Reason Core Security anti-malware scan for the file livezilla_5.0.1.2_full.exe (SHA-1 ba44bb497f5208e06058fb19c91fc1). Reason Core Security has detected the.
ComboFix 10-01-04.01 - camster98 01/10/2010 19:14:54.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2754 [GMT -6:00]
Running from: c:documents and settingscamster98DesktopComboFix.exe
Command switches used :: c:documents and settingscamster98DesktopCFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------Legacy_ERASERUTILDRV10910
-------Legacy_ERASERUTILDRVI9
-------Legacy_TFILTER
-------Service_EraserUtilDrv10910
-------Service_EraserUtilDrvI9
-------Service_TFilter
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-09 17:52 . 2010-01-09 17:58 8087352 ----a-w- C:Firefox Setup 3.5.7.exe
2010-01-09 05:22 . 2010-01-09 05:22 -------- d-----w- C:HostsXpert
2010-01-09 05:21 . 2010-01-09 05:21 353485 ----a-w- C:HostsXpert.zip
2010-01-08 14:40 . 2010-01-08 14:40 354016 ----a-w- C:unmsjvm.exe
2010-01-08 14:40 . 2010-01-08 14:40 -------- d-----w- C:MGlogs
2010-01-08 14:33 . 2010-01-08 14:36 171382 ----a-w- C:MGlogs.zip
2010-01-08 14:33 . 2010-01-08 14:36 -------- d-----w- C:MGtools
2010-01-08 14:32 . 2010-01-08 14:32 2387816 ----a-w- C:MGtools.exe
2010-01-08 02:24 . 2010-01-08 02:24 952 --sha-w- c:documents and settingsAll UsersApplication DataKGyGaAvL.sys
2010-01-08 02:24 . 2010-01-08 02:25 -------- d-----w- c:documents and settingscamster98Application DataCorel
2010-01-08 02:18 . 2010-01-08 02:18 -------- d-----w- c:program filesCommon FilesIntel
2010-01-08 00:30 . 2010-01-08 00:30 -------- d-----w- c:program filesCommon FilesCorel
2010-01-08 00:30 . 2010-01-08 00:30 -------- d-----w- c:program filesCommon FilesProtexis
2010-01-08 00:20 . 2010-01-08 00:30 -------- d-----w- c:documents and settingsAll UsersApplication DataCorel
2010-01-08 00:20 . 2010-01-08 00:28 -------- d-----w- c:program filesCorel
2010-01-08 00:03 . 2010-01-08 00:03 -------- d-----w- c:program filesCommon FilesonOne Software Shared
2010-01-08 00:03 . 2010-01-08 00:15 -------- d-----w- c:program filesonOne Software
2010-01-08 00:03 . 2005-08-21 19:57 227840 ----a-w- c:windowssystem32Deco_32.dll
2010-01-07 23:19 . 2010-01-07 23:19 247296 ----a-w- c:documents and settingscamster98Application DataSystemRequirementsLabSRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-07 23:19 . 2010-01-07 23:19 247296 ----a-w- c:documents and settingscamster98Application DataSystemRequirementsLabSRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-07 23:19 . 2010-01-07 23:19 247296 ----a-w- c:documents and settingscamster98Application DataSystemRequirementsLabSRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-07 23:19 . 2010-01-07 23:19 247296 ----a-w- c:documents and settingscamster98Application DataSystemRequirementsLabSRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-05 15:23 . 2010-01-08 02:31 -------- d-----w- c:documents and settingsAll UsersApplication DataFLEXnet
2010-01-04 18:51 . 2010-01-04 18:51 -------- d-----w- c:program filesAdobe Media Player
2010-01-04 18:48 . 2010-01-04 18:48 -------- d-----w- c:program filesCommon FilesAdobe AIR
2010-01-04 18:43 . 2010-01-04 18:43 -------- d-----w- c:program filesCommon FilesMacrovision Shared
2010-01-03 21:52 . 2010-01-04 03:43 -------- d-----w- c:documents and settingsLocalServiceApplication DataWTablet
2010-01-03 21:32 . 2010-01-11 01:23 -------- d-----w- c:documents and settingscamster98Application DataWTablet
2010-01-03 21:32 . 2010-01-03 21:32 -------- d-----w- c:program filesTabletPlugins
2010-01-03 21:32 . 2007-02-16 16:12 11312 ----a-w- c:windowssystem32driverswacommousefilter.sys
2010-01-03 21:32 . 2009-05-20 17:54 13736 ----a-w- c:windowssystem32driverswacomvhid.sys
2010-01-03 21:32 . 2010-01-03 21:32 -------- d-----w- c:windowssystem32WTablet
2010-01-03 21:32 . 2009-08-27 21:06 16168 ----a-w- c:windowssystem32driverswacmoumonitor.sys
2010-01-03 21:32 . 2009-11-24 17:25 4463400 ----a-w- c:windowssystem32Wacom_Tablet.exe
2010-01-03 21:32 . 2009-11-24 17:25 412456 ----a-w- c:windowssystem32Wacom_Tablet.dll
2010-01-03 21:32 . 2009-11-24 17:20 285184 ----a-w- c:windowssystem32Wintab32.dll
2010-01-03 21:32 . 2010-01-03 21:32 -------- d-----w- c:program filesTablet
2010-01-03 20:38 . 2010-01-03 20:38 -------- d-----w- c:documents and settingscamster98Application DataUpdate
2010-01-03 16:36 . 2010-01-03 16:36 56827 ----a-w- c:documents and settingscamster98Application DataUpdatetbupd.exe
2010-01-03 15:12 . 2010-01-03 15:12 1076558 ----a-w- c:documents and settingscamster98Application DataUpdatetbsk.exe
2010-01-03 13:46 . 2010-01-03 13:46 51689 ----a-w- c:documents and settingscamster98Application DataUpdateseupd.exe
2010-01-02 01:40 . 2008-04-14 06:26 12800 -c--a-w- c:windowssystem32dllcacheusb8023x.sys
2010-01-02 01:40 . 2008-04-14 06:26 12800 ----a-w- c:windowssystem32driversusb8023x.sys
2010-01-02 01:40 . 2008-04-14 06:26 30592 -c--a-w- c:windowssystem32dllcacherndismpx.sys
2010-01-02 01:40 . 2008-04-14 06:26 30592 ----a-w- c:windowssystem32driversrndismpx.sys
2010-01-02 01:22 . 2010-01-02 01:55 -------- d-----w- c:program filesMicrosoft ActiveSync
2009-12-28 00:45 . 2001-04-13 00:00 182272 ----a-w- c:windowspatchw32.dll
2009-12-28 00:42 . 2009-12-28 00:42 4096 ----a-w- c:windowsd3dx.dat
2009-12-24 22:57 . 2009-12-24 22:57 717296 ----a-w- c:windowssystem32driverssptd.sys
2009-12-24 22:56 . 2009-12-24 22:56 -------- d-----w- c:program filesLSoft Technologies
2009-12-23 22:40 . 2009-12-24 02:21 -------- d-----w- c:program filesLinksys
2009-12-23 22:33 . 2009-12-23 22:33 -------- d-----w- c:program filesWebEx
2009-12-23 13:41 . 2009-12-23 13:41 -------- d-----w- c:program filesBreakPoint Software
2009-12-23 00:26 . 2009-12-23 00:26 -------- d-----w- c:program filesUbisoft
2009-12-22 21:21 . 2009-12-22 21:21 -------- d-----w- c:documents and settingsAll UsersApplication DataStardock
2009-12-22 09:02 . 2010-01-10 18:01 52224 ----a-w- c:documents and settingscamster98Application DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll
2009-12-22 08:45 . 2009-12-22 08:45 -------- d-----w- c:program filesLionhead Studios
2009-12-22 08:43 . 2009-12-22 08:43 -------- d-----w- c:program filesCommon FilesEasyInfo
2009-12-21 06:12 . 2009-12-21 06:12 -------- d-----w- c:program filesLionhead Studios Ltd
2009-12-21 02:03 . 2009-12-21 02:03 -------- d-----w- c:program filesParadox Interactive
2009-12-20 03:10 . 2009-12-20 03:10 -------- d-----w- c:program filesdirectx
2009-12-18 23:02 . 2009-12-18 23:02 -------- d-----w- c:windowssystem32wbemRepository
2009-12-17 05:19 . 2009-12-18 23:01 -------- dc----w- c:documents and settingsAll UsersApplication Data{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2009-12-17 05:17 . 2009-12-17 05:17 -------- d-----w- c:documents and settingsAll UsersApplication DataNative Instruments
2009-12-17 05:17 . 2009-12-18 23:01 -------- dc----w- c:documents and settingsAll UsersApplication Data{902029B2-957E-4066-85FA-30DA31731718}
2009-12-17 05:17 . 2009-12-17 12:36 -------- d-----w- c:program filesNative Instruments
2009-12-17 05:17 . 2009-12-17 05:17 -------- d-----w- c:program filesCommon FilesNative Instruments
2009-12-16 10:00 . 2009-12-16 10:00 -------- d-----w- c:documents and settingsAll UsersApplication DataDiskeeper Corporation
2009-12-16 10:00 . 2009-12-16 10:00 -------- d-----w- c:program filesDiskeeper Corporation
2009-12-16 09:56 . 2009-11-24 23:48 23120 ----a-w- c:windowssystem32driversaswRdr.sys
2009-12-16 09:56 . 2009-11-24 23:49 48560 ----a-w- c:windowssystem32driversaswTdi.sys
2009-12-16 09:56 . 2009-11-24 23:47 27408 ----a-w- c:windowssystem32driversaavmker4.sys
2009-12-16 09:56 . 2009-11-24 23:51 93424 ----a-w- c:windowssystem32driversaswmon.sys
2009-12-16 09:56 . 2009-11-24 23:50 94160 ----a-w- c:windowssystem32driversaswmon2.sys
2009-12-16 09:56 . 2009-11-24 23:50 114768 ----a-w- c:windowssystem32driversaswSP.sys
2009-12-16 09:56 . 2009-11-24 23:50 20560 ----a-w- c:windowssystem32driversaswFsBlk.sys
2009-12-16 09:56 . 2009-11-24 23:47 97480 ----a-w- c:windowssystem32AvastSS.scr
2009-12-16 09:55 . 2009-11-24 23:54 1280480 ----a-w- c:windowssystem32aswBoot.exe
2009-12-16 09:13 . 2009-12-16 09:13 8854 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{A31838F1-8E0D-4CA3-A40A-20825B92F125}UNINST_Uninstall_S_A31838F18E0D4CA3A40A20825B92F125.exe
2009-12-16 09:13 . 2009-12-16 09:13 40960 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{A31838F1-8E0D-4CA3-A40A-20825B92F125}Serials2005.exe1_A31838F18E0D4CA3A40A20825B92F125.exe
2009-12-16 09:13 . 2009-12-16 09:13 40960 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{A31838F1-8E0D-4CA3-A40A-20825B92F125}Serials2005.exe_A31838F18E0D4CA3A40A20825B92F125.exe
2009-12-16 09:13 . 2009-12-16 09:13 10134 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{A31838F1-8E0D-4CA3-A40A-20825B92F125}ARPPRODUCTICON.exe
2009-12-16 09:13 . 2009-12-16 09:27 -------- d-----w- c:program filesSerials 2005
2009-12-16 02:56 . 2010-01-01 17:28 21366 ----a-w- c:windowssetup.dat
2009-12-14 16:23 . 2009-12-15 09:05 -------- d-----w- c:program filesIDoser v4
2009-12-14 16:22 . 2009-12-14 16:22 -------- d-----w- c:program filesWireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 01:26 . 2009-11-08 05:21 -------- d-----w- c:program filesBOINC
2010-01-10 18:01 . 2009-11-03 01:15 117760 ----a-w- c:documents and settingscamster98Application DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL
2010-01-10 17:57 . 2009-10-07 03:15 -------- d-----w- c:program filesSUPERAntiSpyware
2010-01-10 02:49 . 2009-10-03 21:26 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-01-10 02:49 . 2009-12-06 03:22 5115824 ----a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes' Anti-Malwarembam-setup.exe
2010-01-08 12:09 . 2009-10-03 21:20 -------- d-----w- c:documents and settingscamster98Application DatauTorrent
2010-01-08 02:18 . 2009-10-04 09:37 -------- d-----w- c:program filesIntel
2010-01-08 00:15 . 2009-10-04 09:41 -------- d--h--w- c:program filesInstallShield Installation Information
2010-01-07 23:20 . 2009-10-14 12:56 -------- d-----w- c:program filesSystemRequirementsLab
2010-01-07 23:19 . 2009-10-14 12:56 -------- d-----w- c:documents and settingscamster98Application DataSystemRequirementsLab
2010-01-07 22:07 . 2009-10-03 21:26 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 22:07 . 2009-10-03 21:26 19160 ----a-w- c:windowssystem32driversmbam.sys
2010-01-07 15:24 . 2009-11-27 15:12 -------- d-----w- c:program filesWarcraft III
2010-01-07 01:52 . 2009-11-19 20:10 -------- d-----w- c:documents and settingscamster98Application Datavlc
2010-01-06 15:18 . 2009-10-04 17:01 73544 ----a-w- c:documents and settingscamster98Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-01-05 15:23 . 2009-11-23 12:35 73544 ----a-w- c:windowssystem32GDIPFONTCACHEV1.DAT
2010-01-04 18:52 . 2009-10-15 16:27 -------- d-----w- c:program filesCommon FilesAdobe
2010-01-04 03:21 . 2009-10-14 18:48 -------- d-----w- c:program filesSpywareGuard
2010-01-04 02:12 . 2009-10-05 01:25 -------- d-----w- c:program filesERUNT
2010-01-03 03:10 . 2009-10-13 15:30 -------- d-----w- c:documents and settingscamster98Application DataFileZilla
2010-01-02 02:41 . 2009-10-05 18:28 -------- d-----w- c:program filesMicrosoft.NET
2009-12-31 22:37 . 2009-10-14 18:46 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-31 22:37 . 2009-10-14 18:46 -------- d-----w- c:program filesSpywareBlaster
2009-12-31 22:35 . 2009-10-29 06:29 -------- d-----w- c:program filesMeadCo Neptune
2009-12-31 22:34 . 2009-10-05 18:35 -------- d-----w- c:program filesVstPlugins
2009-12-31 22:34 . 2009-10-05 18:33 -------- d-----w- c:program filesImage-Line
2009-12-29 01:25 . 2009-10-04 23:00 -------- d-----w- c:documents and settingscamster98Application DataTeamViewer
2009-12-29 01:25 . 2009-10-04 23:00 -------- d-----w- c:program filesTeamViewer
2009-12-25 22:44 . 2009-10-04 16:55 -------- d-----w- c:documents and settingscamster98Application DataApple Computer
2009-12-25 17:50 . 2009-10-13 02:01 -------- d-----w- c:documents and settingscamster98Application Datagtk-2.0
2009-12-24 22:44 . 2009-10-03 21:20 -------- d-----w- c:program filesuTorrent
2009-12-24 15:17 . 2009-10-05 15:38 -------- d-----w- c:documents and settingscamster98Application DataAudacity
2009-12-23 22:33 . 2009-12-23 22:32 8892928 ----a-w- c:documents and settingsAll UsersApplication Dataatscie.msi
2009-12-23 01:45 . 2009-10-09 14:45 664 ----a-w- c:windowssystem32d3d9caps.dat
2009-12-22 09:46 . 2009-11-25 17:23 -------- d-----w- c:program files1254546823
2009-12-20 03:08 . 2009-12-18 12:06 -------- d-----w- c:program filesYouTube Downloader
2009-12-18 23:00 . 2009-12-17 21:54 -------- d-----w- c:documents and settingsAll UsersApplication DataSkype
2009-12-18 23:00 . 2009-12-17 22:03 -------- d-----w- c:program filesSkype
2009-12-18 23:00 . 2009-12-17 22:21 -------- d-----w- c:documents and settingscamster98Application DataSkype
2009-12-18 23:00 . 2009-12-18 23:00 -------- d-----w- c:program filesLiveZilla
2009-12-18 23:00 . 2009-12-18 23:00 -------- d-----w- c:documents and settingsAll UsersApplication Data{29DE7D8A-76E9-40C8-AD3B-3D95E76E1227}
2009-12-18 23:00 . 2009-12-18 03:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{34B95970-A823-46C6-9B9A-3DEF08551127}
2009-12-18 23:00 . 2009-12-18 03:51 -------- d-----w- c:program filesLiveZilla(2)
2009-12-18 22:08 . 2009-12-17 22:22 -------- d-----w- c:documents and settingscamster98Application DataskypePM
2009-12-17 22:22 . 2009-12-17 22:22 56 ---ha-w- c:windowssystem32ezsidmv.dat
2009-12-17 13:49 . 2009-11-04 15:50 -------- d-----w- c:documents and settingsAll UsersApplication DataAvira
2009-12-16 09:31 . 2009-11-09 14:21 -------- d-----w- c:program filesVentriloMix
2009-12-16 09:27 . 2009-11-09 23:37 -------- d-----w- c:program filesPeerGuardian2
2009-12-16 09:27 . 2009-11-09 14:22 -------- d-----w- c:program filesMumble
2009-12-16 09:23 . 2009-10-05 18:22 -------- d-----w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2009-12-16 09:23 . 2009-10-09 15:16 -------- d-----w- c:program filesMicrosoft Visual Studio 9.0
2009-12-14 16:07 . 2009-10-05 01:18 -------- d-----w- c:program filesNotepad++
2009-12-09 15:16 . 2009-11-25 02:24 -------- d-----w- c:documents and settingsAll UsersApplication DataNorton
2009-12-09 02:16 . 2009-11-04 21:24 56816 ----a-w- c:windowssystem32driversavgntflt.sys
2009-12-05 23:32 . 2009-11-25 02:23 -------- d-----w- c:documents and settingsAll UsersApplication DataNortonInstaller
2009-12-02 03:35 . 2009-12-02 03:35 -------- d-----w- c:documents and settingscamster98Application DataWeatherBug
2009-12-02 03:34 . 2009-12-02 03:34 18944 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{8F931595-5561-4E26-AC78-7E9B1E3E9C98}IconBB6A16301.exe
2009-12-02 03:34 . 2009-12-02 03:34 11264 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{8F931595-5561-4E26-AC78-7E9B1E3E9C98}IconBB6A1630.exe
2009-12-02 03:34 . 2009-12-02 03:34 -------- d-----w- c:program filesAWS
2009-11-30 13:32 . 2009-11-30 13:32 -------- d-----w- c:documents and settingscamster98Application DataEBookSys
2009-11-27 15:28 . 2009-11-27 15:15 63116 ----a-w- c:windowsWar3Unin.dat
2009-11-27 15:24 . 2009-11-27 15:15 2829 ----a-w- c:windowsWar3Unin.pif
2009-11-27 15:24 . 2009-11-27 15:15 139264 ----a-w- c:windowsWar3Unin.exe
2009-11-27 06:54 . 2009-10-05 00:57 -------- d-----w- c:program filesUnlocker
2009-11-27 05:01 . 2009-10-04 09:40 -------- d-----w- c:program filesCommon FilesInstallShield
2009-11-26 20:20 . 2009-11-16 04:25 -------- d-----w- c:program filesGoogle
2009-11-26 19:58 . 2009-11-19 23:19 -------- d-----w- c:program filesSpeccy
2009-11-26 17:11 . 2009-11-26 17:11 -------- d-----w- c:program filesHashTab Shell Extension
2009-11-26 17:07 . 2009-11-26 17:07 3638 ----a-r- c:documents and settingscamster98Application DataMicrosoftInstaller{DFC6573E-124D-4026-BFA4-B433C9D3FF21}_2cd672ae.exe
2009-11-26 17:07 . 2009-11-26 17:07 -------- d-----w- c:program filesAlex Feinman
2009-11-26 17:04 . 2009-11-26 17:02 -------- d-----w- c:program filesQuickTime
2009-11-25 08:27 . 2009-11-25 08:27 -------- d-----w- c:documents and settingsAll UsersApplication DataSymantec
2009-11-25 02:25 . 2009-11-13 02:33 26600 ----a-r- c:windowssystem32driversGEARAspiWDM.sys
2009-11-25 02:24 . 2009-11-13 02:33 107368 ----a-r- c:windowssystem32GEARAspi.dll
2009-11-25 00:13 . 2009-11-11 12:34 -------- d-----w- c:program filesStyler
2009-11-25 00:12 . 2009-11-04 22:38 -------- d-----w- c:program filesCommon FilesLogitech
2009-11-25 00:09 . 2009-11-03 11:56 -------- d-----w- c:documents and settingsAll UsersApplication DataLavasoft
2009-11-24 22:52 . 2009-11-23 04:19 -------- d-----w- c:program filesSins of a Solar Empire
2009-11-22 20:02 . 2009-11-22 20:02 -------- d-----w- c:documents and settingscamster98Application DataYahoo!
2009-11-22 14:35 . 2009-10-23 15:47 -------- d-----w- c:program filesWinPcap
2009-11-22 07:02 . 2009-11-22 07:02 -------- d-----w- c:program filesMicrosoft
2009-11-22 07:02 . 2009-11-22 07:01 -------- d-----w- c:program filesWindows Live
2009-11-22 07:01 . 2009-11-22 07:01 -------- d-----w- c:program filesWindows Live SkyDrive
2009-11-22 06:56 . 2009-11-22 06:56 -------- d-----w- c:program filesCommon FilesWindows Live
2009-11-22 06:29 . 2009-11-22 06:29 -------- d-----w- c:program filesFileZilla FTP Client
2009-11-21 09:44 . 2009-11-21 09:44 -------- d-----w- c:program filesFiraxis Games
2009-11-19 15:53 . 2009-11-19 15:53 -------- d-----w- c:program filesWinUHA
2009-11-15 12:00 . 2009-11-15 11:56 -------- d-----w- c:program filesSan Andreas Mod Installer
2009-11-14 22:06 . 2009-11-14 22:06 -------- d-----w- c:program filesRockstar Games
2009-11-14 15:08 . 2009-11-06 01:42 -------- d-----w- c:program filesYahoo SiteBuilder
2009-11-14 15:07 . 2009-11-03 01:13 -------- d-----w- c:program filesCommon FilesWise Installation Wizard
2009-11-14 15:03 . 2009-10-28 15:15 -------- d-----w- c:program filesWebserver Stress Tool 7
2009-11-14 14:56 . 2009-10-07 20:56 -------- d-----w- c:program filesWorkspace Macro Pro 6.0
2009-11-14 14:41 . 2009-11-14 14:41 -------- d-----w- c:program filesSequoiaView
2009-11-13 02:33 . 2009-11-13 02:31 -------- d-----w- c:program filesiTunes
2009-11-13 02:31 . 2009-11-13 02:31 -------- d-----w- c:program filesiPod
2009-11-13 02:31 . 2009-10-04 16:53 -------- d-----w- c:program filesCommon FilesApple
2009-11-12 18:01 . 2009-11-12 18:01 -------- d--h--w- c:documents and settingsAll UsersApplication Data{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-11-12 12:42 . 2009-10-04 16:53 -------- d-----w- c:documents and settingsAll UsersApplication DataApple
2009-11-12 03:46 . 2009-11-12 03:46 -------- d-----w- c:documents and settingsAll UsersApplication DataIronclad Games
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
'msnmsgr'='c:program filesWindows LiveMessengermsnmsgr.exe' [2009-07-26 3883856]
'Weather'='c:program filesAWSWeatherBugWeather.exe' [2009-10-20 1693184]
'i8kfangui'='c:program filesI8kfanGUII8kfanGUI.exe' [2007-02-16 856064]
'MSMSGS'='c:program filesMessengermsmsgs.exe' [2008-04-14 1695232]
'ctfmon.exe'='c:windowssystem32ctfmon.exe' [2008-04-14 15360]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
'UnlockerAssistant'='c:program filesUnlockerUnlockerAssistant.exe' [2009-10-26 15872]
'Dell QuickSet'='c:program filesDellQuickSetQuickset.exe' [2007-07-20 1228800]
'LiveZilla'='c:program filesLiveZillaLiveZilla.exe' [2009-08-28 2792280]
'avast!'='c:progra~1ALWILS~1Avast4ashDisp.exe' [2009-11-24 81000]
'AdobeCS4ServiceManager'='c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe' [2008-08-14 611712]
'IntelZeroConfig'='c:program filesIntelWiFibinZCfgSvc.exe' [2009-11-03 1372160]
'IntelWireless'='c:program filesCommon FilesIntelWirelessCommoniFrmewrk.exe' [2009-11-03 1202448]
'IgfxTray'='c:windowssystem32igfxtray.exe' [2007-03-31 138008]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
'DWQueuedReporting'='c:progra~1COMMON~1MICROS~1DWdwtrig20.exe' [2008-11-04 435096]
c:documents and settingscamster98Start MenuProgramsStartup
ERUNT AutoBackup.lnk - c:program filesERUNTAUTOBACK.EXE [2005-10-20 38912]
GridRepublic Desktop.lnk - c:program filesBOINCGridRepublic.exe [2007-11-26 3891968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]
SpywareGuard.lnk - c:program filesSpywareGuardsgmain.exe [2003-8-29 360448]
c:documents and settingsAll UsersStart MenuProgramsStartup
Windows Search.lnk - c:program filesWindows Desktop SearchWindowsSearch.exe [2008-5-26 123904]
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
'{56F9679E-7826-4C84-81F3-532071A8BCC5}'= 'c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll' [2009-05-25 304128]
'{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}'= 'c:program filesSUPERAntiSpywareSASSEH.DLL' [2008-05-13 77824]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.dll
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@='Service'
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
'%windir%Network Diagnosticxpnetdiag.exe'=
'%windir%system32sessmgr.exe'=
'c:Program FilesuTorrentuTorrent.exe'=
'c:Program FilesYahoo!MessengerYahooMessenger.exe'=
'c:Program FilesBonjourmDNSResponder.exe'=
'c:Program FilesGiganologyGigagetGigaget.exe'=
'c:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE'=
'c:Documents and Settingscamster98Local SettingsApplication DataXenocodeXSandboxDiskeeper ™ Application Launcher13.0.3.02008.12.07T11.56VirtualSTUBEXE@[email protected]Diskeeper CorporationDiskeeperDkService.exe'=
'c:Program FilesJavajre6binjava.exe'=
'c:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE'=
'c:Program FilesStardock GamesSins of a Solar EmpireSins of a Solar Empire.exe'=
'c:Program FilesiTunesiTunes.exe'=
'c:Program FilesFiraxis GamesSid Meier's Civilization 4Civilization4.exe'=
'c:Program FilesFiraxis GamesSid Meier's Civilization 4Beyond the SwordCiv4BeyondSword.exe'=
'c:Program FilesFiraxis GamesSid Meier's Civilization 4Beyond the SwordCiv4BeyondSword_PitBoss.exe'=
'c:Program FilesWindows LiveMessengerwlcsdk.exe'=
'c:Program FilesWindows LiveMessengermsnmsgr.exe'=
'c:program filesMicrosoft ActiveSyncrapimgr.exe'= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
'c:program filesMicrosoft ActiveSyncwcescomm.exe'= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
'c:program filesMicrosoft ActiveSyncWCESMgr.exe'= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
'c:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe'=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
'26675:TCP'= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
'5353:TCP'= 5353:TCP:Adobe CSI CS4
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]
'AllowInboundEchoRequest'= 1 (0x1)
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [12/16/2009 3:56 AM 114768]
R1 fanio;FanIO driver;c:windowssystem32driversfanio.sys [11/1/2009 9:29 PM 14464]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:program filesAcunetixWeb Vulnerability Scanner 6WVSScheduler.exe [5/4/2009 11:05 AM 994952]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [12/16/2009 3:56 AM 20560]
R2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [10/20/2009 12:19 PM 50704]
R2 TabletServiceWacom;TabletServiceWacom;c:windowssystem32Wacom_Tablet.exe [1/3/2010 3:32 PM 4463400]
R2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [11/15/2009 10:25 PM 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:windowssystem32DRIVERSATMFBUS.sys --> c:windowssystem32DRIVERSATMFBUS.sys [?]
S3 ATMFCVsp;A600 Cricket CM Port;c:windowssystem32DRIVERSATMFCVsp.sys --> c:windowssystem32DRIVERSATMFCVsp.sys [?]
S3 ATMFFLT;A600 USB Modem Installation CD;c:windowssystem32DRIVERSATMFFLT.sys --> c:windowssystem32DRIVERSATMFFLT.sys [?]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:windowssystem32DRIVERSATMFMdm.sys --> c:windowssystem32DRIVERSATMFMdm.sys [?]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:windowssystem32DRIVERSATMFNET.sys --> c:windowssystem32DRIVERSATMFNET.sys [?]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:windowssystem32DRIVERSATMFNVsp.sys --> c:windowssystem32DRIVERSATMFNVsp.sys [?]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:windowssystem32DRIVERSATMFVsp.sys --> c:windowssystem32DRIVERSATMFVsp.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:windowssystem32driverslibusb0.sys [11/12/2009 8:36 PM 28672]
S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 wacmoumonitor;Wacom Mode Helper;c:windowssystem32driverswacmoumonitor.sys [1/3/2010 3:32 PM 16168]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [12/24/2009 4:57 PM 717296]
.
Contents of the 'Scheduled Tasks' folder
2009-12-15 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 17:34]
2010-01-11 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-16 04:25]
2010-01-10 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-16 04:25]
2010-01-09 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1343024091-113007714-1547161642-1003Core.job
- c:documents and settingscamster98Local SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-10-29 15:12]
2010-01-11 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1343024091-113007714-1547161642-1003UA.job
- c:documents and settingscamster98Local SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2009-10-29 15:12]
2010-01-11 c:windowsTasksMP Scheduled Scan.job
- c:program filesWindows DefenderMpCmdRun.exe [2006-11-04 01:20]
2010-01-10 c:windowsTasksTBUpdater.job
- c:documents and settingscamster98Application DataUpdatetbupd.exe [2010-01-03 16:36]
2010-01-10 c:windowsTasksUpdater.job
- c:documents and settingscamster98Application DataUpdateseupd.exe [2010-01-03 13:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All by Gigaget - c:program filesGiganologyGigagetgetallurl.htm
IE: &Download by Gigaget - c:program filesGiganologyGigagetgeturl.htm
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF - ProfilePath - c:documents and settingscamster98Application DataMozillaFirefoxProfilesnaep4b2z.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:documents and settingscamster98Local SettingsApplication DataGoogleUpdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:documents and settingscamster98Local SettingsApplication DataYahoo!BrowserPlus2.4.21Pluginsnpybrowserplus_2.4.21.dll
FF - plugin: c:program filesGoogleUpdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpFoxitReaderPlugin.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnpipcd3.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpiPLATO_22.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnpmeadax.dll
FF - plugin: c:program filesTabletPluginsnpwacom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:program filesSUPERAntiSpywareSASWINLO.dll
c:windowssystem32WININET.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
c:windowssystem32netprovcredman.dll
- - - - - - - > 'explorer.exe'(2176)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:windowssystem32wpdshserviceobj.dll
c:windowssystem32webcheck.dll
c:windowssystem32portabledevicetypes.dll
c:windowssystem32portabledeviceapi.dll
c:program filesCommon FilesAdobeAdobe Drive CS4AdobeDriveCS4_NP.dll
c:windowssystem32netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesIntelWiFibinS24EvMon.exe
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:program filesIntelWiFibinEvtEng.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32PSIService.exe
c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe
c:program filesCommon FilesIntelWirelessCommonRegSrvc.exe
c:program filesIntelWiFibinWLKeeper.exe
c:windowssystem32SearchIndexer.exe
c:windowssystem32WTabletWacom_TabletUser.exe
c:windowssystem32wscntfy.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:program filesMicrosoft ActiveSyncWcescomm.exe
c:progra~1MI3AA1~1rapimgr.exe
c:windowssystem32wbemunsecapp.exe
c:program filesSpywareGuardsgbhp.exe
c:program filesBOINCboinc.exe
c:program filesBOINCprojectsboinc.bakerlab.org_rosettaminirosetta_2.00_windows_intelx86.exe
c:program filesBOINCprojectswww.ufluids.netevolver_4.10_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2010-01-10 19:31:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 01:31
ComboFix2.txt 2010-01-10 06:07
ComboFix3.txt 2010-01-06 15:28
ComboFix4.txt 2010-01-06 03:56
ComboFix5.txt 2010-01-11 01:13
Pre-Run: 15,952,486,400 bytes free
Post-Run: 15,903,506,432 bytes free
- - End Of File - - 85C30A05B9699A683FC0483623A5925A