Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit and others, Don't know how to fix these


  • This topic is locked This topic is locked
19 replies to this topic

#1 china423

china423

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 August 2009 - 05:08 PM

I've tried scanning with online scanners, malware, etc to get rid of these but they seem to keep popping up. I am getting BSOD on load occassionally but I'm not sure of the exact message because it restarts immediately. My google searches are being hijacked and redirected sometimes as well. Here are my latest logs. and occasiona;y i get a blue screen error sayin driver irql not less or equal then have to manually turn off my comptuer to restart. that happens once a day or every other day.

latest logs:



DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 17:06:06.06 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.759 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
TB: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpywareBlaster] c:\program files\spywareblaster\spywareblaster.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [ShowWnd] ShowWnd.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CHotkey] zHotkey.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/b/e/5/be592e3e-4442-4588-b01e-8fe3a2e104ac/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169567753390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} - hxxp://download.copysafe.net/Plugin/Download/Copysafe.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t9ciwmhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - component: c:\program files\google\google gears\firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {C1CA01F8-FA0A-4FEA-A967-633E09549F65} - c:\documents and settings\owner\local settings\application data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-5 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-17 11608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-2-7 159600]
R1 PrevxTdi;PREVX Tdi filter;c:\windows\system32\drivers\pxtdi.sys [2009-7-12 18560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-17 55640]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2006-4-9 5152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-8-23 211216]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-2-7 73840]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-2-7 146800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-18 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-8-23 19096]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-2-7 95640]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c9df3894c7ec24;Google Update Service (gupdate1c9df3894c7ec24);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]

=============== Created Last 30 ================

2009-08-03 16:42 219,648 a------- c:\windows\PEV.exe
2009-08-03 16:42 <DIR> --ds---- C:\Combo-Fix
2009-08-03 16:42 389,120 a------- c:\windows\system32\CF24982.exe
2009-08-03 16:31 <DIR> --dsh--- c:\windows\system32\lowsec
2009-08-03 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\16491714
2009-08-03 12:47 <DIR> --d----- c:\docume~1\owner\applic~1\AVG8
2009-08-02 22:01 1,737,252,864 a------- C:\DVD_01_1.ISO
2009-08-02 21:46 <DIR> --d----- C:\DVD_01_1
2009-08-02 21:32 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-08-02 21:32 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-08-02 20:44 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-08-02 20:01 <DIR> --d----- C:\ConverterOutput
2009-08-02 19:58 <DIR> --d----- c:\program files\Cucusoft
2009-08-01 16:25 1,140 a---h--- C:\aaw7boot.cmd
2009-08-01 10:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-01 09:52 4 a------- c:\windows\system32\bincd32.dat
2009-07-29 23:31 <DIR> --d----- c:\program files\DVDVideoSoft
2009-07-29 23:31 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-07-29 20:27 <DIR> --d----- c:\program files\Pixelan
2009-07-29 20:25 <DIR> --d----- c:\program files\Sonic Foundry
2009-07-29 20:23 <DIR> --d----- c:\program files\common files\eSellerate
2009-07-29 20:22 90,112 a------- c:\windows\unvise32.exe
2009-07-29 20:21 <DIR> --d----- c:\program files\Magic Bullet Editors 2.0 Vegas
2009-07-29 18:41 <DIR> --d----- C:\DVDVideoSoft
2009-07-28 21:24 3,221 a------- c:\windows\arazaqawi.dll
2009-07-28 21:10 <DIR> --d----- c:\documents and settings\all users\CyberLink
2009-07-28 20:06 <DIR> --d----- c:\program files\ACE Mega CoDecS Pack
2009-07-28 19:47 224,256 a------- c:\windows\system32\MMIJG32.dll
2009-07-28 19:44 120 a------- c:\windows\Thofirogodinire.dat
2009-07-28 19:18 3,253 a------- c:\windows\ibupopep.dll
2009-07-28 07:48 69,632 a------- C:\cchksw.exe
2009-07-27 17:25 367 a------- c:\windows\system32\hjgruilog.dat
2009-07-27 17:22 65,536 a------- c:\windows\system32\NeroCo.dll
2009-07-27 17:22 57,344 a------- c:\windows\system32\NeroBurnRights.cpl
2009-07-27 17:22 2,031,616 -------- c:\windows\UNNeroBurnRights.exe
2009-07-27 17:22 23,936 -------- c:\windows\UNNeroBurnRights.cfg
2009-07-26 20:11 <DIR> --d----- c:\program files\Vstplugins
2009-07-19 12:30 <DIR> --d----- c:\program files\AskBarDis
2009-07-19 11:46 <DIR> --d----- c:\program files\LimeWire
2009-07-19 11:43 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-16 14:25 <DIR> --d----- c:\program files\iTunes
2009-07-15 18:12 <DIR> --dsh--- c:\windows\System Volume Information
2009-07-15 18:11 1,699 a------- C:\aqwiry.exe
2009-07-15 18:11 1,699 a------- C:\mcogk.exe
2009-07-15 16:12 375 a------- c:\windows\system32\MRT.INI
2009-07-12 15:46 <DIR> --d----- c:\docume~1\owner\applic~1\Prevx
2009-07-12 12:34 9,728 a------- c:\windows\system32\drivers\pxscinst.dll
2009-07-12 12:34 7,680 a------- c:\windows\system32\drivers\pxinst.dll
2009-07-12 12:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prevx
2009-07-12 11:48 0 a------- C:\bcrypt.html
2009-07-12 11:35 56,320 a------- C:\dbckb.exe
2009-07-12 11:35 33,280 a------- C:\errigh.exe
2009-07-12 11:33 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-07-12 11:33 6 a------- c:\windows\system32\_id.dat
2009-07-12 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92753746
2009-07-12 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12743754
2009-07-12 11:32 1,699 a------- C:\-52826229
2009-07-09 17:17 0 a------- c:\windows\system32\uactmp.db
2009-07-09 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\17665624

==================== Find3M ====================

2009-08-02 21:47 58,904 a------- c:\windows\system32\azipcontmn.dll
2009-07-19 11:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-16 14:54 256 a------- c:\documents and settings\owner\pool.bin
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 11:33 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 09:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-16 09:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-11 09:35 177,844 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2007-03-07 18:20 138 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2006-02-03 22:34 64,632 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:07:03.53 ===============

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 03 August 2009 - 05:52 PM

Hello china423 and Welcome to BleepingComputer.

I'm DocSatan and I will be helping you with your "Malware" related computer problems. Please give me some time to research your Log and I will get back to you ASAP. :thumbup2:

In the meantime:

1. Please TRACK this Topic

  • At the top of this thread (not the top of this web page) there is an Options button, right below the Add Reply and the New Topic buttons.
  • Click on Options
  • Then click on Track This Topic
  • Place a tick mark next to Immediate Email Notification
  • Then click on Proceed
  • You will now receive an e-mail as soon as a Reply is made to this Topic. :)
2. Do Not Make Any Changes to the "Infected" Computer.
  • Once you have posted a NEW DDS Log, Do Not make any changes to the computer. I will be researching the DDS Log that you post and any changes made to the system might interfere with the FIX that I prepare for you. Examples of "Changes":
  • Deleting Files/Folders
  • Installing/Uninstalling Programs
  • Running Anti-Virus, Anti-Malware, Anti-Spyware, etc., Programs
3. Please do not seek Help with this issue at another Computer Help Forum
  • While we are working together I must insist that you do not seek help with this matter at any other Help Forum.
  • Having multiple (more than one) Forums provide help for the same computer issue will result in confusion with preparing a Fix.
  • It is also not fair to the Volunteer who is helping you, as her/his time will be wasted trying to fix a computer that someone else is also trying to fix.
  • So, if you have posted at another Computer Help Forum for this same issue I would ask that you choose which Forum that you wish to stay with and inform the other Forum(s) that you no longer require their assistance.
4. Throughout the course of us working together, I will be posting step-by-step procedures for you to follow on your computer.
  • If at any time you do not fully understand what I have said, or you are not exactly sure what you are supposed to do, then please stop there and Post back to this topic and ask your questions. That way I will be able to more clearly explain the step/procedure and we won't have to worry about any steps being done incorrectly. :)

Doc.

#3 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 August 2009 - 06:19 PM

ComboFix 09-08-03.04 - Owner 08/03/2009 17:18.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.794 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aqwiry.exe
C:\dbckb.exe
c:\docume~1\Owner\LOCALS~1\Temp\1.wmv
c:\documents and settings\All Users\Application Data\92753746.ini
c:\documents and settings\Owner\Application Data\bcrypt.html
c:\documents and settings\Owner\Favorites\. WheelWax ..url
c:\documents and settings\Owner\Favorites\EA Forums Problem Convincing Players to Stay .URL
c:\documents and settings\Owner\Favorites\http www.insidethehall.com .URL
c:\documents and settings\Owner\Favorites\Whats a good bad ass myspace headline .URL
C:\errigh.exe
C:\mcogk.exe
c:\recycler\S-1-5-21-0446450265-5881498587-584822694-1468
c:\recycler\S-1-5-21-7295581389-5429216794-304705178-2189
c:\windows\Installer\12aad52.msi
c:\windows\Installer\12aad59.msi
c:\windows\Installer\12aad60.msi
c:\windows\Installer\18e76d2b.msi
c:\windows\Installer\18e76d2f.msi
c:\windows\Installer\24387.msi
c:\windows\Installer\245bfb.msp
c:\windows\Installer\52cd7a1.msi
c:\windows\Installer\56c02a.msi
c:\windows\Installer\56c02e.msi
c:\windows\Installer\5c83a35a.msi
c:\windows\kb913800.exe
c:\windows\system32\_id.dat
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\hjgruilog.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\uactmp.db

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 21:23 . 2009-08-03 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\16491714
2009-08-03 17:47 . 2009-08-03 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-03 02:46 . 2009-08-03 02:46 -------- d-----w- C:\DVD_01_1
2009-08-03 02:32 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-03 01:44 . 2009-08-03 01:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinAVI
2009-08-03 01:44 . 2009-08-03 02:49 -------- d-----w- c:\program files\WinAVI Video Converter
2009-08-03 01:01 . 2009-08-03 01:01 -------- d-----w- C:\ConverterOutput
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\program files\Cucusoft
2009-08-01 21:25 . 2009-08-01 21:25 1140 ---ha-w- C:\aaw7boot.cmd
2009-08-01 15:04 . 2009-08-01 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-01 15:04 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-01 14:52 . 2009-08-01 14:54 4 ----a-w- c:\windows\system32\bincd32.dat
2009-07-30 04:31 . 2009-07-30 04:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-30 04:31 . 2009-07-30 04:31 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-30 01:27 . 2009-07-30 01:27 -------- d-----w- c:\program files\Pixelan
2009-07-30 01:25 . 2009-07-30 01:25 -------- d-----w- c:\program files\Sonic Foundry
2009-07-30 01:23 . 2009-07-30 01:23 -------- d-----w- c:\program files\Common Files\eSellerate
2009-07-30 01:22 . 2004-03-29 21:23 90112 ----a-w- c:\windows\unvise32.exe
2009-07-30 01:21 . 2009-07-30 01:22 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas
2009-07-30 00:32 . 2009-07-30 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-07-29 23:41 . 2009-07-29 23:41 -------- d-----w- C:\DVDVideoSoft
2009-07-29 02:24 . 2009-07-29 02:24 3221 ----a-w- c:\windows\arazaqawi.dll
2009-07-29 02:10 . 2009-07-29 02:11 -------- d-----w- c:\documents and settings\All Users\CyberLink
2009-07-29 01:06 . 2009-07-30 00:47 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-29 00:47 . 2002-01-16 13:45 224256 ----a-w- c:\windows\system32\MMIJG32.dll
2009-07-29 00:44 . 2009-07-29 00:44 120 ----a-w- c:\windows\Thofirogodinire.dat
2009-07-29 00:18 . 2009-07-29 00:18 3253 ----a-w- c:\windows\ibupopep.dll
2009-07-28 23:55 . 2009-07-28 23:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}
2009-07-28 12:48 . 2009-07-28 12:48 69632 ----a-w- C:\cchksw.exe
2009-07-28 12:44 . 2009-07-28 12:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:22 . 2004-08-05 20:58 65536 ----a-w- c:\windows\system32\NeroCo.dll
2009-07-27 22:22 . 2004-08-04 19:19 2031616 ------w- c:\windows\UNNeroBurnRights.exe
2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\program files\Vstplugins
2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-07-19 17:30 . 2009-07-29 21:34 -------- d-----w- c:\program files\AskBarDis
2009-07-19 16:46 . 2009-07-19 16:47 -------- d-----w- c:\program files\LimeWire
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-16 19:25 . 2009-07-16 19:26 -------- d-----w- c:\program files\iTunes
2009-07-16 19:20 . 2009-07-16 19:20 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 23:12 . 2009-07-15 23:12 -------- d-sh--w- c:\windows\System Volume Information
2009-07-15 20:33 . 2009-07-18 00:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-12 20:46 . 2009-07-12 20:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Prevx
2009-07-12 16:50 . 2009-07-12 16:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-12 16:33 . 2009-07-12 16:33 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2009-07-12 16:33 . 2009-07-16 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\92753746
2009-07-12 16:33 . 2009-07-16 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\12743754
2009-07-09 22:05 . 2009-07-10 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\17665624

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 22:47 . 2007-04-11 22:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-03 03:12 . 2005-08-10 23:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-08-03 02:47 . 2009-03-09 18:14 58904 ----a-w- c:\windows\system32\azipcontmn.dll
2009-08-01 15:04 . 2009-06-05 12:17 -------- d-----w- c:\program files\Lavasoft
2009-08-01 14:38 . 2006-01-02 03:46 -------- d-----w- c:\program files\DivX
2009-08-01 14:20 . 2009-05-17 14:51 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 14:12 . 2005-08-06 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 14:12 . 2005-08-06 03:10 -------- d-----w- c:\program files\CyberLink
2009-08-01 14:07 . 2009-05-17 17:14 -------- d-----w- c:\program files\MoviePod
2009-08-01 13:09 . 2008-05-06 01:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:22 . 2009-02-23 17:05 -------- d-----w- c:\program files\Sony
2009-07-30 22:21 . 2009-02-23 17:05 -------- d-----w- c:\program files\Sony Setup
2009-07-30 03:52 . 2009-02-23 17:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2009-07-30 00:17 . 2006-01-17 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-29 01:48 . 2009-02-22 17:58 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-29 01:08 . 2009-01-26 13:26 -------- d-----w- c:\program files\QuickTime
2009-07-28 12:47 . 2009-07-12 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Prevx
2009-07-28 02:31 . 2007-07-10 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-07-27 22:22 . 2008-02-09 16:18 -------- d-----w- c:\program files\Ahead
2009-07-27 00:25 . 2006-01-20 01:16 -------- d-----w- c:\program files\Azureus
2009-07-26 00:14 . 2008-08-20 02:22 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2009-07-19 17:31 . 2008-08-20 02:20 -------- d-----w- c:\program files\FrostWire
2009-07-19 16:43 . 2008-10-24 00:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 21:40 . 2008-01-17 19:35 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-18 21:30 . 2008-06-12 20:37 256 ----a-w- c:\windows\system32\pool.bin
2009-07-18 00:33 . 2009-05-28 02:03 -------- d-----w- c:\program files\Google
2009-07-16 19:54 . 2008-06-12 20:40 256 ----a-w- c:\documents and settings\Owner\pool.bin
2009-07-16 19:25 . 2006-02-04 20:27 -------- d-----w- c:\program files\iPod
2009-07-16 19:25 . 2007-07-11 18:53 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 01:21 . 2008-08-23 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 01:12 . 2009-03-29 00:26 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 23:19 . 2008-10-19 20:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 18:36 . 2008-08-23 22:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2008-08-23 22:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 21:42 . 2005-08-08 23:47 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-07-12 21:42 . 2005-08-08 23:47 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-07-12 21:42 . 2005-08-08 23:47 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-07-12 21:42 . 2005-08-08 23:47 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-07-12 20:59 . 2006-08-05 15:03 -------- d-----w- c:\documents and settings\Owner\Application Data\RipIt4Me
2009-07-12 16:33 . 2005-04-13 16:55 182656 ------w- c:\windows\system32\drivers\ndis.sys
2009-07-10 22:38 . 2008-09-07 16:42 -------- d-----w- c:\program files\SpywareBlaster
2009-07-09 21:16 . 2006-11-09 22:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 00:14 . 2005-10-24 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-03 17:09 . 2005-04-13 16:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-06-05 12:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-29 22:29 . 2009-02-07 17:40 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-06-23 03:46 . 2009-06-23 03:46 12685312 ---ha-w- c:\documents and settings\Owner\ntuser.tmp
2009-06-22 12:39 . 2008-03-03 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-16 21:08 . 2009-06-16 20:49 -------- d-----w- c:\program files\AZPR
2009-06-16 14:36 . 2005-04-13 16:56 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-13 16:55 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\DesktopMgr.exe
2009-06-14 14:38 . 2009-06-14 14:38 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-06-11 14:35 . 2009-06-11 14:48 177844 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-05 16:42 . 2009-03-28 16:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2007-11-22 20:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 02:53 . 2009-06-05 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-06-05 02:49 . 2009-06-05 02:49 -------- d-----w- c:\program files\AVG
2009-06-04 02:22 . 2005-08-09 02:32 94576 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:09 . 2005-04-13 16:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-09 06:14 . 2009-02-11 16:07 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-02-11 16:07 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2005-04-13 16:55 345600 ------w- c:\windows\system32\localspl.dll
2009-07-24 21:15 . 2008-06-25 22:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2005-08-09 00:32 . 2005-08-09 00:32 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

------- Sigcheck -------

[-] 2004-08-10 19:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2009-07-12 16:33 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[-] 2009-07-12 16:33 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareBlaster"="c:\program files\SpywareBlaster\spywareblaster.exe" [2009-04-09 1340944]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PREVXAgent"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[־`=v%S8>grl>\=۱"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 7:17 AM 64160]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2/7/2009 12:41 PM 159600]
R1 PrevxTdi;PREVX Tdi filter;c:\windows\system32\drivers\pxtdi.sys [7/12/2009 12:34 PM 18560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 10:16 AM 108289]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [4/9/2006 7:40 PM 5152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/23/2008 5:58 PM 211216]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2/7/2009 12:41 PM 73840]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/18/2007 10:44 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2008 5:58 PM 19096]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2/7/2009 12:40 PM 95640]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c9df3894c7ec24;Google Update Service (gupdate1c9df3894c7ec24);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 9:04 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 11:53 PM 19677]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:04]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:04]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-PWRISOVM - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t9ciwmhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {C1CA01F8-FA0A-4FEA-A967-633E09549F65} - c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 17:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,17,cf,ac,96,13,4d,b7,64,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,17,cf,ac,96,13,4d,b7,64,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-03 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 22:53

Pre-Run: 146,669,375,488 bytes free
Post-Run: 148,044,681,216 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
330 --- E O F --- 2009-08-01 13:09

#4 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 03 August 2009 - 07:53 PM

Hello china423,

I see that you have Run ComboFix without me asking you to. Couple things I must point out to you:
  • Combofix is an extremely powerful tool that should only be run under the supervision of a Helper trained in it's use. By running ComboFix on your own, without being instructed by a Trained Helper, you could have seriously damaged your computer. Please do Not run ComboFix again, unless I have instructed you to.

  • As I stated in my initial Post:

    2. Do Not Make Any Changes to the "Infected" Computer.
    Once you have posted a NEW DDS Log, Do Not make any changes to the computer. I will be researching the DDS Log that you post and any changes made to the system might interfere with the FIX that I prepare for you. Examples of "Changes":

    • Deleting Files/Folders
    • Installing/Uninstalling Programs
    • Running Anti-Virus, Anti-Malware, Anti-Spyware, etc., Programs

    • ComboFix falls under this instruction. Now that you have Run ComboFix, all the research that I have done on your DDS Log has been rendered useless since ComboFix has deleted many entries already. I will now have to start over by researching the ComboFix Log.
  • This next part is Very Important:
    • I need to know that you can follow my directions/instructions before we can continue to work together.
    • If there is an issue with you not understanding what I have posted, then please stop and post your questions in a reply to this topic. I will be more than happy to answer any of your questions. :thumbup2:
Please post a Reply to this Topic letting me know if you will be able to follow my direction/instructions.

Doc.

#5 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 August 2009 - 08:10 PM

ok sorry. yes i will do exactly what u say

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 03 August 2009 - 08:14 PM

Great! :thumbup2:

Please give me some time to research your Log and I will get back to you ASAP. :)

Doc.

#7 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 04 August 2009 - 04:28 PM

Hello china423,

1. Before we get started on fixing your computer, I'd like to caution you about the use of Peer2Peer programs.
In your case: LimeWire, Azureus, and FrostWire.
Although the actual P2P program may not contain malicious programs, the files that you are downloading and sharing within the P2P community may have. It is very easy for someone to attach some BadGuys onto a legitimate file that you may be downloading without your knowledge, thereby infecting your machine. The decision to keep the P2P program or uninstall it is up to you. Here is some information regarding P2P programs:2. Remove the following programs:
  • Go to Add/Remove Programs
    • Start --> Control Panel --> Add or Remove Programs
  • Remove any instances of the following programs:
    • Viewpoint
    • Ask Toolbar
3. Please upload the following files to Jotti.org
  • Click HERE
  • At the top of the page that opens, Click on Browse
  • Navigate to this file: Thofirogodinire.dat found here: c:\windows\
  • Double click on Thofirogodinire.dat
  • Now click on Submit at the top of the Jotti web page.
  • The file will now be scanned by Jotti. The web page will change during the scanning process.
  • When the scan is finished, there will be 2 different sections on the page.
  • Copy and Paste both sections into your next reply here.
  • Do the same for this file as well:
  • c:\windows\system32\drivers\xbreader.sys
[/list]4. Please run Malwarebyte's AntiMalware (MBAM)
  • I see that you have MBAM on your system. Please double-click on the MBAM icon.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

5. What I need in your next reply:
  • Jotti Results for those 2 files (cut and paste)
  • MBAM results (cut and paste)
  • Any problems?
Doc.

#8 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 August 2009 - 05:05 PM

ok thanks.
when i went to add/remove programs i didnt see any ask toolbar or viewpoints listed.


Jotti's malware scan
Filename: Thofirogodinire.dat
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 4 Aug 2009 23:50:39 (CET) Permalink

Additional info
File size: 120 bytes
Filetype: ASCII text, with no line terminators
MD5: 8efeabdeec3de81c3dc42a2801ddf461
SHA1: 02f1032b36b1546af5815cd03befd0aa5a09b008




Scanners
[ArcaVir]
2009-08-04 Found nothing
[G DATA]
2009-08-04 Found nothing
[A-Squared]
2009-08-04 Found nothing
[Ikarus]
2009-08-04 Found nothing
[Avast! antivirus]
2009-08-04 Found nothing
[Kaspersky Anti-Virus]
2009-08-04 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-04 Found nothing
[ESET NOD32]
2009-08-04 Found nothing
[Avira AntiVir]
2009-08-04 Found nothing
[Norman Virus Control]
2009-08-04 Found nothing
[Softwin BitDefender]
2009-08-04 Found nothing
[Panda Antivirus]
2009-08-04 Found nothing
[ClamAV]
2009-08-04 Found nothing
[Quick Heal]
2009-08-04 Found nothing
[CPsecure]
2009-08-04 Found nothing
[Sophos]
2009-08-04 Found nothing
[Dr.Web]
2009-08-04 Found nothing
[VirusBlokAda VBA32]
2009-08-03 Found nothing
[Frisk F-Prot Antivirus]
2009-08-04 Found nothing
[VirusBuster]
2009-08-04 Found nothing
[F-Secure Anti-Virus]
2009-08-04 Found nothing

Jotti's malware scan
Filename: xbreader.sys
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 4 Aug 2009 23:53:14 (CET) Permalink

Additional info
File size: 19677 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 05a74d2be6f493c65d7221d1d0e8a23c
SHA1: ad856dc415e5ddb936e307d98a9b59e27b48d44e




Scanners
[ArcaVir]
2009-08-04 Found nothing
[G DATA]
2009-08-04 Found nothing
[A-Squared]
2009-08-04 Found nothing
[Ikarus]
2009-08-04 Found nothing
[Avast! antivirus]
2009-08-04 Found nothing
[Kaspersky Anti-Virus]
2009-08-04 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-04 Found nothing
[ESET NOD32]
2009-08-04 Found nothing
[Avira AntiVir]
2009-08-04 Found nothing
[Norman Virus Control]
2009-08-04 Found nothing
[Softwin BitDefender]
2009-08-04 Found nothing
[Panda Antivirus]
2009-08-04 Found nothing
[ClamAV]
2009-08-04 Found nothing
[Quick Heal]
2009-08-04 Found nothing
[CPsecure]
2009-08-04 Found nothing
[Sophos]
2009-08-04 Found nothing
[Dr.Web]
2009-08-04 Found nothing
[VirusBlokAda VBA32]
2009-08-03 Found nothing
[Frisk F-Prot Antivirus]
2009-08-04 Found nothing
[VirusBuster]
2009-08-04 Found nothing
[F-Secure Anti-Virus]
2009-08-04 Found nothing


while scaning with malwarebytes my antivir a/v popped up and detected c:\windows\Temp\BN2.temp trojan. i didnt know what to do so i just moved it to quarantine for now. what should i do with that?

log:
Malwarebytes' Anti-Malware 1.39
Database version: 2540
Windows 5.1.2600 Service Pack 3

8/4/2009 5:05:07 PM
mbam-log-2009-08-04 (17-05-07).txt

Scan type: Quick Scan
Objects scanned: 136739
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.

#9 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 05 August 2009 - 07:57 AM

Hi china423,

A couple of the files detected and deleted by MBAM were identified as Backdoor.Bot and Stolen.Data.

Important Note: Backdoor/IRCBot Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use Backdoor Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. When infected by one of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, ALL passwords should be changed immediately, including those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.Though the Trojan has been identified and can be killed, because of it's Backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.We can attempt to clean this machine but we CANNOT guarantee that it will be 100% secure afterwards. Please post a Reply to this Topic informing me of your decision as to whether or not you will be Reformatting.

Doc.

#10 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 05 August 2009 - 11:32 AM

i dont mind doing that but how can i save some of the important files i have on my pc that i cant afford to lose

and when i restarted my pc today malwarebytes popped up and quarantined c:\windows\bn7.tmp

#11 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 05 August 2009 - 11:38 AM

i would rather try cleaning it first though because i have alot of files i cannot lose

#12 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 05 August 2009 - 08:27 PM

Hello china423,

OK, we'll try to clean the computer. But remember:

We Cannot Guarantee It's Security due to the presence of that Backdoor infection.


1. Uninstall this Program:
  • Uninstall PC Antispyware 2010 through Add or Remove Programs
  • Start --> Control Panel --> Add or Remove Programs
2. Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
    • If you use Firefox browserClick Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser[list]Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
  • For Technical Support, double-click the e-mail address located at the bottom of each menu.
3. Run this CFScript
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    Viewpoint Manager Service

    File::
    c:\windows\system32\bincd32.dat
    c:\windows\arazaqawi.dll
    c:\windows\ibupopep.dll
    C:\cchksw.exe


    Folder::
    c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}
    c:\documents and settings\All Users\Application Data\16491714
    c:\documents and settings\All Users\Application Data\92753746
    c:\documents and settings\All Users\Application Data\12743754
    c:\documents and settings\All Users\Application Data\17665624
    c:\program files\AskBarDis
    c:\program files\Viewpoint

    Extra::

  • Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
4. What I need in your next Reply:
  • ComboFix.txt
  • Any problems? What issues are you experiencing, if any. Please be detailed.
Doc.

#13 china423

china423
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 06 August 2009 - 03:52 PM

i didnt see the antispyware program listed anywhere in my add programs list.

ComboFix 09-08-06.01 - Owner 08/06/2009 15:20.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.877 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Created a new restore point

FILE ::
"C:\cchksw.exe"
"c:\windows\arazaqawi.dll"
"c:\windows\ibupopep.dll"
"c:\windows\system32\bincd32.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cchksw.exe
c:\documents and settings\All Users\Application Data\12743754
c:\documents and settings\All Users\Application Data\12743754\12743754.glu
c:\documents and settings\All Users\Application Data\16491714
c:\documents and settings\All Users\Application Data\16491714\16491714
c:\documents and settings\All Users\Application Data\17665624
c:\documents and settings\All Users\Application Data\17665624\17665624
c:\documents and settings\All Users\Application Data\92753746
c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}
c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{C1CA01F8-FA0A-4FEA-A967-633E09549F65}\install.rdf
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\History\search
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\windows\arazaqawi.dll
c:\windows\ibupopep.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :thumbup2:
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-03 17:47 . 2009-08-03 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-03 02:46 . 2009-08-04 20:45 -------- d-----w- C:\DVD_01_1
2009-08-03 02:32 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-03 01:44 . 2009-08-03 01:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinAVI
2009-08-03 01:44 . 2009-08-03 02:49 -------- d-----w- c:\program files\WinAVI Video Converter
2009-08-03 01:01 . 2009-08-03 01:01 -------- d-----w- C:\ConverterOutput
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\program files\Cucusoft
2009-08-01 21:25 . 2009-08-01 21:25 1140 ---ha-w- C:\aaw7boot.cmd
2009-08-01 15:04 . 2009-08-01 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-01 15:04 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-30 04:31 . 2009-07-30 04:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-30 04:31 . 2009-07-30 04:31 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-30 01:27 . 2009-07-30 01:27 -------- d-----w- c:\program files\Pixelan
2009-07-30 01:25 . 2009-07-30 01:25 -------- d-----w- c:\program files\Sonic Foundry
2009-07-30 01:23 . 2009-07-30 01:23 -------- d-----w- c:\program files\Common Files\eSellerate
2009-07-30 01:22 . 2004-03-29 21:23 90112 ----a-w- c:\windows\unvise32.exe
2009-07-30 01:21 . 2009-07-30 01:22 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas
2009-07-30 00:32 . 2009-07-30 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-07-29 23:41 . 2009-07-29 23:41 -------- d-----w- C:\DVDVideoSoft
2009-07-29 02:10 . 2009-07-29 02:11 -------- d-----w- c:\documents and settings\All Users\CyberLink
2009-07-29 01:06 . 2009-07-30 00:47 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-29 00:47 . 2002-01-16 13:45 224256 ----a-w- c:\windows\system32\MMIJG32.dll
2009-07-29 00:44 . 2009-07-29 00:44 120 ----a-w- c:\windows\Thofirogodinire.dat
2009-07-28 12:44 . 2009-07-28 12:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 22:22 . 2004-08-05 20:58 65536 ----a-w- c:\windows\system32\NeroCo.dll
2009-07-27 22:22 . 2004-08-04 19:19 2031616 ------w- c:\windows\UNNeroBurnRights.exe
2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\program files\Vstplugins
2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-07-19 16:46 . 2009-07-19 16:47 -------- d-----w- c:\program files\LimeWire
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-07-18 21:40 . 2009-07-18 21:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\DesktopMgr.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-18 21:40 . 2009-07-18 21:40 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-07-16 19:25 . 2009-07-16 19:26 -------- d-----w- c:\program files\iTunes
2009-07-16 19:20 . 2009-07-16 19:20 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-15 23:12 . 2009-07-15 23:12 -------- d-sh--w- c:\windows\System Volume Information
2009-07-15 20:33 . 2009-07-18 00:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-12 20:46 . 2009-07-12 20:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Prevx
2009-07-12 16:50 . 2009-07-12 16:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-12 16:33 . 2009-08-06 20:18 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 20:38 . 2007-04-11 22:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-06 20:18 . 2005-04-13 16:55 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-08-05 12:53 . 2008-06-12 20:37 256 ----a-w- c:\windows\system32\pool.bin
2009-08-05 12:41 . 2009-05-17 15:16 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-04 23:15 . 2008-09-07 16:42 -------- d-----w- c:\program files\SpywareBlaster
2009-08-04 22:55 . 2009-02-23 17:05 -------- d-----w- c:\program files\Sony
2009-08-03 03:12 . 2005-08-10 23:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-08-03 02:47 . 2009-03-09 18:14 58904 ----a-w- c:\windows\system32\azipcontmn.dll
2009-08-01 15:04 . 2009-06-05 12:17 -------- d-----w- c:\program files\Lavasoft
2009-08-01 14:38 . 2006-01-02 03:46 -------- d-----w- c:\program files\DivX
2009-08-01 14:20 . 2009-05-17 14:51 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 14:12 . 2005-08-06 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 14:12 . 2005-08-06 03:10 -------- d-----w- c:\program files\CyberLink
2009-08-01 14:07 . 2009-05-17 17:14 -------- d-----w- c:\program files\MoviePod
2009-08-01 13:09 . 2008-05-06 01:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:21 . 2009-02-23 17:05 -------- d-----w- c:\program files\Sony Setup
2009-07-30 03:52 . 2009-02-23 17:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Sony
2009-07-30 00:17 . 2006-01-17 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-29 01:48 . 2009-02-22 17:58 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-07-29 01:08 . 2009-01-26 13:26 -------- d-----w- c:\program files\QuickTime
2009-07-28 12:47 . 2009-07-12 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Prevx
2009-07-28 02:31 . 2007-07-10 15:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-07-27 22:22 . 2008-02-09 16:18 -------- d-----w- c:\program files\Ahead
2009-07-27 00:25 . 2006-01-20 01:16 -------- d-----w- c:\program files\Azureus
2009-07-26 00:14 . 2008-08-20 02:22 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2009-07-19 16:43 . 2008-10-24 00:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-18 21:40 . 2008-01-17 19:35 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-18 00:33 . 2009-05-28 02:03 -------- d-----w- c:\program files\Google
2009-07-16 19:54 . 2008-06-12 20:40 256 ----a-w- c:\documents and settings\Owner\pool.bin
2009-07-16 19:25 . 2006-02-04 20:27 -------- d-----w- c:\program files\iPod
2009-07-16 19:25 . 2007-07-11 18:53 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 01:21 . 2008-08-23 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 01:12 . 2009-03-29 00:26 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 23:19 . 2008-10-19 20:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 18:36 . 2008-08-23 22:58 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2008-08-23 22:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 21:42 . 2005-08-08 23:47 49152 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-07-12 21:42 . 2005-08-08 23:47 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-07-12 21:42 . 2005-08-08 23:47 45056 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-07-12 21:42 . 2005-08-08 23:47 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-07-12 20:59 . 2006-08-05 15:03 -------- d-----w- c:\documents and settings\Owner\Application Data\RipIt4Me
2009-07-09 21:16 . 2006-11-09 22:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 00:14 . 2005-10-24 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-03 17:09 . 2005-04-13 16:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-06-05 12:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-29 22:29 . 2009-02-07 17:40 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-06-23 03:46 . 2009-06-23 03:46 12685312 ---ha-w- c:\documents and settings\Owner\ntuser.tmp
2009-06-22 12:39 . 2008-03-03 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-16 21:08 . 2009-06-16 20:49 -------- d-----w- c:\program files\AZPR
2009-06-16 14:36 . 2005-04-13 16:56 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-04-13 16:55 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 26694 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-14 14:40 . 2009-06-14 14:40 69632 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{51D7494B-6C54-468F-98E1-1A9997C89329}\DesktopMgr.exe
2009-06-14 14:38 . 2009-06-14 14:38 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-06-11 14:35 . 2009-06-11 14:48 177844 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-05 16:42 . 2009-03-28 16:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2007-11-22 20:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 02:22 . 2005-08-09 02:32 94576 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 19:09 . 2005-04-13 16:55 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-09 06:14 . 2009-02-11 16:07 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-02-11 16:07 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2005-08-09 00:32 . 2005-08-09 00:32 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-03_22.44.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-08-03 22:40 . 2009-08-03 22:40 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-06 20:18 . 2009-08-06 20:18 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-06 20:29 . 2009-08-06 20:29 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
+ 2009-08-06 20:18 . 2009-08-06 20:18 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2009-08-03 22:40 . 2009-08-03 22:40 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-08-06 20:18 . 2009-08-06 20:18 16384 c:\windows\Temp\Cookies\index.dat
- 2009-08-03 22:40 . 2009-08-03 22:40 16384 c:\windows\Temp\Cookies\index.dat
+ 2009-08-06 12:19 . 2009-08-06 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009080620090807\index.dat
+ 2009-08-05 13:25 . 2009-08-06 00:15 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009080520090806\index.dat
+ 2009-08-04 19:53 . 2009-08-05 04:40 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009080420090805\index.dat
- 2009-08-03 12:40 . 2009-08-03 21:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009080320090804\index.dat
+ 2009-08-03 12:40 . 2009-08-03 22:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009080320090804\index.dat
+ 2009-08-04 23:41 . 2009-08-05 04:45 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{577BA317-8150-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 13:23 . 2009-08-06 00:14 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{2B19421B-81C3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 16:35 . 2009-08-05 16:41 39424 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F56EBF88-81DD-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:27 . 2009-08-05 03:28 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E8EC3F38-816F-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 16:49 . 2009-08-05 16:59 30208 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DE75F5BA-81DF-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 15:29 . 2009-08-05 15:31 95232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D5060F0C-81D4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 02:13 . 2009-08-05 02:14 95232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9488EAEA-8165-11DE-A999-0018F808FE77}.dat
+ 2009-08-04 22:17 . 2009-08-04 23:11 22528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8E8C9756-8144-11DE-A998-0018F808FE77}.dat
+ 2009-08-05 04:43 . 2009-08-05 04:43 41984 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7D298DD6-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 03:24 . 2009-08-05 03:25 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7C203044-816F-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 01:44 . 2009-08-05 01:49 27136 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{77A58FB8-8161-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 18:25 . 2009-08-05 18:26 39936 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{63D2D5CC-81ED-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 17:13 . 2009-08-05 17:14 95744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{59CF9D12-81E3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 23:41 . 2009-08-05 00:41 36864 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{577BA318-8150-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 03:23 . 2009-08-05 03:23 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{509D45C4-816F-11DE-A999-0018F808FE77}.dat
+ 2009-08-06 00:15 . 2009-08-06 00:39 35840 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49BAF4F8-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 13:24 . 2009-08-05 14:27 34816 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{475D4316-81C3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 04:41 . 2009-08-05 04:42 95744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{364521BE-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-06 20:17 . 2009-08-06 20:18 41472 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{28F7C7DA-82C6-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 21:52 . 2009-08-04 22:05 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{25CE8A66-8141-11DE-A997-0018F808FE77}.dat
+ 2009-08-05 17:12 . 2009-08-05 17:13 95232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1634CF14-81E3-11DE-A99A-0018F808FE77}.dat
- 2009-07-15 23:12 . 2009-08-03 22:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-07-15 23:12 . 2009-08-06 20:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2009-06-05 12:26 . 2009-08-06 20:18 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-05 12:26 . 2009-08-03 22:06 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2005-04-13 17:24 . 2009-08-06 20:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-04-13 17:24 . 2009-08-03 22:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-12 17:11 . 2009-08-03 12:35 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-12 17:11 . 2009-08-06 00:14 32768 c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-08-03 22:54 . 2009-08-04 01:46 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AAB3ED85-8080-11DE-A996-0018F808FE77}.dat
+ 2009-08-04 22:17 . 2009-08-04 22:17 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8E8C9755-8144-11DE-A998-0018F808FE77}.dat
+ 2009-08-06 20:18 . 2009-08-06 20:18 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{49D59287-82C6-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:15 . 2009-08-06 20:17 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{49BAF4F7-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 19:37 . 2009-08-04 21:52 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{44DDDB07-812E-11DE-A997-0018F808FE77}.dat
+ 2009-08-04 22:06 . 2009-08-04 22:06 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0E3AC7C1-8143-11DE-A997-0018F808FE77}.dat
+ 2009-08-05 02:16 . 2009-08-05 02:16 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FB6FC954-8165-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 17:25 . 2009-08-05 17:25 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F5DFE9F4-81E4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 19:55 . 2009-08-05 19:55 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F0EA15EA-81F9-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:13 . 2009-08-06 00:13 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E77C2E52-821D-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:34 . 2009-08-05 03:35 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E64ECA2E-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 23:08 . 2009-08-05 23:08 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E39A40AC-8214-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 17:17 . 2009-08-05 17:17 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DC8CD04E-81E3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 00:07 . 2009-08-04 00:08 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D8BACBBA-808A-11DE-A996-0018F808FE77}.dat
+ 2009-08-03 23:03 . 2009-08-03 23:03 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D856EFEA-8081-11DE-A996-0018F808FE77}.dat
+ 2009-08-05 04:45 . 2009-08-05 04:45 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD2C181C-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 19:54 . 2009-08-05 19:54 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9F044A0-81F9-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 17:16 . 2009-08-05 17:17 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BC68FD10-81E3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-03 22:54 . 2009-08-03 22:55 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AAB3ED86-8080-11DE-A996-0018F808FE77}.dat
+ 2009-08-05 18:27 . 2009-08-05 18:27 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA9AA5AC-81ED-11DE-A99A-0018F808FE77}.dat
+ 2009-08-03 23:02 . 2009-08-03 23:02 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A5FE075E-8081-11DE-A996-0018F808FE77}.dat
+ 2009-08-05 04:44 . 2009-08-05 04:44 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A2789A32-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-06 20:13 . 2009-08-06 20:13 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9882ACC4-82C5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:32 . 2009-08-05 03:32 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{952BC35E-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-04 01:45 . 2009-08-04 01:46 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8A7D15B2-8098-11DE-A996-0018F808FE77}.dat
+ 2009-08-05 15:34 . 2009-08-05 15:34 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8658F4CC-81D5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 18:26 . 2009-08-05 18:26 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{83DED186-81ED-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 21:03 . 2009-08-05 21:03 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{79103874-8203-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:31 . 2009-08-05 03:31 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{785B17A2-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 15:34 . 2009-08-05 15:34 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{78204DF6-81D5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 01:16 . 2009-08-04 01:16 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E2402E4-8094-11DE-A996-0018F808FE77}.dat
+ 2009-08-04 00:11 . 2009-08-04 00:11 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6BAA1854-808B-11DE-A996-0018F808FE77}.dat
+ 2009-08-06 20:12 . 2009-08-06 20:12 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{68F505B0-82C5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 12:19 . 2009-08-06 12:19 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{61C01B00-8283-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 22:07 . 2009-08-05 22:07 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54204334-820C-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 21:02 . 2009-08-05 21:02 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{520A7B68-8203-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 14:29 . 2009-08-05 14:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E080FDA-81CC-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 19:52 . 2009-08-04 19:53 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4DCAE750-8130-11DE-A997-0018F808FE77}.dat
+ 2009-08-06 20:18 . 2009-08-06 20:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49D59288-82C6-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 01:22 . 2009-08-04 01:22 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{47559BAE-8095-11DE-A996-0018F808FE77}.dat
+ 2009-08-04 19:37 . 2009-08-04 19:37 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44DDDB08-812E-11DE-A997-0018F808FE77}.dat
+ 2009-08-04 00:10 . 2009-08-04 00:10 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4388A372-808B-11DE-A996-0018F808FE77}.dat
+ 2009-08-05 17:20 . 2009-08-05 17:20 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3D71E1F6-81E4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 23:10 . 2009-08-05 23:11 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3992ABF2-8215-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 15:32 . 2009-08-05 15:33 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{397780A6-81D5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 02:17 . 2009-08-05 02:17 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2BFA29AC-8166-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 22:06 . 2009-08-05 22:06 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2B76E848-820C-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 21:01 . 2009-08-05 21:01 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2A9BD6E4-8203-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:36 . 2009-08-05 03:36 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{279CB356-8171-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 04:40 . 2009-08-05 04:41 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2722D474-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 02:17 . 2009-08-05 02:17 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B3DC7EA-8166-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 19:56 . 2009-08-05 19:56 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1877B900-81FA-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:28 . 2009-08-05 03:29 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11FE819C-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E6-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E5-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E4-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E3-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E2-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E1-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563E0-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DF-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DE-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DD-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DC-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DB-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563DA-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563D9-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 00:14 . 2009-08-06 00:14 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11A563D8-821E-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 23:09 . 2009-08-05 23:09 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0EBDCD1C-8215-11DE-A99A-0018F808FE77}.dat
+ 2009-08-04 22:06 . 2009-08-04 22:06 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E3AC7C2-8143-11DE-A997-0018F808FE77}.dat
+ 2009-08-05 00:43 . 2009-08-05 00:44 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BA4EF5A-8159-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 04:40 . 2009-08-05 04:40 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{09F78F5C-817A-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 17:18 . 2009-08-05 17:19 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{08A5EEF4-81E4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:35 . 2009-08-05 03:36 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{065AC5E8-8171-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 22:05 . 2009-08-05 22:05 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{039CF9F2-820C-11DE-A99A-0018F808FE77}.dat
+ 2009-07-12 16:50 . 2009-08-06 20:18 245760 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2005-04-13 17:24 . 2009-08-03 22:06 983040 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-13 17:24 . 2009-08-06 20:18 983040 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-05 17:17 . 2009-08-05 17:20 185344 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E8DCB512-81E3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 02:15 . 2009-08-05 02:17 177152 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DA540186-8165-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 03:26 . 2009-08-05 03:29 174592 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C72992CE-816F-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 03:33 . 2009-08-05 03:36 178176 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C60733AA-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 17:23 . 2009-08-05 17:24 148480 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A9296022-81E4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 17:15 . 2009-08-05 17:17 174080 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9CF597D6-81E3-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:18 . 2009-08-05 03:20 105984 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9CB12FEE-816E-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 04:36 . 2009-08-05 04:41 190464 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{97190330-8179-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 17:20 . 2009-08-05 17:22 157184 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{52618846-81E4-11DE-A99A-0018F808FE77}.dat
+ 2009-08-06 20:11 . 2009-08-06 20:17 179712 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{489F2110-82C5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:29 . 2009-08-05 03:32 215040 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{34196508-8170-11DE-A999-0018F808FE77}.dat
+ 2009-08-05 15:31 . 2009-08-05 15:34 179200 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1966C038-81D5-11DE-A99A-0018F808FE77}.dat
+ 2009-08-05 03:21 . 2009-08-05 03:25 218112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{097FA13C-816F-11DE-A999-0018F808FE77}.dat
+ 2008-07-20 23:38 . 2004-08-10 19:00 182912 c:\windows\$NtServicePackUninstall$\ndis.sys
- 2005-04-13 17:24 . 2009-08-03 22:06 2129920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-04-13 17:24 . 2009-08-06 20:18 2129920 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareBlaster"="c:\program files\SpywareBlaster\spywareblaster.exe" [2009-04-09 1340944]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PREVXAgent"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[־`=v%S8>grl>\=۱"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 7:17 AM 64160]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2/7/2009 12:41 PM 159600]
R1 PrevxTdi;PREVX Tdi filter;c:\windows\system32\drivers\pxtdi.sys [7/12/2009 12:34 PM 18560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 10:16 AM 108289]
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [4/9/2006 7:40 PM 5152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/23/2008 5:58 PM 211216]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2/7/2009 12:41 PM 73840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/23/2008 5:58 PM 19096]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c9df3894c7ec24;Google Update Service (gupdate1c9df3894c7ec24);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 9:04 PM 133104]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2/7/2009 12:40 PM 95640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 11:53 PM 19677]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:04]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 02:04]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex}&startPage={startPage}
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t9ciwmhy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 15:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,17,cf,ac,96,13,4d,b7,64,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,d3,17,cf,ac,96,13,4d,b7,64,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\midimap.dll

- - - - - - - > 'lsass.exe'(764)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll

- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-06 15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 20:41
ComboFix2.txt 2009-08-03 22:53

Pre-Run: 143,193,026,560 bytes free
Post-Run: 143,023,964,160 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
487 --- E O F --- 2009-08-01 13:09

#14 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 08 August 2009 - 07:38 AM

Hello china423,

1. Are you still having the same (or different) problems that brought you to this forum?

2. Did you run ATF? If so, did you run it before or after running the CFScript?

3. Please upload this file to Jotti:
  • c:\windows\system32\azipcontmn.dll
4. Please Run MBAM again
  • Same instructions as before, please post the results in a Reply to this Topic.
5. Please also post the DDS attach.txt that was produced the first time you Ran DDS.


Doc.

#15 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:09:28 AM

Posted 11 August 2009 - 07:56 PM

You still with me china423? :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users