ComboFix 09-06-23.01 - Christina 06/24/2009 11:06.3 - NTFSx86
Microsoft
Windows Vista
Home Premium 6.0.6001.1.1252.1.1033.18.3062.1834 [GMT -7:00]
Running from: c:\users\Christina\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Christina\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\msxmlm.dll.tmp"
"c:\windows\Tasks\PersonalAV.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\windows\system32\msxmlm.dll.tmp
c:\windows\Tasks\PersonalAV.job
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-24 18:09 . 2009-06-24 18:12 -------- d-----w- c:\users\Christina\AppData\Local\temp
2009-06-23 18:14 . 2009-06-23 18:14 -------- d-----w- c:\programdata\Alex Gordon
2009-06-23 17:45 . 2009-06-23 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 13:12 . 2009-06-23 13:16 -------- d-----w- c:\program files\The Omega Stone
2009-06-23 00:14 . 2009-06-24 13:33 -------- d-----w- c:\programdata\AlawarWrapper
2009-06-23 00:14 . 2009-06-23 00:15 -------- d-----w- c:\users\Christina\AppData\Roaming\TMInc
2009-06-23 00:09 . 2009-06-23 00:13 -------- d-----w- c:\program files\Viva Media
2009-06-23 00:05 . 2009-06-23 00:05 -------- d-----w- c:\program files\Viva Media Game Center
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\users\Christina\AppData\Roaming\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\program files\Trend Micro
2009-06-20 17:41 . 2009-06-20 17:53 -------- d-----w- c:\users\Christina\.SunDownloadManager
2009-06-19 19:14 . 2009-04-10 18:46 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 19:14 . 2009-04-10 18:46 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:14 . 2009-04-10 18:46 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:14 . 2009-04-10 18:46 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:14 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-16 02:30 . 2009-06-16 02:32 -------- d-----w- c:\programdata\Creative
2009-06-16 02:30 . 2009-06-16 02:30 -------- d--h--w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2009-06-16 02:30 . 2008-06-17 01:40 2354414 ----a-w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
2009-06-16 02:30 . 2006-10-06 21:17 53248 ------w- c:\windows\Ctregrun.exe
2009-06-16 02:29 . 2009-06-16 02:30 -------- d-----w- c:\program files\Creative
2009-06-13 18:49 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-13 18:49 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-13 18:26 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 18:26 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-13 18:24 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 18:06 . 2009-06-13 18:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF410.tmp.exe
2009-06-08 16:49 . 2009-06-08 16:49 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-07 05:18 . 2009-06-08 13:06 -------- d-----w- c:\users\Christina\AppData\Local\SpookyManor
2009-06-07 02:11 . 2009-06-08 14:02 -------- d-----w- c:\programdata\MysteryChronicles
2009-06-07 02:09 . 2009-06-07 02:09 -------- d-----w- c:\program files\Mystery Chronicles - Murder Among Friends
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iPod
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iTunes
2009-06-03 22:05 . 2009-06-19 17:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 21:59 . 2009-06-03 21:59 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-26 21:29 . 2009-06-21 16:58 -------- d-----w- c:\users\Christina\iWin Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 17:54 . 2008-04-13 18:37 5692 ----a-w- c:\users\Christina\AppData\Roaming\wklnhst.dat
2009-06-24 04:10 . 2008-07-07 18:44 -------- d-----w- c:\users\Christina\AppData\Roaming\LimeWire
2009-06-23 17:44 . 2007-11-18 11:28 -------- d-----w- c:\program files\Java
2009-06-23 12:59 . 2007-11-18 11:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 12:56 . 2008-07-12 02:46 -------- d-----w- c:\program files\The Learning Company
2009-06-20 16:23 . 2008-04-13 00:38 88328 ----a-w- c:\users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 07:38 . 2007-11-18 11:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-14 07:38 . 2008-04-13 02:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-03 22:07 . 2008-10-12 15:56 -------- d-----w- c:\program files\Common Files\Apple
2009-05-26 21:29 . 2008-06-25 08:14 -------- d-----w- c:\programdata\iWin Games
2009-05-16 13:52 . 2009-05-16 13:52 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 04:40 . 2009-05-10 01:26 -------- d-----w- c:\program files\GameMill Entertainment
2009-05-10 01:21 . 2009-05-10 01:20 -------- d-----w- c:\programdata\PopCap Games
2009-05-10 01:21 . 2009-04-06 00:52 -------- d-----w- c:\programdata\SpinTop Games
2009-05-10 01:21 . 2008-07-14 00:26 -------- d-----w- c:\program files\PopCap Games
2009-05-03 06:19 . 2009-05-03 06:19 -------- d-----w- c:\programdata\HP Product Assistant
2009-05-03 06:16 . 2009-05-03 06:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-03 06:16 . 2009-05-03 06:16 315392 ----a-w- c:\windows\HideWin.exe
2009-05-03 06:16 . 2009-05-03 06:16 -------- d-----w- c:\program files\Realtek
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\program files\Intel
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\users\Christina\AppData\Roaming\WinBatch
2009-04-10 18:46 . 2009-04-10 18:46 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2008-06-25 00:48 . 2008-06-25 00:48 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((((
SnapShot@2009-06-22_13.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-24 13:33 50692 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-06-22 12:56 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-24 13:33 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-13 01:22 . 2009-06-24 13:33 12380 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346018145-2267827550-2019775581-1000_UserData.bin
- 2008-04-13 00:14 . 2009-06-22 13:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-13 00:14 . 2009-06-24 13:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-13 00:14 . 2009-06-22 13:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-13 00:14 . 2009-06-24 13:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-06-24 13:36 604214 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 604214 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-24 13:36 105170 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 105170 c:\windows\System32\perfc009.dat
+ 2009-06-23 17:45 . 2009-06-23 17:44 148888 c:\windows\System32\javaws.exe
+ 2009-06-23 17:45 . 2009-06-23 17:44 144792 c:\windows\System32\javaw.exe
+ 2009-06-23 17:45 . 2009-06-23 17:44 144792 c:\windows\System32\java.exe
+ 2008-04-13 00:14 . 2009-06-24 13:30 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-30 278528]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-23 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]
c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)