here are the 3 log files:
ComboFix 09-09-02.02 - DENNIS 09/03/2009 20:42.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1926 [GMT -4:00]
Running from: c:\users\DENNIS.Dennis-PC\Desktop\ComboFix.exe
Command switches used :: c:\users\DENNIS.Dennis-PC\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\temp
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\Pam\AppData\Local\temp
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\Dennis\AppData\Local\temp
2009-09-04 00:45 . 2009-09-04 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-02 20:35 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:35 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-01 21:10 . 2009-09-01 21:11 -------- d-----w- c:\program files\ERUNT
2009-08-31 20:56 . 2009-08-31 20:56 1137360 ----a-w- C:\fsbl.exe
2009-08-30 02:00 . 2009-08-31 20:49 -------- d-----w- C:\rsit
2009-08-28 17:34 . 2009-08-28 17:34 -------- d-----w- c:\users\Pam\AppData\Roaming\Malwarebytes
2009-08-27 07:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 00:31 . 2009-08-25 00:31 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Roaming\Malwarebytes
2009-08-25 00:31 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 00:31 . 2009-08-25 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 00:31 . 2009-08-25 00:31 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 00:31 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 00:24 . 2009-08-25 00:24 -------- d-----w- c:\program files\Trend Micro
2009-08-24 23:59 . 2001-10-04 04:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2009-08-24 22:19 . 2009-08-24 22:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-24 19:16 . 2009-08-24 19:16 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\Apple
2009-08-20 15:10 . 2009-08-20 15:10 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\Roxio
2009-08-19 23:43 . 2009-08-19 23:43 -------- d-----w- c:\users\Pam\AppData\Local\Mozilla
2009-08-19 23:21 . 2009-08-19 23:21 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\Mozilla
2009-08-19 21:37 . 2009-08-23 17:05 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\Adobe
2009-08-19 21:12 . 2009-08-19 21:12 -------- d-----w- C:\3f48cbb0d3a0979353f8153d3f9e7c59
2009-08-19 00:44 . 2009-08-19 00:44 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-19 00:43 . 2009-08-19 20:28 -------- d-----w- c:\program files\Common Files\Real
2009-08-18 02:25 . 2009-08-18 02:25 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Local\Google
2009-08-18 02:24 . 2009-08-18 02:24 121408 ----a-w- c:\users\DENNIS.Dennis-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-18 02:24 . 2009-08-18 02:24 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Roaming\Logitech
2009-08-18 02:24 . 2009-08-18 02:24 -------- d-----w- c:\users\DENNIS.Dennis-PC\AppData\Roaming\Symantec
2009-08-13 07:03 . 2009-08-13 07:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-08-12 20:39 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 20:39 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 20:39 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 20:38 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 20:38 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 20:38 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 20:38 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 20:38 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 22:00 . 2008-12-20 16:03 -------- d-----w- c:\programdata\NOS
2009-09-03 22:00 . 2008-12-20 16:03 -------- d-----w- c:\program files\NOS
2009-09-03 21:57 . 2007-09-19 21:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-19 21:08 . 2007-09-12 11:00 -------- d-----w- c:\program files\Google
2009-08-19 20:25 . 2008-10-19 16:59 -------- d-----w- c:\programdata\Viewpoint
2009-08-18 02:23 . 2009-08-18 02:23 -------- d--h--w- c:\users\DENNIS.Dennis-PC\AppData\Roaming\GTek
2009-08-13 07:09 . 2007-10-06 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:03 . 2009-04-26 01:59 -------- d-----w- c:\programdata\Microsoft Help
2009-08-13 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-25 15:26 . 2007-09-20 13:58 121408 ----a-w- c:\users\Pam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 21:42 . 2007-09-12 11:00 -------- d-----w- c:\program files\Microsoft Works
2009-07-21 21:52 . 2009-07-29 17:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-12 03:14 . 2009-05-31 02:58 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-06-15 15:24 . 2009-07-15 11:51 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 11:51 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 11:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 11:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2007-09-12 18:17 . 2007-09-12 18:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-09-03_01.39.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-02 20:35 . 2009-08-29 00:19 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\Apphlpdm.dll
+ 2009-09-02 20:35 . 2009-08-29 00:14 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\Apphlpdm.dll
+ 2009-09-02 20:35 . 2009-08-28 12:24 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\Apphlpdm.dll
+ 2009-09-02 20:35 . 2009-08-28 12:39 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\Apphlpdm.dll
+ 2009-09-02 20:35 . 2009-08-29 03:32 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\Apphlpdm.dll
+ 2009-09-02 20:35 . 2009-08-29 03:40 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\Apphlpdm.dll
+ 2007-09-12 11:07 . 2009-09-03 22:01 41518 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-09-12 11:07 . 2009-09-03 00:23 41518 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-03 22:01 80328 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-28 14:44 . 2009-09-03 02:04 88589 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2007-09-19 21:44 . 2009-09-04 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-19 21:44 . 2009-09-03 01:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-19 21:44 . 2009-09-03 01:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-19 21:44 . 2009-09-04 00:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-19 21:44 . 2009-09-04 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-19 21:44 . 2009-09-03 01:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-02 20:35 . 2009-08-29 00:24 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\AcRes.dll
+ 2009-09-02 20:35 . 2009-08-28 10:09 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\AcRes.dll
+ 2009-09-02 20:35 . 2009-08-28 23:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\AcRes.dll
+ 2009-09-02 20:35 . 2009-08-28 23:15 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\AcRes.dll
+ 2007-10-08 16:28 . 2009-09-03 21:57 2464 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-08-19 21:10 . 2009-09-03 01:40 3562 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2176694402-3255639231-4089149711-1003_UserData.bin
+ 2007-09-26 12:45 . 2009-09-03 22:01 7250 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2176694402-3255639231-4089149711-1002_UserData.bin
+ 2009-09-03 21:58 . 2009-09-03 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-03 21:58 . 2009-09-03 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-02 20:35 . 2009-08-29 02:46 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-29 02:46 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-29 02:30 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-29 02:30 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-28 12:24 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-28 12:24 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-28 12:39 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-28 12:38 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-29 03:31 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-29 03:31 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-29 03:40 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcXtrnal.dll
+ 2009-09-02 20:35 . 2009-08-29 03:40 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-29 02:46 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-29 02:30 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-28 12:24 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-28 12:38 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-29 03:31 450560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-29 03:40 449024 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\AcSpecfc.dll
+ 2008-09-25 10:04 . 2009-09-04 00:22 346612 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-09-03 22:03 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-03 00:26 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-03 00:26 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-03 22:03 101144 c:\windows\System32\perfc009.dat
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\System32\Macromed\Flash\FlashUtil10c.exe
- 2009-07-25 15:26 . 2009-09-03 01:33 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-25 15:26 . 2009-09-04 00:37 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-02 20:35 . 2009-08-28 12:39 173056 c:\windows\AppPatch\AcXtrnal.dll
- 2009-08-26 08:59 . 2009-06-05 12:34 173056 c:\windows\AppPatch\AcXtrnal.dll
- 2009-08-26 08:59 . 2009-06-05 12:33 459776 c:\windows\AppPatch\AcSpecfc.dll
+ 2009-09-02 20:35 . 2009-08-28 12:38 459776 c:\windows\AppPatch\AcSpecfc.dll
- 2009-08-26 08:59 . 2009-06-05 12:33 541696 c:\windows\AppPatch\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-28 12:38 541696 c:\windows\AppPatch\AcLayers.dll
+ 2009-09-02 20:35 . 2009-08-29 00:34 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-29 02:47 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\gameux.dll
+ 2009-09-02 20:35 . 2009-08-29 00:27 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-28 10:19 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-28 12:25 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\gameux.dll
+ 2009-09-02 20:35 . 2009-08-28 10:15 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-28 23:26 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-29 03:33 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\gameux.dll
+ 2009-09-02 20:35 . 2009-08-28 23:31 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\GameUXLegacyGDFs.dll
+ 2009-09-02 20:35 . 2009-08-29 03:41 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\gameux.dll
+ 2009-09-02 20:35 . 2009-08-29 02:46 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\AcGenral.dll
+ 2009-09-02 20:35 . 2009-08-29 02:30 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\AcGenral.dll
+ 2009-09-02 20:35 . 2009-08-28 12:24 2157056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\AcGenral.dll
+ 2009-09-02 20:35 . 2009-08-28 12:38 2153984 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\AcGenral.dll
+ 2009-09-02 20:35 . 2009-08-29 03:31 2144768 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\AcGenral.dll
+ 2009-09-02 20:35 . 2009-08-29 03:40 2143744 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\AcGenral.dll
- 2006-11-02 10:22 . 2009-09-03 00:16 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-03 21:57 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-09-02 20:35 . 2009-08-28 12:38 2153984 c:\windows\AppPatch\AcGenral.dll
- 2009-08-26 08:59 . 2009-06-05 12:33 2153984 c:\windows\AppPatch\AcGenral.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-19 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]
c:\users\DENNIS.Dennis-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-12 50688]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-9-12 679936]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2009-3-14 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E90BD9E8-554B-464C-8855-54EE7D0B5CCD}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A83B2E21-158F-491A-B229-A094B88D3B43}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{2B53E217-F70C-4344-BBE2-FD974D1F4009}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{D2034F35-245F-456D-A8C2-7234814E7D4D}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{9CAC8998-58BA-4695-8742-5B030101E14A}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{6B3CE1FB-CEAC-4856-B177-FDB38BBBB95F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{D501C735-1D02-4306-8F54-C312EBF01B14}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{5FDC8D13-8447-43C5-A03B-20C45D361FAC}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{1E16118B-8C28-4BBA-A779-DD087AC6E66B}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{427DE92B-67BA-4F68-8518-E493411B3CED}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{C201E276-1402-4943-82EB-183CEF2B8EDB}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{689227DF-50ED-4DD9-A54B-D363E68A66C4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5C5426A5-7869-4AF0-A308-B34CE106C303}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{22737F3C-6EDE-4111-9CE9-DF6DE1FC5831}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3423008D-17EE-4017-A86A-91DB29AB2AB8}"= UDP:c:\program files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{8EC38D51-CE96-4AE5-BDDB-0074A50E9D1B}"= TCP:c:\program files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{673DB804-1271-477D-855C-2EE96D92B982}"= UDP:c:\program files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{2057C8DE-F41A-4945-9B91-501B725719CD}"= TCP:c:\program files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{C0BA0E41-9A75-4D00-91BE-27537843B818}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{91759461-424C-45CE-BE72-FE819D0E0E86}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{83BD1BFD-D28E-4648-A2D1-AF245719392F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7F4BCBE4-20CE-4F16-9F29-255ABCB714A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090826.001\IDSvix86.sys [9/1/2009 5:17 PM 272432]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 10:03 AM 208896]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/8/2008 5:34 PM 149352]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 5:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 4:49 PM 7424]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/26/2008 12:10 PM 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 8:35 PM 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
S3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [9/12/2007 6:43 AM 5504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Dennis.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/200 ... ader55.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabFF - ProfilePath - c:\users\DENNIS.Dennis-PC\AppData\Roaming\Mozilla\Firefox\Profiles\oq9mcakd.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-03 20:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5500)
c:\program files\SetPoint\lgscroll.dll
.
Completion time: 2009-09-04 20:47
ComboFix-quarantined-files.txt 2009-09-04 00:47
ComboFix2.txt 2009-09-03 01:42
Pre-Run: 173,948,203,008 bytes free
Post-Run: 173,829,464,064 bytes free
305 --- E O F --- 2009-09-03 19:30
Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 6.0.6001 Service Pack 1
9/3/2009 8:54:59 PM
mbam-log-2009-09-03 (20-54-59).txt
Scan type: Quick Scan
Objects scanned: 106304
Time elapsed: 3 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
SETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=aa4fda0f1da3a0488f00dcf15fdf4dd7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-04 02:20:18
# local_time=2009-09-03 10:20:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=3586 62 60 14 582366336949909
# compatibility_mode=5889 61 66 100 513024995544547
# scanned=153827
# found=0
# cleaned=0
# scan_time=2700