GeekPolice
Welcome to GeekPolice.net!

GeekPolice is a website which provides free Computer Technical Support & Virus/Spyware Removal to our members.

You are currently viewing the forum as "Guest" which doesn't give you the same privilege as members to ask questions or post comments.

Click the Register button below to unlock the limitations of this website and start asking questions to discover new computer knowledge!

  • Usergroups
  • Search
  • Home
  • Search
  • Register
  • Log in
  • About GeekPolice
  • Tech Blog

cyber defender still in system and cant uninstall.

Post new topic   Reply to topic

GeekPolice :: Security :: Virus, Spyware & Malware Removal

Page 2 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Tue 03 Nov 2009, 7:32 am

yess it did cyberdefender its completely terminated. malwarebytes found 17 but when i click to remove it freezes and it doesnt finish. by the way can you give me an advice what would be the best AV?

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Tue 03 Nov 2009, 7:44 am

malware scanned the computuer for 7 hours and i disconnected the internet cable for it can have a better effect and when i click to clean n it froze , i tho it was part of the proccess so i left it there and when i came back 3 hours later it was stilll frozen. and it doesnt give me no log report

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Tue 03 Nov 2009, 10:02 am

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Tue 03 Nov 2009, 6:09 pm

BitDefender Online Scanner - Real Time Virus Report



Generated at: Tue, Nov 03, 2009 - 19:09:32


--------------------------------------------------------------------------------





Scan Info



Scanned Files
113945

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Tue 03 Nov 2009, 9:40 pm

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


==

Please include the CKScanner and Security Check logs in your next reply.

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Tue 03 Nov 2009, 10:16 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack.bat
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\fixlog.ini
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\master.ini
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\rchelper.exe
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\rcleaner.exe
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081013225705a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081013225816a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081014001437a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081014001533a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081014212848a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081018152942a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20081018153521a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090905024248a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090905024314a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090909044929a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090913073356a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090918233110a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20090922082400a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091002005054a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091011232506a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091013191851a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091025053034a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091028234519a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091028234807a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091030033018a.cab
c:\program files\bitlord\downloads\cleanmypc registry cleaner 4.02\crack\undocenter\20091101021648a.cab
c:\program files\jasc software inc\paint shop pro 8\presets\preset_fineleather_more cracks.pspscript
c:\program files\jasc software inc\paint shop pro 8\presets\preset_fineleather_small cracks.pspscript
c:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimage
c:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimage
c:\qoobox\quarantine\c\program files\cyberdefender\antispyware\includes\description\crackspider.txt.vir
scanner sequence 3.ZZ.11
----- EOF -----


sorrry security check did not give me a notepad or did not appear automatically

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Wed 04 Nov 2009, 12:25 am

Please try again. It would be useless to run it, if you do not have a log for me to read.

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Thu 05 Nov 2009, 3:08 am

i wasent able to get the log report from security check but i left the computer running for 2 days while offline, and i was able to get the malware log i hope this works for you.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/5/2009 2:21:19 AM
mbam-log-2009-11-05 (02-21-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 100582
Time elapsed: 8 hour(s), 0 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\102d40741.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\102d40741.dll (Hijack.Sound) -> Delete on reboot.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Delete on reboot.
C:\WINDOWS\system32\wship6.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Delete on reboot.

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Thu 05 Nov 2009, 10:07 am

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Please close all other applications running on your system.
  • Please double click GetSystemInfo.exe to open it.
  • Click the Settings button.
  • Set it to Maximum
  • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  • Uncheck Scan Ports.
  • Click Create Report to run it.
  • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Thu 05 Nov 2009, 2:16 pm

[You must be registered and logged in to see this link.]

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Thu 05 Nov 2009, 7:00 pm

Hold on tight. Some remnants of CyberDefender remain :blink:

Kaspersky GSI helped reveal some bad stuff.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\WINDOWS\MBR.exe
    C:\WINDOWS\PEV.exe
    C:\WINDOWS\system32\drivers\CDAVFS.sys
    C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\102d407419.exe
    C:\WINDOWS\sed.exe
    C:\WINDOWS\setpwrcg.exe
    C:\WINDOWS\grep.exe
    C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Jotti File Submission:
  • Please go to [You must be registered and logged in to see this link.]

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\zip.exe


  • Click on the submit button

  • Do the same for the following files:
    C:\WINDOWS\system32\dosx.exe
    C:\WINDOWS\system32\fastopen.exe
    C:\WINDOWS\_default.pif
    C:\WINDOWS\system32\exe2bin.exe
    C:\WINDOWS\system32\edlin.exe

  • Please post the results (Each URL) in your next reply.

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Thu 05 Nov 2009, 9:51 pm

ComboFix 09-11-05.01 - Administrator 11/05/2009 22:32.27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.709 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\commy.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-03 23:29 . 2009-11-03 23:29 -------- d-----w- c:\program files\Disney
2009-11-03 21:48 . 2009-11-04 23:06 -------- d-----w- c:\windows\BDOSCAN8
2009-11-03 04:53 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 04:53 . 2009-11-03 04:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 04:53 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 08:02 . 2009-11-02 08:04 -------- d-----w- c:\windows\system32\Adobe
2009-11-02 05:53 . 2005-04-25 18:28 871040 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-11-02 05:53 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-02 05:53 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-01 07:46 . 2009-11-04 00:17 102032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-01 07:19 . 2009-11-01 07:19 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-01 01:37 . 2009-11-04 00:16 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-01 01:37 . 2009-11-01 01:37 -------- d-----w- c:\program files\MSBuild
2009-11-01 01:37 . 2009-11-01 01:37 -------- d-----w- c:\program files\Reference Assemblies
2009-10-31 08:18 . 2009-11-04 04:05 16384 ----a-w- c:\documents and settings\NetworkService\Application Data\Macromedia\Common\102d407419.exe
2009-10-30 09:46 . 2008-04-15 15:17 295424 ------w- c:\windows\system32\dllcache\termsrv.dll
2009-10-30 06:38 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-30 06:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-30 06:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-30 06:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-30 06:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-30 06:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-30 06:38 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-29 22:01 . 2009-10-29 22:01 -------- dc-h--w- c:\windows\ie8
2009-10-29 21:39 . 2009-10-29 21:39 -------- d-----w- c:\windows\Logs
2009-10-29 04:26 . 2009-10-29 04:26 -------- d-----w- c:\program files\MSXML 6.0
2009-10-29 01:24 . 2009-10-29 01:24 -------- d-----w- c:\program files\Alwil Software
2009-10-28 19:57 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-28 19:57 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-28 03:59 . 2009-11-05 07:22 16384 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Common\102d407419.exe
2009-10-28 03:37 . 2009-10-28 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Navnet_Solutions
2009-10-28 03:17 . 2009-10-28 03:44 -------- d-----w- c:\program files\NavNet
2009-10-22 10:39 . 2009-10-22 10:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Viewpoint
2009-10-19 17:06 . 2009-10-19 17:06 223232 ------w- c:\windows\system32\wksprt.exe
2009-10-19 17:06 . 2009-10-19 17:06 223232 ------w- c:\windows\system32\dllcache\wksprt.exe
2009-10-19 17:06 . 2009-10-19 17:06 46080 ------w- c:\windows\system32\TSWbPrxy.exe
2009-10-19 17:06 . 2009-10-19 17:06 46080 ------w- c:\windows\system32\dllcache\TSWbPrxy.exe
2009-10-19 17:06 . 2009-10-19 17:06 36864 ------w- c:\windows\system32\dllcache\tsgQec.dll
2009-10-19 17:06 . 2009-10-19 17:06 12800 ------w- c:\windows\system32\wksprtPS.dll
2009-10-19 17:06 . 2009-10-19 17:06 12800 ------w- c:\windows\system32\dllcache\wksprtPS.dll
2009-10-19 17:06 . 2009-10-19 17:06 1033728 ------w- c:\windows\system32\dllcache\mstsc.exe
2009-10-19 17:06 . 2009-10-19 17:06 44544 ------w- c:\windows\system32\MsRdpWebAccess.dll
2009-10-19 17:06 . 2009-10-19 17:06 44544 ------w- c:\windows\system32\dllcache\MsRdpWebAccess.dll
2009-10-19 17:06 . 2009-10-19 17:06 130560 ------w- c:\windows\system32\dllcache\aaclient.dll
2009-10-16 00:13 . 2009-10-16 00:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-10-15 23:59 . 2009-10-15 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
2009-10-15 01:05 . 2009-10-15 02:07 -------- d-----w- c:\program files\Softick
2009-10-13 23:13 . 2009-11-04 20:58 35904 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 19:46 . 2009-10-13 19:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\GTek
2009-10-13 19:45 . 2009-10-13 19:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-10-13 19:33 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2009-10-13 19:33 . 2008-04-14 00:12 1033728 ------w- c:\windows\Explorer.exe
2009-10-13 19:33 . 2004-08-10 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-10-13 19:33 . 2004-08-10 10:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-10-13 02:48 . 2009-10-13 02:48 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-10-13 02:16 . 2009-10-13 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 04:47 . 2009-10-12 04:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-10-10 05:33 . 2009-10-15 23:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-10 00:53 . 2009-11-03 03:50 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-10-09 14:07 . 2009-10-09 14:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-09 14:07 . 2009-10-09 14:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 18:27 . 2005-07-27 23:06 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2009-11-05 18:27 . 2005-07-27 23:06 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2009-11-04 21:35 . 2005-07-27 23:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2009-11-03 04:19 . 2005-12-13 16:56 -------- d-----w- c:\program files\DL_cats
2009-10-29 07:24 . 2004-08-19 21:20 -------- d-----w- c:\program files\RGB
2009-10-19 17:06 . 2008-10-14 03:14 36864 ------w- c:\windows\system32\tsgQec.dll
2009-10-19 17:06 . 2004-08-19 21:01 1033728 ----a-w- c:\windows\system32\mstsc.exe
2009-10-19 17:06 . 2004-08-19 21:01 2689024 ----a-w- c:\windows\system32\mstscax.dll
2009-10-19 17:06 . 2008-10-14 03:10 130560 ------w- c:\windows\system32\aaclient.dll
2009-10-13 21:39 . 2005-07-27 23:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-10-03 06:54 . 2009-09-23 00:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-22 16:48 . 2009-09-22 16:48 -------- d-----w- c:\program files\MCS Studios
2009-09-22 15:57 . 2009-09-22 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 15:24 . 2009-09-22 15:21 -------- d-----w- c:\program files\Sagasoft
2009-09-22 15:01 . 2008-10-14 02:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-17 04:45 . 2009-09-17 04:45 -------- d-----w- c:\program files\Microsoft
2009-09-17 04:45 . 2009-09-17 04:44 -------- d-----w- c:\program files\Windows Live
2009-09-17 04:44 . 2009-09-17 04:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-17 04:42 . 2009-09-17 04:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-11 14:18 . 2004-08-19 20:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 10:50 . 2008-10-16 19:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:44 . 2009-10-29 21:41 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-10-29 21:41 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-10-29 21:41 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-10-29 21:41 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-10-29 21:41 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-10-29 21:41 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-10-29 21:41 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-10-29 21:41 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-19 20:49 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-19 20:50 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-11-03_01.39.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-14 03:14 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
- 2004-08-19 20:50 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
+ 2005-07-27 22:43 . 2001-08-18 00:35 36864 c:\windows\system32\sfman32.dll
- 2004-08-19 20:49 . 2009-11-01 22:02 69314 c:\windows\system32\perfc009.dat
+ 2004-08-19 20:49 . 2009-11-04 00:23 69314 c:\windows\system32\perfc009.dat
+ 2008-10-14 03:14 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\wship6.dll
+ 2005-07-27 23:06 . 2003-11-14 04:54 65536 c:\windows\system32\dllcache\a3d.dll
- 2005-07-27 23:06 . 2007-04-09 17:19 53932 c:\windows\system32\ctdaught.dat
+ 2005-07-27 22:43 . 2004-08-04 02:54 53932 c:\windows\system32\ctdaught.dat
+ 2005-07-27 23:06 . 2003-11-14 04:54 65536 c:\windows\system32\a3d.dll
+ 2009-01-05 20:44 . 2009-01-05 20:44 53248 c:\windows\bdoscandel.exe
+ 2009-11-03 21:49 . 2009-11-03 21:49 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2009-11-03 21:49 . 2009-11-03 21:49 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-11-03 21:49 . 2009-11-03 21:49 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-11-03 21:49 . 2009-11-03 21:49 45056 c:\windows\BDOSCAN8\avxdisk.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2005-07-27 22:43 . 2004-08-07 03:29 6656 c:\windows\system32\drivers\pfmodnt.sys
+ 2005-07-27 22:43 . 2004-07-13 20:11 6096 c:\windows\system32\drivers\ctprxy2k.sys
- 2009-11-01 07:44 . 2009-11-01 07:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-11-01 07:44 . 2009-11-01 07:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-19 20:49 . 2009-11-04 00:23 437470 c:\windows\system32\perfh009.dat
- 2004-08-19 20:49 . 2009-11-01 22:02 437470 c:\windows\system32\perfh009.dat
- 2004-08-19 20:57 . 2009-11-01 21:57 164320 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-19 20:57 . 2009-11-04 04:32 164320 c:\windows\system32\FNTCACHE.DAT
+ 2005-07-27 22:43 . 2004-07-13 20:15 148432 c:\windows\system32\drivers\haP16v2k.sys
+ 2005-07-27 22:43 . 2004-08-13 01:40 904752 c:\windows\system32\drivers\ha10kx2k.sys
+ 2005-07-27 22:43 . 2004-07-13 20:13 145488 c:\windows\system32\drivers\emupia2k.sys
+ 2005-07-27 22:43 . 2004-07-13 20:12 130288 c:\windows\system32\drivers\ctsfm2k.sys
+ 2005-07-27 22:43 . 2004-07-13 20:11 178672 c:\windows\system32\drivers\ctoss2k.sys
+ 2005-07-27 23:06 . 2003-11-13 07:11 333600 c:\windows\system32\drivers\ctdvda2k.sys
+ 2005-07-27 22:43 . 2004-08-06 20:43 366384 c:\windows\system32\drivers\ctaud2k.sys
+ 2005-07-27 22:43 . 2004-07-13 20:09 645360 c:\windows\system32\drivers\ctac32k.sys
+ 2005-07-27 22:43 . 2003-11-14 05:04 606208 c:\windows\system32\ctsblfx.dll
+ 2005-07-27 22:43 . 2004-08-13 01:52 264466 c:\windows\system32\ctsbas2w.dat
+ 2005-07-27 22:43 . 2004-08-13 01:52 140643 c:\windows\system32\ctbas2w.dat
+ 2005-07-27 22:43 . 2004-07-13 19:53 585728 c:\windows\system32\ctaudfx.dll
+ 2005-07-27 22:43 . 2003-11-14 05:02 114688 c:\windows\system32\commonfx.dll
+ 2009-11-04 21:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-04 21:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2009-01-05 20:44 . 2009-01-05 20:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 20:44 . 2009-11-03 21:49 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-05 20:44 . 2009-01-05 20:44 741376 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-05 20:44 . 2009-11-03 21:49 107800 c:\windows\BDOSCAN8\bdcore.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-19 20:49 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll
+ 2008-04-21 06:44 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-04 21:00 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-04 00:14 . 2009-11-04 00:14 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-04 00:15 . 2009-11-04 00:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-11-01 07:44 . 2009-11-01 07:44 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
.

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Thu 05 Nov 2009, 9:52 pm

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
"WAB"="c:\documents and settings\Administrator\Application Data\Macromedia\Common\102d407419.exe" [2009-11-05 16384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
"dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
"HostManager"="c:\program files\Common Files\AOL\1134621263\ee\AOLSoftware.exe" [2007-10-08 41824]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-7-27 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134621263\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134621263\\ee\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\Program Files\\Disney\\Disney Online\\PiratesOnline\\Launcher1.exe"=
"c:\\Program Files\\Disney\\Disney Online\\PiratesOnline\\Pirates.exe"=
"c:\\Program Files\\Disney\\Disney Online\\PiratesOnline\\Pirates_Online.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 aswArKrn;aswArKrn;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [?]
S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [8/6/2009 7:09 PM 67424]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,5c,8d,03,37,4c,d2,4d,aa,20,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,5c,8d,03,37,4c,d2,4d,aa,20,0e,\

[HKEY_USERS\S-1-5-21-3835334267-1934715317-2934981272-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,9c,5d,7b,36,8f,3b,41,b2,20,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,9c,5d,7b,36,8f,3b,41,b2,20,90,\

[HKEY_USERS\S-1-5-21-3835334267-1934715317-2934981272-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C1A580A-4BAD-8BC4-F5E5-BF4C87F6657D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pamofejndooopfiopnnejpgkhebaepfa"=hex:6b,61,68,6c,6a,6e,64,6c,66,6f,70,63,65,
6b,69,63,63,66,66,65,6b,69,00,00
"oacpjgecpodccglbknncijmgeniaed"=hex:6b,61,68,6c,6a,6e,64,6c,66,6f,70,63,65,6b,
69,63,63,66,66,65,6b,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-06 22:47
ComboFix-quarantined-files.txt 2009-11-06 03:46
ComboFix2.txt 2009-11-03 01:41
ComboFix3.txt 2009-11-02 23:52
ComboFix4.txt 2009-11-02 06:03
ComboFix5.txt 2009-11-06 03:31

Pre-Run: 216,214,364,160 bytes free
Post-Run: 216,484,184,064 bytes free

- - End Of File - - 4C9FE10BBECAA0D1BF4CBBDE0DDFB6E7

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by HoldR4D on Thu 05 Nov 2009, 9:59 pm

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]

HoldR4D

Rookie Surfer
Rookie Surfer

Posts: 50
Joined: 2009-10-03
Operating System: windows XP

View user profile

Back to top Go down

Re: cyber defender still in system and cant uninstall.

Post by DragonMaster Jay on Fri 06 Nov 2009, 8:06 am

Good. Now I would like to make sure your other system files are not damaged, and make sure that CyberDefender file I found in the log is gone:

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    CDAVFS.sys
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

______________________________


[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

DragonMaster Jay

Moderator | Tech Staff
Moderator | Tech Staff

Posts: 2126
Joined: 2009-09-06
Operating System: Windows 7 Ultimate 32-Bit

View user profile http://www.twitter.com/dragonmasterjay

Back to top Go down

Page 2 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Back to top

Post new topic   Reply to topic

GeekPolice :: Security :: Virus, Spyware & Malware Removal

Permissions of this forum:
You cannot reply to topics in this forum