 - f:\program files\Island Wars 2\ReflexiveArcade\unins000.exe
AddRemove-LEGO Rock Raiders - f:\program files\LEGO Media\Games\Rock Raiders\Uninst.isu
AddRemove-Neverwinter Nights(TM) Kingmaker - f:\neverwinternights\NWN\premium\uninst Neverwinter Nights(TM) Kingmaker.exe
AddRemove-Shin Megami Tensei: Imagine - f:\aeriagames\MegaTen\Uninst.exe
AddRemove-The Nameless Mod - f:\deusex\Uninstall_TNM.exe
AddRemove-{1446A30C-6DAF-461E-96B1-31C554870082}_is1 - f:\tag\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-31 18:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3332)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdccoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2009-12-31 18:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 08:18

Pre-Run: 55,356,239,872 bytes free
Post-Run: 58,345,611,264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

- - End Of File - - 0B95794AC3CB446E7832093BFE3865E0

khaini1
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-12-31
OS : Windows XP

View user profile

Back to top Go down

Re: Disabled Virus scanner/system restore

Post by Belahzur on Thu Dec 31, 2009 4:21 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    tpggmru
    AhnRptTfFRegFNT
    npggsvc
    XDva264
    XDva277

    File::
    c:\windows\system32\krl32mainweq.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Disabled Virus scanner/system restore

Post by khaini1 on Fri Jan 01, 2010 7:22 am

ComboFix 09-12-31.07 - lol 01/01/2010 17:05:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.555 [GMT 10:00]
Running from: c:\documents and settings\lol\Desktop\commy.exe
Command switches used :: c:\documents and settings\lol\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091231-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\krl32mainweq.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AHNRPTTFFREGFNT
-------\Legacy_XDVA264
-------\Legacy_XDVA277
-------\Service_AhnRptTfFRegFNT
-------\Service_npggsvc
-------\Service_tpggmru
-------\Service_XDva264
-------\Service_XDva277


((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-31 16:36 . 2009-12-31 16:36 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\Apple
2009-12-31 16:32 . 2009-12-31 16:36 -------- d-----w- c:\documents and settings\lol\Application Data\Apple Computer
2009-12-31 15:58 . 2009-12-31 16:36 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\Apple Computer
2009-12-31 10:40 . 2010-01-01 07:15 -------- d-----w- c:\documents and settings\lol\Tracing
2009-12-31 08:47 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-31 08:47 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-31 08:47 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-31 08:47 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-31 08:47 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-31 08:47 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-31 08:47 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-31 08:47 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-31 08:46 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-31 08:46 . 2009-12-31 08:46 -------- d-----w- c:\program files\Alwil Software
2009-12-31 08:34 . 2009-06-29 23:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-31 08:33 . 2009-12-31 08:33 -------- d-----w- c:\program files\Panda Security
2009-12-31 06:49 . 2009-12-31 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-31 05:55 . 2009-12-31 05:55 -------- d-----w- c:\documents and settings\Administrator.JOSHCOMP.000\Local Settings\Application Data\Mozilla
2009-12-31 04:43 . 2009-12-30 04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 04:43 . 2009-12-30 04:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 20:24 . 2009-12-30 20:24 -------- d-----w- c:\documents and settings\lol\Application Data\Malwarebytes
2009-12-30 20:20 . 2009-12-30 20:20 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\Mozilla
2009-12-22 12:05 . 2009-12-22 12:05 45056 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\MapleStory.exe1_24EEF6D7A7B64AA9AFD9407185A7769F.exe
2009-12-22 12:05 . 2009-12-22 12:05 45056 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\MapleStory.exe_24EEF6D7A7B64AA9AFD9407185A7769F.exe
2009-12-22 12:05 . 2009-12-22 12:05 10134 ----a-r- c:\documents and settings\lol\Application Data\Microsoft\Installer\{24EEF6D7-A7B6-4AA9-AFD9-407185A7769F}\ARPPRODUCTICON.exe
2009-12-22 10:39 . 2009-12-22 10:39 -------- d-----w- c:\documents and settings\lol\Local Settings\Application Data\Adobe
2009-12-22 10:39 . 2009-12-22 10:39 -------- d-----w- c:\documents and settings\lol\Application Data\Ideazon
2009-12-22 10:39 . 2009-12-22 10:39 29128 ----a-w- c:\documents and settings\lol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 10:32 . 2009-12-22 10:32 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-22 10:32 . 2009-12-22 10:32 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-12-22 08:12 . 2009-12-22 09:03 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7CD6575D-6397-4662-BD7A-C5DE187E71ED}\MapleStory.exe1_7CD6575D63974662BD7AC5DE187E71ED.exe
2009-12-22 08:12 . 2009-12-22 09:03 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7CD6575D-6397-4662-BD7A-C5DE187E71ED}\MapleStory.exe_7CD6575D63974662BD7AC5DE187E71ED.exe
2009-12-18 14:34 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-12-18 14:34 . 2009-11-25 02:18 3612672 ----a-w- c:\windows\system32\aticaldd.dll
2009-12-18 14:34 . 2009-11-25 02:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-12-18 14:34 . 2009-11-25 02:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-12-18 14:34 . 2009-05-11 22:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-12-18 14:34 . 2009-12-18 14:34 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2009-12-18 14:34 . 2009-12-18 14:49 -------- d-----w- c:\program files\ATI
2009-12-18 14:33 . 2009-12-18 14:33 -------- d-----w- C:\ATI
2009-12-06 09:37 . 2009-12-06 09:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Nokia
2009-12-06 06:47 . 2009-12-06 06:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\IsolatedStorage
2009-12-06 06:42 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-06 06:42 . 2008-04-13 14:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-12-06 06:41 . 2008-03-21 03:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-06 05:07 . 2009-12-06 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-06 05:07 . 2009-12-06 06:45 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2009-12-06 05:07 . 2009-12-06 05:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NokiaAccount
2009-12-06 05:07 . 2009-12-11 02:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2009-12-06 05:01 . 2009-12-06 05:01 -------- d-----w- c:\program files\MSXML 6.0
2009-12-06 05:00 . 2009-12-06 06:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Nokia
2009-12-06 05:00 . 2009-12-06 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-06 05:00 . 2009-12-11 02:17 -------- d-----w- c:\windows\Globalization
2009-12-06 04:54 . 2009-12-19 07:17 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-06 04:54 . 2009-12-06 04:54 -------- d-----w- c:\program files\DIFX
2009-12-06 04:54 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-06 04:54 . 2009-12-06 04:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-06 04:53 . 2009-02-08 22:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-06 04:52 . 2009-12-06 04:52 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-06 04:52 . 2009-12-06 04:52 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-06 04:52 . 2009-12-06 04:52 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-06 04:52 . 2009-12-06 04:52 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-06 04:52 . 2009-12-06 04:52 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-06 04:52 . 2009-12-06 04:52 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-06 04:52 . 2009-12-06 04:52 94628904 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_11_update.exe
2009-12-06 04:52 . 2009-12-11 04:46 -------- d-----w- c:\program files\Nokia
2009-12-06 04:52 . 2009-12-06 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 07:16 . 2009-04-18 04:41 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-01 06:50 . 2009-12-31 10:29 4966406 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-31 10:44 . 2009-06-16 08:37 -------- d-----w- c:\program files\Bonjour
2009-12-31 08:48 . 2009-12-31 08:48 -------- d-----w- c:\documents and settings\lol\Application Data\CheckPoint
2009-12-31 08:48 . 2009-12-31 08:48 -------- d-----w- c:\program files\CheckPoint
2009-12-31 08:48 . 2009-12-31 08:48 -------- d-----w- c:\program files\Zone Labs
2009-12-31 06:54 . 2009-06-16 08:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 05:52 . 2009-12-31 05:52 -------- d-----w- c:\documents and settings\Administrator.JOSHCOMP.000\Application Data\Malwarebytes
2009-12-31 04:59 . 2009-06-16 08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 20:35 . 2009-06-16 08:37 -------- d-----w- c:\program files\CCleaner
2009-12-22 10:59 . 2009-06-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-22 10:32 . 2009-06-16 08:48 -------- d-----w- c:\program files\MSECache
2009-12-21 16:40 . 2009-06-16 08:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-12-21 16:40 . 2009-06-16 08:58 -------- d-s---w- c:\program files\Xfire
2009-12-20 03:28 . 2008-11-14 03:51 29128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-19 16:02 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-12-19 06:32 . 2009-06-16 08:46 -------- d-----w- c:\program files\DNA
2009-12-19 04:00 . 2009-07-01 14:37 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-12-18 14:34 . 2003-12-31 18:22 -------- d-----w- c:\program files\ATI Technologies
2009-12-06 06:41 . 2009-12-06 06:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-06 06:41 . 2009-12-06 06:41 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-25 03:50 . 2008-11-13 21:32 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2003-12-31 18:23 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2008-11-13 21:34 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2008-08-08 08:38 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2008-08-08 08:38 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2008-08-08 08:38 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2008-08-08 08:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2008-08-08 08:37 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2008-08-08 08:36 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2008-08-08 08:34 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2003-12-31 18:23 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2008-11-13 21:34 3538496 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2008-08-08 08:33 13533184 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2008-11-13 21:34 2142848 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2003-12-31 18:23 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2003-12-31 18:23 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2008-08-08 07:58 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2008-08-08 07:54 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-25 02:19 . 2008-08-08 07:53 176128 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2008-08-08 07:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2008-08-08 07:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2008-08-08 07:52 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2008-11-13 21:34 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-22 05:42 . 2009-12-31 08:48 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-22 05:42 . 2009-12-31 08:48 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-22 05:42 . 2009-12-31 08:48 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-03 11:06 . 2009-06-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-10-29 07:46 . 2004-08-04 07:56 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-24 02:50 . 2009-10-24 02:50 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-23 10:21 . 2009-10-23 10:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 15:59 . 2003-12-31 18:23 196565 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 06:35 . 2008-11-14 03:31 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-13 10:30 . 2004-08-04 07:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 07:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 07:56 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 07:52 . 2009-09-22 10:56 286720 ------w- c:\windows\Setup1.exe
2009-10-06 07:52 . 2009-09-22 10:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 07:15 . 2010-01-01 07:15 16384 c:\windows\temp\Perflib_Perfdata_79c.dat
+ 2009-12-31 08:48 . 2009-11-22 05:42 99208 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 65928 c:\windows\system32\ZoneLabs\zatray.exe
+ 2009-12-31 08:48 . 2009-11-22 05:43 20872 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 43912 c:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 85384 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 37256 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 18824 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12680 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 11144 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 14216 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12168 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 29064 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 12680 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 41864 c:\windows\system32\vswmi.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 58248 c:\windows\system32\vsregexp.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 141192 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-12-31 08:47 . 2009-11-22 05:42 210824 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-12-31 08:48 . 2007-10-11 06:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 434568 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 135048 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-12-31 08:48 . 2009-07-13 13:58 722392 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 119688 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 267656 c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:43 175496 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 368008 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 139144 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 376712 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-12-31 08:47 . 2009-10-09 10:33 579048 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-12-31 08:48 . 2008-03-17 06:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 109960 c:\windows\system32\vsxml.dll
+ 2009-12-31 08:47 . 2009-11-22 05:42 621960 c:\windows\system32\vsutil.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 299912 c:\windows\system32\vspubapi.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 107912 c:\windows\system32\vsmonapi.dll
+ 2009-12-31 08:47 . 2009-11-22 05:42 227720 c:\windows\system32\vsinit.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 486280 c:\windows\system32\vsdatant.sys
+ 2009-12-31 08:47 . 2009-11-22 05:42 112008 c:\windows\system32\vsdata.dll
+ 2009-12-31 08:48 . 2009-11-22 05:42 1789320 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-12-31 08:48 . 2009-11-22 05:44 2384240 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-12-31 08:48 . 2009-11-22 05:43 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-29 20480]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:22 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 19:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 18:07 61952 ----a-w- c:\windows\system32\hdashcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-05 15:19 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-05 15:22 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 06:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-05 15:23 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2005-10-04 23:23 86016 ----a-w- c:\program files\HPQ\HP ProtectTools Security Manager\pthosttr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 15:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-03-08 13:26 13924864 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 19:01 525824 ----a-w- c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssdiag]
2004-12-02 01:04 57401 ----a-w- c:\windows\ssdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-09 19:43 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"Sophos AutoUpdate Service"=2 (0x2)
"SAVService"=2 (0x2)
"SAVAdminService"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"hpqwmi"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\Half-Life 2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.1.2-enUS-downloader.exe"=
"e:\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"e:\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"e:\\World of Warcraft\\BackgroundDownloader.exe"=
"e:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"58050:TCP"= 58050:TCP:Pando Media Booster
"58050:UDP"= 58050:UDP:Pando Media Booster
"56991:TCP"= 56991:TCP:Pando Media Booster
"56991:UDP"= 56991:UDP:Pando Media Booster

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [31/12/2009 6:34 PM 28552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/12/2009 6:47 PM 114768]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2/06/2009 4:00 PM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/12/2009 6:47 PM 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 11:30 PM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 11:30 PM 476528]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/12/2009 2:43 PM 19160]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2/05/2009 4:27 PM 99248]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/12/2009 2:43 PM 235344]
.
Contents of the 'Scheduled Tasks' folder

2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {76F99488-B9A5-4270-B09B-D602DDB7755F} = 203.12.160.35,203.12.160.36
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\lol\Application Data\Mozilla\Firefox\Profiles\e5uo2t53.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-01 17:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
c:\windows\system32\nvshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdccoms.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-01-01 17:19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 07:19
ComboFix2.txt 2009-12-31 08:18

Pre-Run: 57,884,028,928 bytes free
Post-Run: 57,754,255,360 bytes free

- - End Of File - - 98C1CDCB07E9DB724D1E41E099A3271C

khaini1
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-12-31
OS : Windows XP

View user profile

Back to top Go down

Re: Disabled Virus scanner/system restore

Post by Belahzur on Fri Jan 01, 2010 3:10 pm

Hello.
Delete this file in bold:

c:\windows\Internet Logs\tvDebug.Zip

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Disabled Virus scanner/system restore

Post by khaini1 on Fri Jan 01, 2010 8:19 pm

Good thank you

khaini1
Beginner
Beginner

Status :
Online
Offline

Posts : 4
Joined : 2009-12-31
OS : Windows XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum