1. For the ESET scan, as soon as it started scanning, I unplugged the internet connection on purpose. I hope that did not mess the results up, but I am pleased to say that there have been nothing found. Is there anything else I can do to ensure that I am rid of most, if not all, malware? Your help has been very appreciated and I am amazed at how you break down the lengthy logs.
I've previously pointed out that if I view the service tab in MSCONFIG and press OK, I'll be prompted with a Access Denied Error. Also, I changed my Start Menu icons to menus instead of being links, but it did not save on reboot. I am inclined to think that either I did not reboot properly when I had just changed the menu settings(I do recall my computer being stuck during bootup once) or that me tampering with the registry (allowed permissions) to uninstall an old version of Adobe Reader that previously would not uninstall itself because of registry access issues has locked it?
2. ComboFix 10-06-21.01 - A2Z 22/06/2010 0:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT -4:00]
Running from: c:\documents and settings\A2Z\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\A2Z\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\windows\system32\t6Ts2p4X.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\t6Ts2p4X.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.
2010-06-21 23:52 . 2010-06-21 23:52 193344 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-21 19:53 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 02:49 . 2010-06-19 02:49 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-19 02:01 . 2010-06-19 02:01 -------- d-----w- c:\program files\ERUNT
2010-06-18 07:19 . 2010-06-18 07:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-18 01:44 . 2010-06-18 01:44 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-18 01:44 . 2010-06-18 01:44 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-18 01:44 . 2010-06-18 01:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-17 19:32 . 2010-06-19 06:35 -------- d-----w- c:\program files\ATI Tray Tools
2010-06-17 18:46 . 2010-02-11 01:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-06-17 18:45 . 2010-06-17 19:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-17 18:39 . 2010-06-17 18:40 -------- d-----w- c:\program files\Driver Cleaner Pro
2010-06-17 18:15 . 2010-06-17 18:16 -------- d-----w- c:\program files\Driver Sweeper
2010-06-17 16:01 . 2010-06-17 16:01 62633 ----a-w- c:\windows\prio197uninstall.exe
2010-06-17 15:56 . 2010-06-17 15:56 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\In The Money
2010-06-17 15:07 . 2010-06-22 04:39 -------- d-----w- c:\program files\muBlinder
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\DIFX
2010-06-17 14:31 . 2010-06-17 14:31 -------- d-----w- c:\program files\USB TV
2010-06-17 14:31 . 2009-02-04 02:31 170496 ----a-w- c:\windows\system32\drivers\atinavt2.sys
2010-06-17 10:14 . 2010-06-17 10:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-16 10:01 . 2010-06-16 10:01 -------- d-----w- c:\documents and settings\A2Z\Application Data\Blitware
2010-06-09 10:44 . 2010-06-09 10:44 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\PunkBuster
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Temp
2010-06-09 08:00 . 2010-06-09 08:00 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\Equilab
2010-06-07 04:51 . 2010-06-07 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-01 04:23 . 2010-06-01 04:23 -------- d-----w- c:\documents and settings\A2Z\Local Settings\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\windows\system32\QuickTime
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-06-01 04:22 . 2010-06-01 04:22 -------- d-----w- c:\program files\TechSmith
2010-05-23 21:44 . 2010-05-06 04:01 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 05:01 . 2009-10-25 03:22 -------- d-----w- c:\documents and settings\A2Z\Application Data\Skype
2010-06-22 04:04 . 2009-12-09 00:44 -------- d-----w- c:\documents and settings\A2Z\Application Data\FrostWire
2010-06-21 20:13 . 2010-01-02 02:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-21 20:08 . 2009-10-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-21 18:25 . 2007-09-06 20:15 46208 ----a-w- c:\windows\system32\drivers\jraid.sys
2010-06-21 01:18 . 2007-09-07 19:24 -------- d-----w- c:\program files\DivX
2010-06-20 02:25 . 2007-09-06 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 23:48 . 2007-09-07 19:28 -------- d-----w- c:\program files\Java
2010-06-19 21:11 . 2007-09-06 19:50 70920 ----a-w- c:\documents and settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-19 06:59 . 2008-03-03 05:43 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-19 05:41 . 2009-11-30 07:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 05:11 . 2008-03-27 04:03 -------- d-----w- c:\documents and settings\A2Z\Application Data\uTorrent
2010-06-18 02:30 . 2008-03-02 09:55 -------- d-----w- c:\program files\CCleaner
2010-06-17 18:46 . 2007-09-06 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-17 18:24 . 2009-08-20 01:11 -------- d-----w- c:\documents and settings\A2Z\Application Data\ATI
2010-06-17 11:04 . 2010-06-17 11:04 63488 ----a-w- c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-15 03:48 . 2009-11-29 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-09 09:28 . 2010-06-09 09:28 139152 ----a-w- c:\documents and settings\A2Z\Application Data\PnkBstrK.sys
2010-06-07 04:56 . 2010-06-07 04:56 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-07 04:56 . 2010-06-07 04:56 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-07 04:56 . 2010-06-07 04:56 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-07 04:55 . 2010-06-07 04:55 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-07 04:54 . 2010-06-07 04:54 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-07 04:54 . 2010-02-01 01:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-07 04:51 . 2010-06-07 04:56 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-07 04:51 . 2010-06-07 04:51 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-07 04:51 . 2010-06-07 04:56 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-30 01:06 . 2009-02-24 23:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-30 01:02 . 2008-03-27 04:03 -------- d-----w- c:\program files\uTorrent
2010-05-23 22:34 . 2010-05-23 22:34 48388 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-23 22:34 . 2010-02-28 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-05-06 10:41 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 01:07 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-11-29 08:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-29 08:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2007-09-07 19:24 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-04-27 18:40 . 2007-09-07 19:24 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2007-09-07 19:24 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-09-07 19:24 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-04-20 05:30 . 2004-08-04 01:07 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-03-01 06:51 . 2008-03-01 06:51 5240347 -csha-w- c:\windows\PAHud-Install-v1.18.exe
2009-12-21 05:25 . 2009-05-15 07:40 170610976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-21 05:25 . 2009-05-15 07:40 4341536 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AtiTrayTools"="c:\program files\ATI Tray Tools\atitray.exe" [2010-04-22 883200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-07-04 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-07-04 1953792]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"muBlinder"="c:\program files\muBlinder\muBlinder.exe" [2010-02-24 1462784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\prio.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^A2Z^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\A2Z\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2009-07-04 07:40 299008 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 14:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-07-04 07:43 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\A2Z\\Desktop\\utorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/11/2007 7:47 PM 722416]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [20/05/2010 7:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [20/05/2010 7:44 PM 173104]
R1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [22/04/2010 12:15 AM 19232]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [20/05/2010 7:44 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/10/2009 10:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 10:24 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [20/05/2010 7:44 PM 116784]
R2 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22/05/2010 2:16 PM 691248]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29/11/2009 4:24 AM 304464]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [20/05/2010 7:44 PM 126392]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [13/03/2009 6:50 AM 65536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/06/2010 5:17 AM 102448]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [06/09/2007 2:59 PM 4544]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [18/06/2010 6:06 PM 331640]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [17/02/2009 10:44 PM 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29/11/2009 4:23 AM 20952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [06/09/2007 9:59 PM 38656]
S3 B-Service;B-Service;c:\documents and settings\A2Z\Application Data\Mikogo\B-Service.exe [15/01/2010 5:07 PM 185640]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 AM 11336]
S3 fsfilter;Fighting Stick Filter Driver;c:\windows\system32\drivers\fsfilter.sys [28/02/2009 8:06 PM 4992]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 12:24 AM 6656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [08/08/2005 2:44 PM 6640]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 10:24 PM 12872]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 10:31 AM 44928]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-06-21 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\BoostSpeed\cdefrag.exe [2009-07-04 18:54]
2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
mWindow Title =
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download All Files by HiDownload
IE: Download by HiDownload
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: live.com\onecare
Trusted Zone: microsoft.com\www.update
TCP: {E5B762EC-A66A-450B-8639-611B22592849} = 192.168.2.1
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} - hxxp://www.tanhoalap.blogdns.com/AVC_AX_DVR.cab
FF - ProfilePath - c:\documents and settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - c:\windows\system32\t6Ts2p4X.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-22 01:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spqi.sys >>UNKNOWN [0x8A881938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> atapi.sys @ 0xb9dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1214440339-1532298954-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\A2Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\program files\ATI Tray Tools\raphook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-06-22 01:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 05:08
ComboFix2.txt 2010-06-21 19:01
Pre-Run: 210,861,359,104 bytes free
Post-Run: 211,044,470,784 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - AC521127F474AB97DEAFBF66887C652D
3. Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4223
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
22/06/2010 1:23:30 AM
mbam-log-2010-06-22 (01-23-30).txt
Scan type: Quick scan
Objects scanned: 161301
Time elapsed: 6 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
4. ESET Scan did not find anything, thus, no log produced.
5. OTL logfile created on: 22/06/2010 3:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\A2Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 220.87 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMZ
Current User Name: A2Z
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/22 00:20:00 | 000,883,200 | ---- | M] (Ray Adams) -- C:\Program Files\ATI Tray Tools\atitray.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/04/11 02:30:25 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/03/13 06:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 14:49:00 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (
http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
========== Modules (SafeList) ========== MOD - [2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/12/14 06:12:00 | 000,187,904 | ---- | M] () -- C:\Program Files\ATI Tray Tools\raphook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/02/09 05:25:18 | 000,010,264 | ---- | M] (O&K Software) -- C:\WINDOWS\system32\prio.dll
========== Win32 Services (SafeList) ========== SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/01/15 17:07:42 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\A2Z\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/04 03:51:48 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbtcoms.exe -- (lxbt_device)
SRV - [2009/07/04 03:39:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2009/04/11 02:30:25 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2007/11/29 02:27:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (
http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2010/06/15 05:42:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/28 22:56:54 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 22:56:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100617.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 14:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100522.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/10 19:31:17 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100621.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 19:31:16 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100621.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 00:15:04 | 000,019,232 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/05 22:08:56 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/05 22:08:56 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/21 21:08:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/30 05:42:37 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/05 18:06:13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/26 22:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/04 03:51:36 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/04/11 02:30:25 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/03 22:31:16 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2008/05/06 02:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/03/15 10:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2007/03/10 14:29:56 | 000,004,992 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fsfilter.sys -- (fsfilter)
DRV - [2006/11/08 21:19:18 | 000,004,544 | ---- | M] (SweetLow) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusbf.sys -- (hidusbf)
DRV - [2006/10/18 15:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/02/07 15:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/12/26 00:24:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LtcyCfgWDM.sys -- (LtcyCfgWDM)
DRV - [2005/09/21 04:26:36 | 000,006,656 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2005/09/21 04:25:40 | 000,012,800 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2005/08/08 14:44:04 | 000,006,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MouseCap.sys -- (MouseCap)
DRV - [2005/08/06 15:13:12 | 000,009,661 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Moufiltr.sys -- (Moufiltr)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/12/24 00:43:38 | 000,253,440 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ca.yahoo.com/?fr=fp-yie8IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.yahoo....r=ytff-tyc8&p="FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "
http://www.yahoo.ca"FF - prefs.js..extensions.enabledItems:
[email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.30
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..keyword.URL: "
http://ca.search.yah...h?fr=mcafee&p="FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 23:55:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/17 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:19:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/19 22:25:10 | 000,000,000 | ---D | M]
[2009/05/02 22:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Extensions
[2009/05/02 22:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Extensions\
[email protected][2010/06/19 02:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions
[2010/06/18 03:02:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/14 08:07:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/04 00:06:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/29 02:11:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/20 23:59:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/30 01:12:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/09 05:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\
[email protected][2009/10/31 23:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A2Z\Application Data\Mozilla\Firefox\Profiles\46v7wbhc.default\extensions\
[email protected][2010/06/19 19:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/18 03:19:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/01/27 16:59:42 | 000,018,432 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npBattlerapPlugin2.dll
[2010/06/18 03:19:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/12/20 23:59:22 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/06/22 00:59:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [muBlinder] C:\Program Files\muBlinder\muBlinder.exe (KRX)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F}
http://www.tanhoalap.../AVC_AX_DVR.cab (CV781Object Object)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}
http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
http://www.symantec....abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx2.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565}
http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1259483285171 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7}
http://appdirectory....ap/PhtPkMSN.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125}
http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}
http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848}
http://www.donkr.com...geUploader4.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\prio.dll) - C:\WINDOWS\system32\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/06 14:33:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/28 22:33:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)
========== Files/Folders - Created Within 30 Days ========== [2010/06/22 03:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/22 03:28:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/22 00:52:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/21 15:53:25 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/21 14:36:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/21 14:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/21 14:36:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/21 14:36:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/21 14:33:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/21 14:22:32 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\A2Z\Desktop\tdsskiller.exe
[2010/06/21 12:47:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
[2010/06/21 12:43:39 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\A2Z\Desktop\windows-kb890830-v3.8.exe
[2010/06/19 00:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/19 00:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/18 22:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/18 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/18 22:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/18 21:18:56 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\TFC.exe
[2010/06/18 03:19:20 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/18 03:19:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/18 03:19:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/18 03:19:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/18 03:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\Downloads
[2010/06/17 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Tray Tools
[2010/06/17 14:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/06/17 14:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2010/06/17 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2010/06/17 11:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\In The Money
[2010/06/17 11:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\muBlinder
[2010/06/17 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/17 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\USB TV
[2010/06/17 10:31:01 | 000,170,496 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinavt2.sys
[2010/06/17 10:31:01 | 000,106,496 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atinppt2.ax
[2010/06/17 06:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/06/16 06:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Application Data\Blitware
[2010/06/09 06:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\PunkBuster
[2010/06/09 06:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\EA SPORTS FIFA Online
[2010/06/09 05:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\FIFAOnlineSetup
[2010/06/09 04:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\Temp
[2010/06/09 04:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\Equilab
[2010/06/07 00:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/01 00:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\Local Settings\Application Data\TechSmith
[2010/06/01 00:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A2Z\My Documents\Camtasia Studio
[2010/06/01 00:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/06/01 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/06/01 00:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/06/01 00:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/23 17:44:24 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
========== Files - Modified Within 30 Days ========== [2010/06/22 04:00:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8825A66C-7C4C-45E0-BB90-454FA438416D}.job
[2010/06/22 03:20:08 | 021,757,952 | ---- | M] () -- C:\Documents and Settings\A2Z\NTUSER.DAT
[2010/06/22 03:01:10 | 000,000,379 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/22 03:01:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/22 03:01:10 | 000,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/22 00:59:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/22 00:58:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 00:58:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/22 00:57:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\A2Z\ntuser.ini
[2010/06/22 00:47:15 | 003,717,720 | R--- | M] () -- C:\Documents and Settings\A2Z\Desktop\ComboFix.exe
[2010/06/21 20:04:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/21 17:51:16 | 000,000,608 | ---- | M] () -- C:\WINDOWS\prio.ini
[2010/06/21 16:24:48 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\Microsoft\Internet Explorer\Quick Launch\Holdem Manager.lnk
[2010/06/21 16:13:34 | 001,562,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/21 16:09:06 | 000,675,908 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/21 16:08:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 16:02:12 | 000,494,358 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/21 16:02:12 | 000,436,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/21 16:02:12 | 000,069,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 15:49:10 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\jraid.sys
[2010/06/21 13:38:30 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\A2Z\Desktop\tdsskiller.exe
[2010/06/21 12:41:48 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\SecurityCheck.exe
[2010/06/21 12:41:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\OTL.exe
[2010/06/21 12:40:20 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\A2Z\Desktop\windows-kb890830-v3.8.exe
[2010/06/20 21:18:43 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\A2Z\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/20 20:21:27 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/06/20 01:06:34 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\dds.scr
[2010/06/19 22:25:14 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/19 21:12:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\dvtjc6y0.exe
[2010/06/19 17:11:02 | 000,070,920 | ---- | M] () -- C:\Documents and Settings\A2Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/19 00:44:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\gmer.zip
[2010/06/18 22:01:36 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\NTREGOPT.lnk
[2010/06/18 22:01:36 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\ERUNT.lnk
[2010/06/18 21:19:02 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A2Z\Desktop\TFC.exe
[2010/06/18 03:19:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/18 03:19:06 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/18 03:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/18 03:19:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/18 03:19:06 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/17 21:44:44 | 000,138,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/17 21:44:35 | 000,214,592 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/17 14:39:56 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\Driver Cleaner Pro.lnk
[2010/06/17 14:06:27 | 000,001,557 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/06/17 12:01:52 | 000,062,633 | ---- | M] () -- C:\WINDOWS\prio197uninstall.exe
[2010/06/17 12:01:52 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\prio.ini
[2010/06/13 01:34:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/09 08:24:25 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\winscp.rnd
[2010/06/09 05:29:18 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\EA SPORTS FIFA Online.lnk
[2010/06/09 05:29:18 | 000,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA SPORTS FIFA Online Portal.url
[2010/06/09 05:28:52 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\A2Z\Application Data\PnkBstrK.sys
[2010/06/09 03:59:52 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\A2Z\Desktop\Poker Evolution Equilab.lnk
[2010/06/07 00:55:50 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/07 00:55:30 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/01 00:22:31 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/05/29 21:06:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 17:43:54 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
========== Files Created - No Company Name ========== [2010/06/22 00:52:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/22 00:52:38 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/21 19:52:58 | 000,193,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/21 14:36:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/21 14:36:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/21 14:36:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/21 14:36:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/21 14:36:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/21 14:33:10 | 003,717,720 | R--- | C] () -- C:\Documents and Settings\A2Z\Desktop\ComboFix.exe
[2010/06/21 12:47:35 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\SecurityCheck.exe
[2010/06/20 19:51:41 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\dds.scr
[2010/06/19 22:25:12 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/19 21:12:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\dvtjc6y0.exe
[2010/06/19 00:44:03 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\gmer.zip
[2010/06/18 22:01:36 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\NTREGOPT.lnk
[2010/06/18 22:01:36 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\ERUNT.lnk
[2010/06/17 21:44:45 | 000,138,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/17 21:44:36 | 000,214,592 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/06/17 21:44:30 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/17 14:46:33 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/06/17 14:39:56 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\Driver Cleaner Pro.lnk
[2010/06/17 12:53:59 | 000,000,608 | ---- | C] () -- C:\WINDOWS\prio.ini
[2010/06/17 12:01:52 | 000,062,633 | ---- | C] () -- C:\WINDOWS\prio197uninstall.exe
[2010/06/17 12:01:52 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\prio.ini
[2010/06/17 10:31:01 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc01.cod
[2010/06/17 05:06:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics Console Defragmentation.job
[2010/06/09 09:03:53 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\A2Z\Desktop\EA SPORTS FIFA Online.lnk
[2010/06/09 06:44:56 | 000,214,592 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/09 05:29:18 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EA SPORTS FIFA Online Portal.url
[2010/06/09 05:28:52 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\A2Z\Application Data\PnkBstrK.sys
[2010/06/07 00:55:50 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/07 00:55:30 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/01 00:22:31 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/03/25 18:19:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Equilab.INI
[2010/03/01 23:48:31 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/30 20:32:52 | 000,015,121 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/11/29 11:09:58 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/21 00:40:08 | 000,000,117 | ---- | C] () -- C:\WINDOWS\n02.ini
[2009/03/08 03:30:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/02/17 22:44:42 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2008/11/09 03:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/03/02 00:09:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/11/11 23:29:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/11 20:10:03 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/11 19:47:57 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/07 00:11:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/10/07 00:11:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/10/06 23:41:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\lxbthwdf.dll
[2007/10/06 23:41:04 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lxbtcoin.dll
[2007/10/06 23:41:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbtsnls.dll
[2007/10/06 23:41:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbtvs.dll
[2007/10/06 23:41:04 | 000,001,832 | ---- | C] () -- C:\WINDOWS\System32\lxbtprod.ini
[2007/09/21 00:29:34 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\zlib1.dll
[2007/09/21 00:29:34 | 000,001,144 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ServUDaemon.ini
[2007/09/20 18:12:17 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/09/17 03:09:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/09/10 21:15:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/06 16:53:49 | 000,001,557 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/09/06 16:30:43 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/06 16:30:42 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/06 15:18:16 | 000,015,159 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/09/06 15:17:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/06 15:17:41 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/26 19:06:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/09 05:25:06 | 000,230,424 | ---- | C] () -- C:\WINDOWS\ptm_nt.dll
[2005/12/26 00:24:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys
[2005/08/08 14:44:04 | 000,006,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\MouseCap.sys
[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.* >[2009/12/21 01:28:10 | 000,061,304 | ---- | M] () -- C:\aaw7boot.log
[2008/03/17 23:55:27 | 000,020,650 | ---- | M] () -- C:\ASLog.txt
[2007/09/06 14:33:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/21 20:04:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/22 03:01:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/02/03 19:57:50 | 000,001,415 | ---- | M] () -- C:\cmdline.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/22 01:08:45 | 000,028,698 | ---- | M] () -- C:\ComboFix.txt
[2007/09/06 14:33:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/30 00:51:20 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2007/09/06 14:33:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/08 17:48:03 | 000,002,467 | ---- | M] () -- C:\moduleName.txt
[2007/09/06 14:33:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 21:07:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 03:33:36 | 000,250,048 | ---- | M] () -- C:\ntldr
[2009/08/14 07:50:38 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/14 07:50:38 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/03/02 21:21:57 | 000,017,621 | ---- | M] () -- C:\OngameGrab.txt
[2010/06/22 00:58:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/09/07 00:03:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/09/07 00:03:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/21 14:23:01 | 000,045,938 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_21.06.2010_14.22.53_log.txt
[2010/06/21 14:31:16 | 000,044,994 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_21.06.2010_14.31.09_log.txt
[2008/11/08 17:07:25 | 000,000,216 | ---- | M] () -- C:\temp.txt
[2009/01/06 22:40:31 | 000,000,044 | ---- | M] () -- C:\winamp.ini
[2008/10/24 23:00:19 | 000,000,004 | RHS- | M] () -- C:\WINOS.SYS
< %systemroot%\*. /mp /s > < %systemroot%\system32\user32.dll /md5 >[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\*.dll /lockedfiles >[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2009/11/28 22:39:00 | 003,932,160 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/29 03:04:05 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/11/28 22:39:00 | 046,399,488 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/28 22:39:00 | 008,126,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /180 >[2010/02/11 03:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2010/06/21 14:25:04 | 000,046,208 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/06/17 21:44:44 | 000,138,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/05/06 00:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/02/12 11:09:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBTPP5C.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
========== Files - Unicode (All) ==========[2009/08/14 08:07:32 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/08/14 08:07:32 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\?????????????????4????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䉜汥屬敂汬䤠瑮牥敮⁴敓畣楲祴匠牥楶散屳慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
========== Alternate Data Streams ========== @Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05A8628
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
Also included was another log from OTL entitled Extras.txt:
OTL Extras logfile created on: 22/06/2010 3:55:15 AM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\A2Z\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 196.52 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 220.87 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.71 Gb Free Space | 99.53% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMZ
Current User Name: A2Z
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\A2Z\Desktop\utorrent.exe" = C:\Documents and Settings\A2Z\Desktop\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04C12BEC-9AEB-4CBE-BACA-3174E1BA658B}" = Stox Combo
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E2DAB2F-5A2F-8F65-1006-30E94506B15D}" = Skins
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo Free MP4 Converter version 1.8.3.5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"{2D84D8F3-0499-4CC5-98A2-F9D5F31308DB}" = FIFA 2002
"{2F8BE683-EF69-4D18-9974-DB0C1832A516}" = ICM Trainer Light
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{393C1150-6EBF-D1DA-BDC2-3E1D1D772B44}" = Catalyst Control Center Graphics Full Existing
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{47EA4DDF-FD99-46B3-846C-9F3F315268AD}" = ICM Trainer
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5549BB30-79E7-448C-A672-0217FF493357}" = Federal Income Tax Collection - Canadian Tax Principles(with Views 4.7.1)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69580770-C77E-67FE-014F-BE02DF5D8A4F}" = ccc-core-preinstall
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS FIFA Online
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7448C481-9F9D-4F4F-88DB-FA5C5EA2E800}" = TMPGEnc Authoring Works 4
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.2.11
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A958E835-BDF0-473F-9DC1-0D952C941625}" = Spb Mobile DVD
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA9A7A5D-5976-3682-826C-CDE03A0DE33D}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D22D11A0-DF6A-4DE9-B6E2-62A8C5ECCDDE}" = RPS CRT
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D721F201-E316-0825-7D23-48C16939914F}" = ccc-utility
"{D8FD4D0D-E171-4FFC-91CE-BA38EEAC5E06}" = Sprite Backup
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB0A4FCC-87C7-4A59-95BE-B5C2F0D8CDD4}" = System Requirements Lab for Intel
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E07FEDF6-3E9E-2F4C-3734-15B839CC3CD3}" = Catalyst Control Center Graphics Light
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 8.1
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner (remove only)
"CeRegEditor_is1" = CeRegEditor PreRelease 0.0.3.1
"DivX Setup.divx.com" = DivX Setup
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.18.4
"HollywoodPoker" = HollywoodPoker.com (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"IsoBuster_is1" = IsoBuster 2.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.5 (Standard)
"Lexmark 5200 Series" = Lexmark 5200 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max DVD To AVI Converter_is1" = Max DVD To AVI Converter 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"mIRC" =
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Mp3 To All Converter_is1" = Mp3 To All Converter V1.37.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"NIS" = Norton Internet Security
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"Poker Tracker Version 2.17.03d_is1" = Poker Tracker Version 2.17.03d
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Prio" = Prio v1.9.7
"PRJPRO" = Microsoft Office Project Professional 2007
"rayatitray" = Ray Adams ATI Tray Tools
"RealAlt_is1" = Real Alternative 1.8.0
"RedKings Poker_is1" = RedKings Poker
"SopCast" = SopCast 3.0.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StarCraft II Beta" = StarCraft II Beta
"TVUPlayer" = TVUPlayer 2.4.9.1
"Veetle TV" = Veetle TV 0.9.16
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"winscp3_is1" = WinSCP 4.2.4 beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Poker Evolution Equilab" = Poker Evolution Equilab
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 21/06/2010 3:28:56 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:56 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:57 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:57 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:58 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:58 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:28:59 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:29:00 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:29:01 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
Error - 21/06/2010 3:29:01 PM | Computer Name = AMZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid.
[ System Events ]
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The PostgreSQL Database Server 8.3 service terminated unexpectedly.
It has done this 1 time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service terminated unexpectedly.
It has done this 1 time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The B's Recorder GOLD Library General Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).
Error - 22/06/2010 12:53:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 22/06/2010 12:58:50 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7000
Description = The Security Services Driver (x86) service failed to start due to
the following error: %%2
Error - 22/06/2010 12:58:53 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 22/06/2010 1:01:28 AM | Computer Name = AMZ | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).
< End of report >
6. I have not had the opportunity to test it, but will update on any further fishy activity.
Update: My Start Menu is fine, but my MSCONFIG is still giving me the ACCESS DENIED error when I click the service tab and press okay. I believe it to be a registry problem 'cause I altered it to allow the uninstallation of the old Adobe Reader 8.1.1 to uninstall. The uninstallation was halted by a similar notification that I did not have sufficient access rights to alter a key located in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. I recall, the permission user names only contained an adminstrator and my default account. Now, there seems to be a CREATOR OWNER, Power Users, SYSTEM. Also, one of my programs has trouble accessing the file info.ini located in C:\Documents and Settings\A2Z\Local Settings\Application Data\Equilab. The file itself is not a virus, but it strikes me as odd when Equilab displays this error: 'Encountered a sharing violation when accessing info.ini.' Sounds familiar, heh.
How do I uninstall ActiveX controls? I have installed BitDefender's ActiveX control (BDSCANONLINE Control), but I installed it poorly. It asked me to replace a file, but I didn't and while running the scan, it freezes on startup. I can only see IE8's option to disable, but not to remove it so I'm inclined to think that it was not installed correctly. Seeing as it was me who installed it, I should be able to remove it. It's located in C:\Windows\BDOSCAN8. Can I just delete the entire folder and restart? I've used Spybot to see whether its listed under ActiveX or BHO, but it doesn't seem to be. I can only see it in IE8's Add-On Manager.
It's a good thing to note that I can click on pictured links now though.
Thanks again, SweetTech.
Edited by Kalishnakov, 22 June 2010 - 10:01 AM.