Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.581 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\me\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
FILE ::
"c:\documents and settings\me\Start Menu\Programs\Startup\monnid32.exe"
"c:\windows\pss\monnid32.exeStartup"
"c:\windows\system32\atnfig.dll"
"C:\WINDOWS\system32\mojekeva.dll"
file zipped: c:\documents and settings\me\Application Data\cqfyto.dat
file zipped: c:\windows\Aliyobesitef.dat
file zipped: c:\windows\Lqosiwawanub.bin
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\me\Application Data\cqfyto.dat
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome.manifest
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome\content\_cfg.js
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\chrome\content\overlay.xul
c:\documents and settings\me\Local Settings\Application Data\{FE1DD508-100D-4367-97B1-E97AAEFDAD94}\install.rdf
C:\Program Files\WindowsUpdate
c:\windows\Aliyobesitef.dat
c:\windows\Lqosiwawanub.bin
.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.
2010-04-26 18:27:35 . 2008-04-14 07:14:48 153344 -c--a-w- C:\WINDOWS\system32\dllcache\dmio.sys
2010-04-26 18:27:35 . 2008-04-14 07:14:48 153344 ----a-w- C:\WINDOWS\system32\drivers\dmio.sys
2010-04-23 01:56:03 . 2009-06-07 23:16:12 819200 ----a-w- C:\WINDOWS\system32\xvidcore.dll
2010-04-23 01:56:02 . 2010-04-23 01:56:03 -------- d-----w- C:\Program Files\Xvid
2010-04-23 01:56:02 . 2009-06-07 23:24:04 180224 ----a-w- C:\WINDOWS\system32\xvidvfw.dll
2010-04-21 01:02:56 . 2010-05-01 03:12:01 -------- d-----w- C:\WINDOWS\Internet Logs
2010-04-21 00:41:00 . 2010-04-21 00:41:00 -------- d-----w- C:\Program Files\Trend Micro
2010-04-20 03:42:12 . 2010-04-20 03:42:12 -------- d-s---w- C:\Documents and Settings\NetworkService\UserData
2010-04-18 07:51:54 . 2010-04-18 07:51:54 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-18 07:51:54 . 2010-04-18 07:51:54 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2010-04-17 23:18:41 . 2010-04-17 23:18:41 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
2010-04-16 18:43:03 . 2010-04-17 23:18:22 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-16 09:11:22 . 2010-04-16 09:11:22 52224 ----a-w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-16 09:11:19 . 2010-04-30 18:22:31 117760 ----a-w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-16 09:10:46 . 2010-04-16 09:10:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-16 09:10:18 . 2010-04-16 09:10:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-04-16 09:10:18 . 2010-04-16 09:10:18 -------- d-----w- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
2010-04-15 01:37:05 . 2010-04-15 01:44:23 -------- d-----w- C:\HOPE2
2010-04-15 01:34:06 . 2010-03-30 07:46:30 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-15 01:34:03 . 2010-04-19 17:31:15 -------- d-----w- C:\Program Files\HOPE
2010-04-15 01:34:03 . 2010-03-30 07:45:52 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-12 01:24:35 . 2010-04-12 01:24:36 -------- d-----w- C:\Program Files\Winamp Detect
2010-04-10 19:44:16 . 2010-04-10 19:44:17 -------- d-----w- C:\Program Files\Apple Software Update
2010-04-09 08:27:01 . 2010-04-09 10:32:20 -------- d-----w- C:\WINDOWS\system32\wbem\Repository.001
2010-04-09 08:25:59 . 2008-04-14 12:42:36 73796 ------w- C:\WINDOWS\system32\slserv.exe
2010-04-09 08:23:23 . 2008-04-14 12:41:52 33792 -c----w- C:\WINDOWS\system32\dllcache\custsat.dll
2010-04-07 22:12:03 . 2010-04-07 22:12:03 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-04-07 22:11:59 . 2010-04-07 22:11:59 84480 ----a-w- C:\Documents and Settings\me\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-04-07 22:11:59 . 2010-04-07 22:11:59 -------- d-----w- C:\Documents and Settings\me\Application Data\SystemRequirementsLab
2010-04-07 20:26:59 . 2010-04-07 20:26:59 503808 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcp71.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:59 499712 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\jmc.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 61440 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-sse.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 348160 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-70113c7a-n\msvcr71.dll
2010-04-07 20:26:58 . 2010-04-07 20:26:58 12800 ----a-w- C:\Documents and Settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd0f2a4-n\decora-d3d.dll
2010-04-07 20:21:22 . 2010-04-07 20:20:34 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2010-04-07 18:41:35 . 2010-04-07 18:41:35 -------- d-----w- C:\VundoFix Backups
2010-04-06 20:13:15 . 2006-07-15 00:03:20 139264 ----a-w- C:\WINDOWS\system32\igfxres.dll
2010-04-06 19:58:59 . 2001-08-18 05:36:30 9216 -c--a-w- C:\WINDOWS\system32\dllcache\EXCH_rwnh.dll
2010-04-06 19:57:51 . 2002-08-29 12:00:00 10096640 -c--a-w- C:\WINDOWS\system32\dllcache\hwxcht.dll
2010-04-06 19:55:36 . 2008-04-14 07:15:08 6272 ----a-w- C:\WINDOWS\system32\drivers\splitter.sys
2010-04-06 19:55:29 . 2008-04-14 07:15:02 52864 ----a-w- C:\WINDOWS\system32\drivers\dmusic.sys
2010-04-06 19:49:56 . 2008-04-14 12:42:12 184320 ----a-w- C:\WINDOWS\system32\accwiz.exe
2010-04-06 16:32:45 . 2008-04-14 07:10:28 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2010-04-06 16:29:49 . 2008-04-14 12:41:58 4096 ----a-w- C:\WINDOWS\system32\ksuser.dll
2010-04-06 06:23:22 . 2008-04-14 12:43:22 40840 ----a-w- C:\WINDOWS\system32\drivers\termdd.sys
2010-04-06 06:23:20 . 2008-04-14 07:02:52 196224 ----a-w- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-04-06 06:21:19 . 2008-04-14 12:42:46 146432 ----a-w- C:\WINDOWS\system\winspool.drv
2010-04-06 06:21:19 . 2008-04-14 07:24:30 11264 ----a-w- C:\WINDOWS\system32\drivers\irenum.sys
2010-04-06 06:21:19 . 2002-08-29 12:00:00 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
2010-04-06 06:21:19 . 2002-08-29 12:00:00 13312 ----a-w- C:\WINDOWS\system32\irclass.dll
2010-04-06 06:21:15 . 2008-04-14 12:42:08 74752 ----a-w- C:\WINDOWS\system32\storprop.dll
2010-04-06 06:18:02 . 2010-04-06 06:18:02 -------- d-s---w- C:\WINDOWS\system32\config\systemprofile\History
2010-04-05 01:01:41 . 2007-10-22 10:39:54 267272 ----a-w- C:\WINDOWS\system32\xactengine2_10.dll
2010-04-05 01:01:39 . 2007-10-02 16:56:34 444776 ----a-w- C:\WINDOWS\system32\d3dx10_36.dll
2010-04-05 01:01:38 . 2007-10-12 22:14:00 1374232 ----a-w- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-04-05 01:01:33 . 2007-10-12 22:14:00 3734536 ----a-w- C:\WINDOWS\system32\d3dx9_36.dll
2010-04-05 01:01:30 . 2007-07-20 07:57:12 267112 ----a-w- C:\WINDOWS\system32\xactengine2_9.dll
2010-04-05 01:01:27 . 2007-07-20 01:14:42 444776 ----a-w- C:\WINDOWS\system32\d3dx10_35.dll
2010-04-05 01:01:27 . 2007-07-20 01:14:42 1358192 ----a-w- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-04-05 01:01:22 . 2007-07-20 01:14:42 3727720 ----a-w- C:\WINDOWS\system32\d3dx9_35.dll
2010-04-05 01:01:15 . 2007-10-22 10:37:16 17928 ----a-w- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-04-05 01:01:15 . 2007-06-21 03:46:04 266088 ----a-w- C:\WINDOWS\system32\xactengine2_8.dll
2010-04-05 01:01:13 . 2007-05-16 23:45:16 443752 ----a-w- C:\WINDOWS\system32\d3dx10_34.dll
2010-04-05 01:01:13 . 2007-05-16 23:45:16 1124720 ----a-w- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-04-05 01:01:05 . 2007-05-16 23:45:16 3497832 ----a-w- C:\WINDOWS\system32\d3dx9_34.dll
2010-04-05 01:00:55 . 2007-04-05 01:53:42 81768 ----a-w- C:\WINDOWS\system32\xinput1_3.dll
2010-04-05 01:00:35 . 2007-04-05 01:55:00 261480 ----a-w- C:\WINDOWS\system32\xactengine2_7.dll
2010-04-05 01:00:17 . 2007-03-15 23:57:58 443752 ----a-w- C:\WINDOWS\system32\d3dx10_33.dll
2010-04-05 01:00:17 . 2007-03-12 23:42:30 1123696 ----a-w- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-04-05 00:58:54 . 2007-03-12 23:42:30 3495784 ----a-w- C:\WINDOWS\system32\d3dx9_33.dll
2010-04-05 00:58:44 . 2007-01-24 22:27:30 255848 ----a-w- C:\WINDOWS\system32\xactengine2_6.dll
2010-04-05 00:58:37 . 2006-12-08 19:02:00 251672 ----a-w- C:\WINDOWS\system32\xactengine2_5.dll
2010-04-05 00:58:15 . 2006-11-29 20:06:18 3426072 ----a-w- C:\WINDOWS\system32\d3dx9_32.dll
2010-04-05 00:58:06 . 2007-03-05 19:42:18 15128 ----a-w- C:\WINDOWS\system32\x3daudio1_1.dll
2010-04-05 00:58:06 . 2006-09-28 23:05:56 237848 ----a-w- C:\WINDOWS\system32\xactengine2_4.dll
2010-04-05 00:58:02 . 2006-09-28 23:05:20 2414360 ----a-w- C:\WINDOWS\system32\d3dx9_31.dll
2010-04-05 00:57:54 . 2006-07-28 16:30:32 236824 ----a-w- C:\WINDOWS\system32\xactengine2_3.dll
2010-04-05 00:57:51 . 2006-07-28 16:30:14 62744 ----a-w- C:\WINDOWS\system32\xinput1_2.dll
2010-04-05 00:54:01 . 2005-05-26 22:34:52 2297552 ----a-w- C:\WINDOWS\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 02:50:20 . 2010-04-21 01:44:28 2557780 ----a-w- C:\WINDOWS\Internet Logs\tvDebug.Zip
2010-04-30 07:00:45 . 2009-02-12 01:04:13 -------- d-----w- C:\Documents and Settings\me\Application Data\EndNote
2010-04-26 18:17:12 . 2006-10-15 23:00:18 -------- d-----w- C:\Documents and Settings\me\Application Data\Lavasoft
2010-04-25 08:38:55 . 2007-09-05 18:11:44 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-21 01:21:35 . 2006-12-29 06:29:03 -------- d-----w- C:\Program Files\MOBILedit!
2010-04-21 01:20:25 . 2006-08-26 09:44:04 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-21 01:20:24 . 2006-08-26 09:44:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-04-21 01:03:58 . 2010-04-21 01:03:58 -------- d-----w- C:\Documents and Settings\me\Application Data\CheckPoint
2010-04-21 01:03:40 . 2010-04-21 01:03:40 -------- d-----w- C:\Program Files\CheckPoint
2010-04-21 01:03:38 . 2010-04-21 01:03:38 4212 ---ha-w- C:\WINDOWS\system32\zllictbl.dat
2010-04-21 01:03:27 . 2010-04-21 01:03:27 -------- d-----w- C:\Program Files\Zone Labs
2010-04-19 07:57:45 . 2006-09-04 22:57:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 01:29:21 . 2006-09-04 22:55:37 -------- d-----w- C:\Program Files\Winamp
2010-04-10 19:43:11 . 2006-09-02 15:47:15 98336 ----a-w- C:\Documents and Settings\me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 09:34:18 . 2006-09-04 22:58:27 -------- d-----w- C:\Program Files\CCleaner
2010-04-09 08:29:21 . 2006-09-04 04:41:47 88037 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2010-04-07 20:26:28 . 2006-08-26 09:29:36 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-07 20:20:18 . 2006-08-26 09:29:38 -------- d-----w- C:\Program Files\Java
2010-04-06 19:55:50 . 2010-04-06 19:55:50 2678 ----a-w- C:\WINDOWS\java\Packages\Data\SRRZD357.DAT
2010-04-06 19:55:50 . 2010-04-06 19:55:49 558142 ----a-w- C:\WINDOWS\java\Packages\13VJN7ZZ.ZIP
2010-04-06 19:55:48 . 2010-04-06 19:55:48 2678 ----a-w- C:\WINDOWS\java\Packages\Data\PVXJV7N1.DAT
2010-04-06 19:55:48 . 2010-04-06 19:55:48 155995 ----a-w- C:\WINDOWS\java\Packages\6XZZVB9R.ZIP
2010-04-06 19:55:46 . 2010-04-06 19:55:46 2678 ----a-w- C:\WINDOWS\java\Packages\Data\BBZRTFRD.DAT
2010-04-06 19:55:46 . 2010-04-06 19:55:46 2678 ----a-w- C:\WINDOWS\java\Packages\Data\A8J5J1NV.DAT
2010-04-06 19:55:45 . 2010-04-06 19:55:45 2678 ----a-w- C:\WINDOWS\java\Packages\Data\8GGA3PB9.DAT
2010-04-06 19:50:45 . 2004-08-10 18:02:15 23428 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2010-04-06 19:50:32 . 2010-04-06 19:50:22 1663 ----a-w- C:\WINDOWS\inf\COM1DF.tmp
2010-03-06 03:20:26 . 2010-02-22 11:48:05 15944 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-02-23 02:10:33 . 2010-02-23 02:10:33 12872 ----a-w- C:\WINDOWS\system32\bootdelete.exe
2007-03-09 07:12:32 . 2007-03-09 07:12:32 27648 --sha-w- C:\WINDOWS\system32\AVSredirect.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\HOPE2 ----
2010-04-15 01:40:41 . 2010-04-15 01:45:44 764 ----a-w- C:\HOPE2\mbr.txt
2010-04-15 01:37:05 . 2010-04-15 01:36:58 389120 ----a-r- C:\HOPE2\CF12226.cfxxe
2010-04-15 01:36:49 . 2009-10-25 13:11:34 77312 ----a-r- C:\HOPE2\mbr.cfxxe
---- Directory of c:\program files\HOPE ----
2010-04-19 17:30:44 . 2010-03-30 07:46:02 1086856 ----a-w- c:\program files\HOPE\hop.exe
2010-04-15 01:34:09 . 2010-04-19 17:30:48 10498 ----a-w- c:\program files\HOPE\unins000.msg
2010-04-15 01:34:08 . 2010-03-30 07:46:14 303952 ----a-w- c:\program files\HOPE\mbamservice.exe
2010-04-15 01:34:07 . 2010-03-30 07:46:12 437584 ----a-w- c:\program files\HOPE\mbamgui.exe
2010-04-15 01:34:06 . 2010-03-30 07:46:28 496976 ----a-w- c:\program files\HOPE\vbalsgrid6.ocx
2010-04-15 01:34:06 . 2010-03-30 07:46:28 46416 ----a-w- c:\program files\HOPE\ssubtmr6.dll
2010-04-15 01:34:06 . 2010-03-30 07:46:30 79696 ----a-w- c:\program files\HOPE\zlib.dll
2010-04-15 01:34:06 . 2010-02-22 02:28:34 8078 ----a-w- c:\program files\HOPE\Languages\slovenian.lng
2010-04-15 01:34:06 . 2010-03-13 05:25:50 9986 ----a-w- c:\program files\HOPE\Languages\spanish.lng
2010-04-15 01:34:06 . 2010-03-06 02:46:34 8658 ----a-w- c:\program files\HOPE\Languages\swedish.lng
2010-04-15 01:34:06 . 2010-02-20 02:29:48 8414 ----a-w- c:\program files\HOPE\Languages\turkish.lng
2010-04-15 01:34:06 . 2010-02-19 00:29:06 9392 ----a-w- c:\program files\HOPE\Languages\portuguesePT.lng
2010-04-15 01:34:06 . 2010-03-11 04:53:54 9331 ----a-w- c:\program files\HOPE\Languages\romanian.lng
2010-04-15 01:34:06 . 2010-03-05 03:18:20 8742 ----a-w- c:\program files\HOPE\Languages\russian.lng
2010-04-15 01:34:06 . 2010-02-19 06:27:14 8771 ----a-w- c:\program files\HOPE\Languages\serbian.lng
2010-04-15 01:34:06 . 2010-02-18 19:04:12 8355 ----a-w- c:\program files\HOPE\Languages\slovak.lng
2010-04-15 01:34:06 . 2010-03-08 10:26:24 8878 ----a-w- c:\program files\HOPE\Languages\latvian.lng
2010-04-15 01:34:06 . 2010-03-03 03:22:30 9662 ----a-w- c:\program files\HOPE\Languages\macedonian.lng
2010-04-15 01:34:06 . 2010-03-06 06:27:22 8147 ----a-w- c:\program files\HOPE\Languages\norwegian.lng
2010-04-15 01:34:06 . 2010-02-17 11:06:40 8624 ----a-w- c:\program files\HOPE\Languages\polish.lng
2010-04-15 01:34:06 . 2010-02-17 19:47:06 9284 ----a-w- c:\program files\HOPE\Languages\portugueseBR.lng
2010-04-15 01:34:06 . 2010-02-23 17:40:46 9309 ----a-w- c:\program files\HOPE\Languages\italian.lng
2010-04-15 01:34:06 . 2010-02-19 05:51:04 7082 ----a-w- c:\program files\HOPE\Languages\korean.lng
2010-04-15 01:34:06 . 2010-02-18 00:54:28 6252 ----a-w- c:\program files\HOPE\Languages\hebrew.lng
2010-04-15 01:34:06 . 2010-03-13 22:49:40 9404 ----a-w- c:\program files\HOPE\Languages\hungarian.lng
2010-04-15 01:34:06 . 2010-02-19 04:50:28 8287 ----a-w- c:\program files\HOPE\Languages\finnish.lng
2010-04-15 01:34:06 . 2010-02-12 18:47:08 9901 ----a-w- c:\program files\HOPE\Languages\french.lng
2010-04-15 01:34:06 . 2010-03-13 15:43:24 9880 ----a-w- c:\program files\HOPE\Languages\german.lng
2010-04-15 01:34:06 . 2010-02-23 06:56:32 9663 ----a-w- c:\program files\HOPE\Languages\greek.lng
2010-04-15 01:34:06 . 2010-03-23 20:58:50 8726 ----a-w- c:\program files\HOPE\Languages\croatian.lng
2010-04-15 01:34:06 . 2010-02-20 15:16:46 8401 ----a-w- c:\program files\HOPE\Languages\czech.lng
2010-04-15 01:34:06 . 2010-02-19 03:59:00 8787 ----a-w- c:\program files\HOPE\Languages\danish.lng
2010-04-15 01:34:06 . 2010-03-06 08:25:10 9325 ----a-w- c:\program files\HOPE\Languages\dutch.lng
2010-04-15 01:34:06 . 2010-02-12 03:58:26 8089 ----a-w- c:\program files\HOPE\Languages\english.lng
2010-04-15 01:34:06 . 2010-03-14 02:50:26 8323 ----a-w- c:\program files\HOPE\Languages\estonian.lng
2010-04-15 01:34:06 . 2010-03-28 20:24:42 5365 ----a-w- c:\program files\HOPE\Languages\chineseSI.lng
2010-04-15 01:34:06 . 2010-03-14 21:07:58 6050 ----a-w- c:\program files\HOPE\Languages\chineseTR.lng
2010-04-15 01:34:06 . 2010-03-13 23:39:34 8948 ----a-w- c:\program files\HOPE\Languages\bulgarian.lng
2010-04-15 01:34:06 . 2010-03-06 02:29:50 9353 ----a-w- c:\program files\HOPE\Languages\catalan.lng
2010-04-15 01:34:06 . 2010-02-19 21:57:02 8878 ----a-w- c:\program files\HOPE\Languages\belarusian.lng
2010-04-15 01:34:06 . 2010-03-04 06:32:28 8744 ----a-w- c:\program files\HOPE\Languages\bosnian.lng
2010-04-15 01:34:04 . 2010-03-29 23:11:08 1705 ----a-w- c:\program files\HOPE\changes.rtf
2010-04-15 01:34:04 . 2009-01-05 02:31:04 4124 ----a-w- c:\program files\HOPE\license.txt
2010-04-15 01:34:04 . 2010-03-30 07:46:02 350032 ----a-w- c:\program files\HOPE\mbam.dll
2010-04-15 01:34:04 . 2010-03-29 21:51:52 35157 ----a-w- c:\program files\HOPE\mbam.chm
2010-04-15 01:34:03 . 2010-03-30 07:46:00 85328 ----a-w- c:\program files\HOPE\mbamext.dll
2010-04-15 01:34:03 . 2010-04-19 17:30:48 42687 ----a-w- c:\program files\HOPE\unins000.dat
2010-04-15 01:34:03 . 2010-04-19 17:30:18 705360 ----a-w- c:\program files\HOPE\unins000.exe
((((((((((((((((((((((((((((( SnapShot@2010-04-15_01.40.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 02:44:34 . 2010-05-01 02:44:34 16384 C:\WINDOWS\temp\Perflib_Perfdata_d4.dat
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:42 99208 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:50 65928 C:\WINDOWS\system32\ZoneLabs\zatray.exe
+ 2010-04-21 01:03:30 . 2009-11-22 22:43:00 20872 C:\WINDOWS\system32\ZoneLabs\lib\zsys.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 14216 C:\WINDOWS\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 43912 C:\WINDOWS\system32\ZoneLabs\lib\zfde.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 85384 C:\WINDOWS\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 37256 C:\WINDOWS\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 18824 C:\WINDOWS\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 10120 C:\WINDOWS\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 11144 C:\WINDOWS\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 14216 C:\WINDOWS\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12168 C:\WINDOWS\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 11144 C:\WINDOWS\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 29064 C:\WINDOWS\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 12680 C:\WINDOWS\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:56 35720 C:\WINDOWS\system32\ZoneLabs\lib\Alert.zip.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:36 38280 C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:36 98184 C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2010-04-21 01:03:38 . 2009-11-22 22:42:36 74632 C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:40 69000 C:\WINDOWS\system32\zlcomm.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:40 41864 C:\WINDOWS\system32\vswmi.dll
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:40 58248 C:\WINDOWS\system32\vsregexp.dll
+ 2004-08-10 17:51:20 . 2010-04-26 18:45:40 80726 C:\WINDOWS\system32\perfc009.dat
- 2004-08-10 17:51:20 . 2010-04-09 10:37:00 80726 C:\WINDOWS\system32\perfc009.dat
- 2007-06-17 20:59:06 . 2009-09-13 23:32:49 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-06-17 20:59:06 . 2010-04-24 17:35:04 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-04-16 18:43:27 . 2010-04-16 18:43:27 98336 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 65024 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 18944 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-04-16 09:10:31 . 2010-04-19 17:40:32 5120 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:42 141192 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2010-04-21 01:03:37 . 2009-11-22 22:42:40 172936 C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 210824 C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2010-04-21 01:03:36 . 2007-10-11 23:51:34 832984 C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:38 434568 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:38 135048 C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2010-04-21 01:03:37 . 2009-07-14 06:58:50 722392 C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:43:00 119688 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 267656 C:\WINDOWS\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 175496 C:\WINDOWS\system32\ZoneLabs\lib\Overview.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 368008 C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:58 139144 C:\WINDOWS\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:56 376712 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2010-04-21 01:02:55 . 2009-10-10 03:33:50 579048 C:\WINDOWS\system32\ZoneLabs\icslta.dll
+ 2010-04-21 01:03:38 . 2008-03-17 23:52:02 813568 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2010-04-21 01:03:36 . 2009-11-22 22:42:40 103816 C:\WINDOWS\system32\zlcommdb.dll
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:40 109960 C:\WINDOWS\system32\vsxml.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 621960 C:\WINDOWS\system32\vsutil.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:42:40 299912 C:\WINDOWS\system32\vspubapi.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:42:40 107912 C:\WINDOWS\system32\vsmonapi.dll
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:40 227720 C:\WINDOWS\system32\vsinit.dll
+ 2010-04-21 01:03:27 . 2009-11-22 22:42:54 486280 C:\WINDOWS\system32\vsdatant.sys
+ 2010-04-21 01:02:55 . 2009-11-22 22:42:38 112008 C:\WINDOWS\system32\vsdata.dll
- 2004-08-10 17:51:20 . 2010-04-09 10:37:00 462298 C:\WINDOWS\system32\perfh009.dat
+ 2004-08-10 17:51:20 . 2010-04-26 18:45:40 462298 C:\WINDOWS\system32\perfh009.dat
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 256280 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-04-21 01:03:29 . 2009-11-22 22:42:44 1238408 C:\WINDOWS\system32\zpeng25.dll
+ 2010-04-21 01:03:30 . 2009-11-22 22:42:40 1789320 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2010-04-21 01:03:28 . 2009-11-22 22:44:16 2384240 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2010-04-21 01:03:29 . 2009-11-22 22:43:00 1536392 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 3884312 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2010-04-16 09:10:31 . 2010-04-16 09:10:31 1583616 C:\WINDOWS\Installer\1aa1066.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 19:28:36 2010864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 18:43:18 248040]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 16:48:02 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 13:08:42 1347584]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 00:05:30 1117184]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 21:30:44 282624]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-07-29 11:07:57 188416]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 01:15:14 290816]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 10:12:00 98304]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 19:58:52 1032192]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 20:57:24 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 13:24:52 286720]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 05:13:52 208952]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-15 00:07:26 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-15 00:04:10 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-15 00:08:08 118784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 22:42:50 1037192]
"ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 13:30:06 730480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:42:18 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2002-08-29 12:00:00 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-10-22 323584]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20:00 122940 ----a-w- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-13 06:58:16 188416 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 23:30:30 249856 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 23:30:30 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 21:42:04 267064 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 21:53:40 169264 ----a-w- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40:44 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-13 23:28:08 185872 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Spooler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15:58 AM 66632]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 6:30:02 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 6:30:26 AM 476528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [9/18/2008 7:23:19 PM 24652]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15:58 AM 12872]
S3 cpudrv;cpudrv;C:\Program Files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58:52 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [8/2/2005 2:10:13 PM 32512]
S3 XDva090;XDva090;\??\C:\WINDOWS\system32\XDva090.sys --> C:\WINDOWS\system32\XDva090.sys [?]
S3 XDva190;XDva190;\??\C:\WINDOWS\system32\XDva190.sys --> C:\WINDOWS\system32\XDva190.sys [?]
S3 XDva269;XDva269;\??\C:\WINDOWS\system32\XDva269.sys --> C:\WINDOWS\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\C:\WINDOWS\system32\XDva275.sys --> C:\WINDOWS\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\C:\WINDOWS\system32\XDva279.sys --> C:\WINDOWS\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\C:\WINDOWS\system32\XDva288.sys --> C:\WINDOWS\system32\XDva288.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\xdvvoe8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 20:14:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(872)
C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-04-30 20:17:43
ComboFix-quarantined-files.txt 2010-05-01 03:17:40
ComboFix2.txt 2010-04-26 18:49:14
ComboFix3.txt 2010-04-15 01:44:18
ComboFix4.txt 2010-04-07 18:38:57
Pre-Run: 29,191,520,256 bytes free
Post-Run: 29,127,155,712 bytes free
- - End Of File - - 5C609CC005011FAEEAFB3B3826824FF4