Malwarebytes Forum > help with amstrea.dll..... can't get it removed

Full Version: help with amstrea.dll..... can't get it removed

Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs

SteveO311t

Jun 22 2009, 01:14 AM

Here is my log
Malwarebytes' Anti-Malware 1.36
Database version: 2106
Windows 5.1.2600 Service Pack 3

6/21/2009 9:01:00 PM
mbam-log-2009-06-21 (21-00-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 135362
Time elapsed: 30 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9378a425-7d12-4ff4-b654-2bf063dd013d} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\amstrea.dll (Trojan.BHO.H) -> No action taken.
C:\Documents and Settings\Stephen Hall\Local Settings\Temp\sucmbdxy.dat (Rootkit.Agent) -> No action taken.

Basically after restart all these things remain on the computer have used Bitdefender... Malwarebytes and Stopzilla and they all detect the virus but can't remove it after reboot. I have tried to manually remove amstrea and the infected registry files and it won't work. Have tried to use unlockers, registry editor, aftermarket reg edits, in safe and normal modes tried to remove it with system restore off. When trying to manually remove I think I have my permissions set right but I can't remove it and I also can't change my permissions when logged in to my normal or admin accounts. Any insight would be much appreciated.

miekiemoes

Jun 22 2009, 12:26 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

SteveO311t

Jun 22 2009, 01:37 PM

Here is my log

ComboFix 09-06-21.01 - Stephen Hall 06/22/2009 9:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2139 [GMT -4:00]
Running from: c:\documents and settings\Stephen Hall\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\amstrea.dll
c:\windows\system32\drivers\ewmfauqq.sys
c:\windows\system32\drivers\uydjcdsj.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EWMFAUQQ
-------\Service_ewmfauqq

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-15 06:03 . 2009-06-15 06:03 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\Sammsoft
2009-06-15 06:03 . 2009-06-15 06:03 -------- d-----w- c:\program files\Advanced Registry Optimizer
2009-06-15 06:00 . 2009-06-15 06:00 -------- d-----w- c:\program files\STOPzilla!
2009-06-13 16:31 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-13 16:31 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-13 16:30 . 2009-06-13 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-13 16:26 . 2009-06-13 16:26 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.17.0\SetupAdmin.exe
2009-06-13 16:25 . 2009-06-13 16:25 -------- d-----w- c:\program files\QuickTime
2009-06-11 15:01 . 2009-06-11 15:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-10 21:12 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 21:12 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 00:52 . 2009-06-10 00:52 152576 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Microsoft
2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-08 22:30 . 2009-06-08 22:30 -------- d-----w- c:\program files\Windows Live
2009-06-08 22:26 . 2009-06-08 22:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-28 18:16 . 2009-05-28 18:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 18:15 . 2009-05-28 18:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 18:14 . 2009-05-28 18:14 540672 ----a-r- c:\windows\system32\SZComp5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 13:33 . 2008-07-08 04:28 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-22 13:30 . 2009-05-18 05:59 -------- d-----w- c:\program files\DNA
2009-06-22 13:30 . 2009-05-18 05:59 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\DNA
2009-06-22 13:30 . 2009-06-22 13:30 1392 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-22 13:30 . 2009-03-22 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-22 13:30 . 2009-06-22 13:30 800 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-06-21 03:35 . 2009-03-16 18:39 1 ----a-w- c:\documents and settings\Stephen Hall\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-13 16:33 . 2009-03-16 18:45 -------- d-----w- c:\program files\Safari
2009-06-13 16:31 . 2008-03-04 15:44 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 16:31 . 2008-02-27 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-10 00:52 . 2009-03-10 11:32 -------- d-----w- c:\program files\Java
2009-06-08 22:45 . 2009-03-16 18:45 26040 ---ha-w- c:\windows\system32\mlfcache.dat
2009-06-08 22:31 . 2009-03-17 15:56 26848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-23 17:31 . 2009-05-18 06:00 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\BitTorrent
2009-05-23 17:27 . 2009-05-18 05:59 -------- d-----w- c:\program files\BitTorrent
2009-05-21 15:33 . 2008-12-05 18:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 03:30 . 2009-03-22 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-11 03:56 . 2009-05-11 03:54 53248 ----a-w- c:\windows\PSEXESVC.EXE
2009-05-11 02:14 . 2009-05-11 02:14 -------- d-----w- c:\program files\MSBuild
2009-05-11 02:14 . 2009-05-11 02:14 -------- d-----w- c:\program files\Reference Assemblies
2009-05-11 01:53 . 2009-04-01 17:21 152576 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-11 00:26 . 2009-05-11 00:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-11 00:21 . 2009-05-11 00:21 -------- d-----w- c:\program files\Trend Micro
2009-05-09 17:07 . 2008-02-12 17:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-09 17:06 . 2008-02-12 17:22 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-08 21:00 . 2009-05-08 21:00 -------- d--h--r- c:\documents and settings\Stephen Hall\Application Data\SecuROM
2009-05-08 20:50 . 2009-03-18 20:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\documents and settings\Stephen Hall\Application Data\PnkBstrK.sys
2009-05-08 20:43 . 2009-05-08 20:43 22328 ----a-w- c:\documents and settings\Stephen Hall\Application Data\PnkBstrK.sys
2009-05-08 20:43 . 2009-05-08 20:43 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-08 20:43 . 2009-05-08 20:43 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-08 20:43 . 2009-05-08 20:43 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-08 20:33 . 2009-03-18 17:04 -------- d-----w- c:\program files\Ubisoft
2009-05-08 20:33 . 2007-12-06 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:32 . 2008-08-22 00:07 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 18:15 . 2007-12-06 23:02 -------- d-----w- c:\program files\World of Warcraft
2009-05-04 02:30 . 2009-05-04 02:30 -------- d-----w- c:\program files\JRE
2009-05-04 02:30 . 2009-03-16 18:35 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-04 02:29 . 2009-05-04 02:29 -------- d-----w- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files
2009-05-02 00:16 . 2009-05-02 00:16 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\TeamViewer
2009-05-01 04:31 . 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 04:31 . 2009-05-01 04:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 04:31 . 2009-05-01 04:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 04:31 . 2009-05-01 04:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 04:31 . 2009-05-01 04:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 04:31 . 2009-05-01 04:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 04:31 . 2009-05-01 04:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 02:02 . 2009-05-01 02:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 02:02 . 2009-05-01 02:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 02:02 . 2009-05-01 02:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 02:02 . 2007-12-06 09:17 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 02:02 . 2007-12-05 06:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 02:02 . 2005-12-28 09:01 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 02:02 . 2005-12-28 09:01 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 02:02 . 2005-12-28 09:01 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 02:02 . 2005-12-28 09:01 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 02:02 . 2005-12-28 09:01 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 02:02 . 2005-12-28 09:01 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-30 02:55 . 2009-04-27 17:44 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\SUPERAntiSpyware.com
2009-04-30 02:55 . 2009-04-27 17:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-04-30 02:54 . 2009-04-08 22:04 -------- d-----w- c:\program files\Registrar Registry Manager
2009-04-27 17:44 . 2009-04-27 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-27 06:40 . 2009-04-27 06:40 -------- d-----w- c:\documents and settings\Stephen Hall\Application Data\Malwarebytes
2009-04-27 06:39 . 2009-04-27 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 04:42 . 2007-12-06 09:09 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-26 01:54 . 2009-04-26 01:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2009-04-17 12:26 . 2008-08-22 00:07 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 20:52 . 2009-04-17 05:26 503808 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Mozilla\Firefox\Profiles\pf5mtp2b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-04-16 20:51 . 2009-04-17 05:26 81920 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Mozilla\Firefox\Profiles\pf5mtp2b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 20:06 . 2008-04-06 22:54 117092 ----a-w- c:\windows\hpoins11.dat
2009-04-07 06:42 . 2009-04-07 06:42 12800 ----a-w- c:\windows\system32\BD039164CB-0.exe
2009-04-06 19:32 . 2009-05-11 00:26 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2009-05-11 00:26 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-03 16:39 . 2009-04-03 16:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
2009-03-24 21:47 . 2009-03-24 22:28 38200 ----a-w- c:\documents and settings\Stephen Hall\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-03-24 03:11 . 2009-03-24 03:11 5018 --sh--w- c:\windows\system32\visujowo.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_03.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-22 13:30 . 2009-06-22 13:30 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2009-06-22 12:07 . 2009-06-22 12:07 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2009-06-22 13:30 . 2009-06-22 13:30 16384 c:\windows\Temp\Perflib_Perfdata_108.dat
- 2006-02-28 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-13 16:29 . 2009-06-05 15:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys
+ 2009-06-13 16:29 . 2009-06-05 15:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2009-06-13 16:31 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
- 2006-02-28 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-06 09:06 . 2009-05-08 19:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-06 09:06 . 2009-06-13 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-08 22:30 . 2009-06-08 22:30 58945 c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-06-10 22:02 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-10 22:02 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\532438e2acfcadc469a4d468c51f8451\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\597b20e1b053d6a510cfe033c07a63e6\System.AddIn.Contract.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\790cf1edb17ee41b59be62ecbd59613b\Microsoft.Vsa.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\28343d470d992f169ca0e7cdb3cc3117\Microsoft.Build.Framework.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-05-11 21:40 . 2008-10-16 18:06 268648 c:\windows\system32\mucltui.dll
+ 2009-06-10 00:52 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe
- 2009-04-01 17:22 . 2009-03-09 09:19 148888 c:\windows\system32\javaws.exe
+ 2009-06-10 00:52 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe
- 2009-04-01 17:22 . 2009-03-09 09:19 144792 c:\windows\system32\javaw.exe
+ 2009-06-10 00:52 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe
- 2009-04-01 17:22 . 2009-03-09 09:19 144792 c:\windows\system32\java.exe
+ 2006-02-28 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2007-12-07 04:47 . 2009-06-10 22:41 145216 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-13 16:31 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2006-02-28 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2006-02-28 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-13 16:33 . 2009-06-13 16:33 307200 c:\windows\Installer\{C5C649A8-1D21-4C83-9B08-7B3752E580F4}\SafariIco.exe
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-06-10 22:02 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-10 22:02 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-10 22:02 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-10 22:02 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-10 22:02 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-10 22:02 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
+ 2009-05-11 12:19 . 2009-05-11 12:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\519d9c618341b136f9b963ffb7495308\System.Net.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1d3fbbd23ce1e8637ef4f40a8d23cd32\System.Management.Instrumentation.ni.dll
+ 2009-05-11 12:16 . 2009-05-11 12:16 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\7c367a96b10d626ec8cbf8149272d845\System.IO.Log.ni.dll
+ 2009-05-11 12:16 . 2009-05-11 12:16 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\68e71147704ef0d34d9a4bece7767fc5\System.IdentityModel.Selectors.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8b3bb7a2c2f3ffe94c866283f1cd5957\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a4b887f476fa4b8746a93a9fc2208560\System.Data.Services.Client.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1cf3acad6553d6c59df576794f4e8bd6\System.Data.Services.Design.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\392de34573f9f8ec885714f2f3e7f07f\System.Data.Entity.Design.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\1db495ff00bbd14df4af6680c4de0653\System.Data.DataSetExtensions.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\de514e484e49b04b016949d57ffac03e\System.Configuration.Install.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\ce984d754e3c0b6be4504b785cc43574\System.AddIn.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\045dd501b7257b1cc26083538ae69045\SMSvcHost.ni.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9790551187e294b4ed3aaa1c221891c7\SMDiagnostics.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\10a0c9707876fc1f65e64b811a28b020\ServiceModelReg.ni.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\6d38e317128608bc4516ea46ab94590e\MSBuild.ni.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4217124db1ea5de5f1a1f3eea75e8d32\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\9b321ebf67587237f576df6104a32588\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\12629e2f3e315459bee67cbbaac85cb2\ComSvcConfig.ni.exe
+ 2009-05-11 12:17 . 2009-05-11 12:17 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-05-11 03:56 . 2007-11-30 11:18 382840 c:\windows\$NtUninstallKB961118$\spuninst\updspapi.dll
+ 2009-05-11 03:56 . 2007-11-30 11:18 231288 c:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe
+ 2006-02-28 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-06-13 16:29 . 2009-06-05 15:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll
+ 2009-06-13 16:29 . 2009-06-05 15:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2008-10-15 15:43 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-28 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
- 2007-12-07 07:49 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2007-12-07 07:49 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-06-10 22:02 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-10 22:02 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-10 22:02 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
+ 2009-05-11 12:19 . 2009-05-11 12:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
+ 2009-05-11 12:16 . 2009-05-11 12:16 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
+ 2009-05-11 12:16 . 2009-05-11 12:16 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c2de8479e54852f56996f79bc93acb13\System.IdentityModel.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\543aced762f6b0c3f8e037955941afc6\System.DirectoryServices.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\a6b58624486714fa71e5e35186850ff0\System.Deployment.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\826b09ab0d0e36f4d631b4cd335df511\System.Data.SqlXml.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\956a513dcbd44d5a6801840ef2b0b47b\System.Data.Services.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6479f975b105808a8d9e7a7fdc762551\System.Data.Entity.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1c86afc399d0fdd8e069266ffbe748d1\Microsoft.VisualBasic.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6b2f62f5e981913fce1d223f645d9ddf\Microsoft.Transactions.Bridge.ni.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b261961046545831aa60963e84905968\Microsoft.JScript.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\bd241492d96db39f20e758c13c845033\Microsoft.Build.Tasks.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a47100d8f4574bed2d49d83d0ab8964e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6cfe582681724965fb817e8ece5f0909\Microsoft.Build.Engine.ni.dll
+ 2009-04-08 21:44 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2007-12-07 07:49 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-06-10 22:02 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-05-11 12:18 . 2009-05-11 12:18 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
+ 2009-05-11 12:17 . 2009-05-11 12:17 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Reaper Gaming Mouse"="c:\progra~1\Ideazon\Reaper\Reaper_Settings.exe" [2006-11-22 1507328]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\documents and settings\Stephen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-26 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-18 321344]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-04-09 2135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-13 81920]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-10-18 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-18 16264192]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Documents and Settings\\Stephen Hall\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:6881
"6999:TCP"= 6999:TCP:6999
"6998:TCP"= 6998:TCP:6998
"6997:TCP"= 6997:TCP:6997
"6996:TCP"= 6996:TCP:6996
"6112:TCP"= 6112:TCP:blizzard Downloader
"3724:TCP"= 3724:TCP:3724
"6882:TCP"= 6882:TCP:6882
"6883:TCP"= 6883:TCP:6883
"6884:TCP"= 6884:TCP:6884
"6885:TCP"= 6885:TCP:6885
"6886:TCP"= 6886:TCP:6886
"6887:TCP"= 6887:TCP:6887
"6888:TCP"= 6888:TCP:6888
"6889:TCP"= 6889:TCP:6889

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R3 cmudaxp;Razer Barracuda AC-1 Gaming Interface;c:\windows\system32\drivers\cmudaxp.sys [1/22/2008 9:55 AM 1395840]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/24/2009 6:29 PM 33176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EWMFAUQQ
*Deregistered* - ewmfauqq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-152049171-839522115-1004.job
- c:\documents and settings\Stephen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-26 03:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 09:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:8c,df,03,6f,9f,62,5e,88,68,2f,09,6a,ba,7c,9e,5e,45,fc,1b,d4,5a,
a6,1f,dc,26,4b,b4,0d,7a,9d,21,9a,b9,fe,82,a1,9f,c1,b8,82,2a,93,a8,33,50,c0,\
"rkeysecu"=hex:5b,fc,aa,20,af,e0,a0,97,84,f6,e2,85,da,cb,18,03
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Ideazon\Reaper\Reaper_Settings.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-06-22 9:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 13:34
ComboFix2.txt 2009-05-11 03:05

Pre-Run: 267,419,553,792 bytes free
Post-Run: 267,752,751,104 bytes free

435 --- E O F --- 2009-06-10 22:03

miekiemoes

Jun 22 2009, 01:46 PM

Hi,

Navigate to and delete the following file:

c:\windows\system32\visujowo.dll

It's a hidden file, so make sure hidden files and folders are shown.

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

miekiemoes

Jul 7 2009, 09:05 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.