ComboFix 10-09-16.04 - Administrator 09/16/2010 20:49:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.265 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\.#
c:\documents and settings\Administrator\Application Data\drvxslek32k
c:\documents and settings\Administrator\Application Data\drvxslek32k\config.ini
c:\documents and settings\Administrator\Application Data\drvxslek32k\drvxslek89k.exe
c:\documents and settings\Administrator\drvxslek89k.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Desktop Cleanup Wizard
c:\documents and settings\Administrator\Local Settings\Application Data\Desktop Cleanup Wizard\trz2BE7.tmp
c:\documents and settings\Administrator\services.exe
C:\hb_95.tmp
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Common Files\rqzq
c:\program files\Common Files\rqzq\rqzqd\class-barrel
c:\program files\Common Files\rqzq\rqzqd\vocabulary
c:\temp\tn3
c:\temp\vtmp2
c:\temp\vtmp2\ktnv33.log
c:\windows\cookies.ini
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\sstem~1
c:\windows\system32\02aogjnp.dat
c:\windows\system32\105772
c:\windows\system32\2tjggmte.dat
c:\windows\system32\7mjjqvdt.dat
c:\windows\system32\fccaxw.dll
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\mcrh.tmp
c:\windows\system32\Thumbs.db
E:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.
2010-09-16 15:32 . 2010-09-16 15:32 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-16 04:04 . 2010-09-16 04:04 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan
2010-09-16 03:52 . 2010-09-16 03:52 -------- dc----w- C:\log
2010-09-16 03:52 . 2010-09-16 03:52 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-16 03:09 . 2010-09-16 03:09 -------- d-----w- c:\program files\Trend Micro
2010-09-16 03:07 . 2010-09-17 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 01:01 . 2010-09-15 01:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-09-11 22:53 . 2010-09-11 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-09 01:32 . 2010-09-09 01:33 2788816 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-09-09 01:32 . 2010-09-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-09 01:32 . 2010-09-09 01:32 -------- d-----w- c:\program files\NOS
2010-09-09 01:32 . 2010-08-13 13:13 35136 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ja3wbwrz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-09 01:32 . 2010-08-13 13:13 32032 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ja3wbwrz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-08 02:42 . 2010-09-08 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\redistpart
2010-09-08 02:41 . 2010-09-08 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher
2010-09-08 02:41 . 2010-09-08 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2010-09-07 19:37 . 2010-09-07 19:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-09-07 19:29 . 2010-09-07 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-07 18:53 . 2010-09-07 18:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-07 18:48 . 2010-09-07 18:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-07 18:47 . 2010-09-08 13:53 -------- d-----w- c:\program files\Google
2010-09-07 18:47 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 18:47 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 18:47 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 18:47 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 18:47 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 18:47 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 18:47 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-07 18:46 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 18:46 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 18:46 . 2010-09-07 18:46 -------- d-----w- c:\program files\Alwil Software
2010-09-07 18:46 . 2010-09-07 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-07 17:37 . 2010-09-07 17:37 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-09-07 17:36 . 2010-09-08 12:21 -------- d-----w- c:\program files\CA
2010-09-07 17:36 . 2010-09-08 12:24 -------- d-----w- c:\windows\Internet Logs
2010-09-07 04:01 . 2010-09-17 01:01 2466 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\MediaConverter 4 Platinum\acforall.dll
2010-09-07 03:57 . 2010-09-07 03:57 9522504 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\video downloader_2.0.0.39_2.0.0.99.exe
2010-09-07 03:33 . 2010-09-07 03:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ArcSoft
2010-09-07 03:33 . 2010-09-10 00:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-09-07 03:32 . 2010-09-07 04:01 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-09-07 03:31 . 2010-09-07 03:31 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-09-06 20:46 . 2010-09-06 20:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sage Software, Inc
2010-09-06 14:53 . 2010-09-06 14:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-09-06 02:53 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-06 02:53 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-06 02:53 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-09-06 02:52 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-09-06 02:52 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-09-06 02:52 . 2010-09-06 02:52 -------- d-----w- c:\windows\Logs
2010-09-05 16:15 . 2010-09-05 16:15 -------- d-----w- c:\program files\Common Files\Intuit
2010-09-05 00:36 . 2010-09-05 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-09-04 23:31 . 2010-09-14 03:27 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-04 23:31 . 2010-09-05 06:59 88 --sh--r- c:\documents and settings\All Users\Application Data\812EEEC55D.sys
2010-09-04 23:31 . 2010-09-04 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\IsolatedStorage
2010-09-04 23:29 . 2003-08-28 18:08 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-09-04 23:29 . 2003-08-28 18:06 94208 ----a-w- c:\windows\system32\msvci70d.dll
2010-09-04 23:29 . 2004-03-22 16:09 733267 -c--a-w- C:\ADChronopher.dll
2010-09-04 23:29 . 2003-09-17 17:00 266327 -c--a-w- C:\ADErrorHandling.dll
2010-09-04 23:29 . 2010-09-04 23:29 -------- d-----w- c:\program files\Common Files\Protexis
2010-09-04 23:27 . 2010-09-04 23:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2010-09-04 23:13 . 2010-09-04 23:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACT
2010-09-04 18:35 . 2010-09-04 18:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\jZip
2010-09-04 18:35 . 2010-09-04 18:36 -------- d-----w- c:\program files\jZip
2010-09-04 18:05 . 2010-09-04 18:05 -------- d-----w- c:\program files\uTorrent
2010-09-04 18:04 . 2010-09-08 02:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-23 02:30 . 2010-08-23 02:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\GARMIN
2010-08-23 02:22 . 2010-08-23 02:22 -------- d-----w- c:\program files\Garmin
2010-08-23 02:18 . 2010-03-26 13:21 12255080 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ja3wbwrz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 00:58 . 2007-09-26 15:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-09-16 20:09 . 2008-07-12 11:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-09-16 04:41 . 2010-02-20 16:34 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 04:27 . 2010-06-17 13:52 -------- d-----w- c:\program files\DesignPro
2010-09-16 04:05 . 2010-08-10 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2010-09-16 04:05 . 2010-07-22 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-09-16 04:04 . 2010-08-02 17:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon
2010-09-16 02:59 . 2008-06-05 03:41 -------- d-----w- c:\program files\NeatReceipts Professional
2010-09-14 12:36 . 2007-05-09 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-10 00:28 . 2007-06-21 12:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-09-08 13:02 . 2005-01-07 21:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 13:02 . 2010-04-08 00:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Samsung
2010-09-08 12:58 . 2005-02-16 19:05 -------- d-----w- c:\program files\ArcSoft
2010-09-06 14:59 . 2006-07-13 15:59 155728 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 04:07 . 2005-01-07 23:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-05 16:15 . 2008-06-04 00:07 -------- d-----w- c:\program files\Common Files\NeatReceipts
2010-09-05 16:14 . 2008-06-04 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2010-09-05 16:10 . 2008-03-13 03:53 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-05 13:52 . 2009-05-02 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-09-05 13:20 . 2009-07-05 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-31 14:18 . 2010-07-12 00:57 452104 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.12\setup.exe
2010-08-23 02:22 . 2010-04-08 00:24 -------- d-----w- c:\program files\DIFX
2010-08-17 04:03 . 2007-10-25 21:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-03 00:09 . 2010-08-03 00:09 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 00:09 . 2007-09-26 15:41 -------- d-----r- c:\program files\Skype
2010-08-03 00:09 . 2007-09-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-24 03:48 . 2010-07-24 03:48 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2010-07-24 02:08 . 2010-07-24 02:08 249856 ------w- c:\windows\Setup1.exe
2010-07-24 02:08 . 2010-07-24 02:08 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-22 03:41 . 2008-04-01 22:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\DisplayTune
2010-07-22 03:37 . 2008-04-01 22:05 -------- d-----w- c:\program files\Portrait Displays
2010-07-22 03:37 . 2010-07-22 03:36 -------- d-----w- c:\program files\Common Files\Portrait Displays
2010-07-22 03:11 . 2010-07-22 03:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2010-07-22 03:11 . 2010-07-22 02:37 -------- d-----w- c:\program files\Canon
2010-07-22 03:09 . 2010-07-22 03:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2010-07-22 02:44 . 2010-07-22 02:44 -------- d-----w- c:\program files\Common Files\CANON
2010-07-22 02:40 . 2010-07-22 02:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-07-22 02:39 . 2010-07-22 02:39 -------- d--h--w- c:\program files\CanonBJ
2010-07-22 02:33 . 2010-07-22 02:33 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-22 01:55 . 2006-12-16 22:20 -------- d-----w- c:\program files\Common Files\HP
2010-07-22 01:53 . 2008-11-12 16:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-07-22 01:49 . 2006-07-02 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-07-22 01:44 . 2006-07-02 01:50 -------- d-----w- c:\program files\HP
2010-06-29 21:08 . 2010-04-28 20:57 439816 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.10\setup.exe
2005-05-27 03:45 . 2005-05-27 03:45 0 -c-h--w- c:\program files\AppUpdate.log
2003-08-27 22:19 . 2005-01-07 23:31 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll
[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 11:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 14:18 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk
backup=c:\windows\pss\Device Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk
backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dbruiq]
c:\windows\s?stem\l?gonui.exe [?]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Early Detection Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4800 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6400
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svconr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
2001-06-24 04:28 24576 ----a-w- c:\windows\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2004-08-11 01:21 258048 ----a-w- c:\windows\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2008-08-01 01:05 393216 ----a-w- f:\program files\ACT\Act for Windows\ActSage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2008-08-01 01:04 28672 ----a-w- f:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-07-22 17:38 88361 -c--a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossMenu]
2005-01-07 01:37 798720 ----a-w- c:\program files\Toshiba\CrossMenu\CrossMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-01-14 09:05 122939 ----a-w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2009-10-06 16:37 86016 ----a-w- c:\program files\Common Files\Portrait Displays\Shared\DT_Startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-08-24 08:18 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 23:56 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-02-07 12:36 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-02-07 12:39 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-21 08:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2006-08-02 04:32 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2006-08-02 04:38 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-07-30 14:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2003-09-26 19:43 184320 ------w- c:\program files\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-04 12:00 158208 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-09-22 21:10 1871872 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2004-12-17 04:09 933888 ----a-w- c:\program files\Toshiba\ConfigFree\NDSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
2006-05-04 20:59 40960 -c--a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2005-03-17 20:37 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2010-06-16 21:04 110192 ----a-w- c:\program files\Portrait Displays\Pivot Software\pivot_Startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2004-09-15 23:03 135168 ----a-w- c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 16:27 860160 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 17:11 1388544 -c--a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- f:\spybot - search & destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2002-06-18 04:01 155648 -c--a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 21:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVRemote]
2008-06-08 04:06 24576 ----a-w- c:\program files\SVRemote\USB20Remote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2005-04-26 03:10 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAcelMgr]
2004-12-16 19:56 90112 -c--a-w- c:\program files\Toshiba\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAudEffect]
2004-12-14 19:50 340032 ----a-w- c:\program files\Toshiba\TAudEffect\TAudEff.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
2004-12-01 05:26 118784 ----a-w- c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
2004-06-28 18:16 73728 ----a-w- c:\windows\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-04 12:27 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
2004-12-07 05:54 81920 -c--a-w- c:\program files\Toshiba\TME3\TMERzCtl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESBS.EXE]
2003-08-01 22:56 86016 ----a-w- c:\program files\Toshiba\TME3\tmesbs32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
2005-01-18 22:18 126976 ----a-w- c:\program files\Toshiba\TME3\TMESRV31.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2004-12-30 08:32 65536 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosRotation]
2004-12-14 03:25 266240 -c--a-w- c:\program files\Toshiba\TOSHIBA Rotation Utility\TRot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-01-22 02:00 126976 ----a-w- c:\program files\Toshiba\TouchED\TouchED.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2004-12-28 03:31 270336 ----a-w- c:\windows\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2004-12-28 03:32 110592 ----a-w- c:\windows\system32\TPSODDCtl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSkrMain]
2004-07-01 00:29 49152 -c--a-w- c:\program files\Toshiba\Acceleration Utilities\Shaker\TSkrMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2004-11-13 01:57 73728 -c--a-w- c:\program files\Toshiba\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-08-13 13:13 66112 ----a-w- c:\program files\NOS\bin\getPlus_Helper_3004.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-04 18:05 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
2003-11-18 22:34 155648 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)
"AOL ACS"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"gusvc"=3 (0x3)
"GBPoll"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"NSCService"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"OcHealthMon"=2 (0x2)
"OneCareMP"=2 (0x2)
"msfwsvc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"Tmesrv"=2 (0x2)
"Tmesbs"=2 (0x2)
"Swupdtmr"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NeatReceipts Database Controller"=2 (0x2)
"NBService"=3 (0x3)
"MSSQL$NR2007"=3 (0x3)
"MSSQL$MSSMLBIZ"=2 (0x2)
"McciCMService"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"DTSRVC"=2 (0x2)
"Basics Service"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"Thpsrv"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)
"DVD-RAM_Service"=2 (0x2)
"CFSvcs"=2 (0x2)
"idsvc"=3 (0x3)
"ICDSPTSV"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2908:UDP"= 2908:UDP:Windows Media Format SDK (firefox.exe)
"2909:UDP"= 2909:UDP:Windows Media Format SDK (firefox.exe)
"2910:UDP"= 2910:UDP:Windows Media Format SDK (firefox.exe)
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6/4/2009 8:30 PM 40560]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 3:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [1/7/2005 6:25 PM 6144]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2010 2:47 PM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [1/26/2005 7:06 PM 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/7/2010 2:47 PM 17744]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [7/6/2010 10:35 PM 10384]
R2 MSSQL$ACT7;SQL Server (ACT7);f:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [7/21/2010 11:50 PM 109168]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [1/7/2005 5:47 PM 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [1/21/2005 3:18 PM 409984]
R3 TMicAry;Toshiba Audio Effect with MicArray;c:\windows\system32\drivers\TMicAry.sys [1/21/2005 3:18 PM 138240]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [1/7/2005 8:30 AM 13568]
S1 ip6fww;ip6fww;c:\windows\system32\drivers\ip6fww.sys --> c:\windows\system32\drivers\ip6fww.sys [?]
S2 ACT! Scheduler;ACT! Scheduler;f:\program files\ACT\Act for Windows\Act.Scheduler.exe [7/31/2008 9:04 PM 81920]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [11/10/2007 2:27 PM 20160]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 9:00 AM 17976]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/7/2010 8:24 PM 36608]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [8/10/2009 11:03 AM 11264]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [1/7/2005 2:03 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [7/31/2007 8:12 AM 163456]
S4 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 9:29 AM 29178224]
S4 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2/5/2008 1:03 PM 228480]
S4 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\tmesbs32.exe [1/26/2005 7:06 PM 86016]
S4 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [1/26/2005 7:06 PM 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 14:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950295924-644400325-4102557543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 23:56]
2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950295924-644400325-4102557543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 23:56]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ja3wbwrz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?rs=1
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ja3wbwrz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{E882C3F4-3399-4EAD-B068-40CB90C94FF2} - (no file)
BHO-{FD43BA40-74A9-7758-FF4F-0BA290EF1AB3} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-wvtstsaudio - fccaxw.dll
HKLM-Run-opoligaudio - fccaxw.dll
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
HKU-Default-Run-byvtrpaudio - fccaxw.dll
Notify-fccaBUOf - fccaBUOf.dll
MSConfigStartUp-*pod891 - c:\documents and settings\Administrator\pod891.exe
MSConfigStartUp-Acronis Toolbar Helper - c:\documents and settings\Administrator\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe
MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0a\AOL.EXE
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLCC - c:\program files\AOL Computer Check-Up\ACCAgnt.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-Apoint - c:\program files\Apoint2K\Apoint.exe
MSConfigStartUp-asam - c:\documents and settings\Administrator\Local Settings\Application Data\asam.exe
MSConfigStartUp-AutoStartNPSAgent - f:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-BellSouthAlertManager - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-bywuvwsys - byvuur.dll
MSConfigStartUp-byyvutaudio - cbyxyy.dll
MSConfigStartUp-cbxwxuaudio - cbyxyy.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ClamWin - g:\clamwin\bin\ClamTray.exe
MSConfigStartUp-CRMExpress scheduler - c:\program files\CRM-Express Free\CRMExpress.exe
MSConfigStartUp-ddabcbaudio - cbyxyy.dll
MSConfigStartUp-ddawvvaudio - cbyxyy.dll
MSConfigStartUp-ddbyabaudio - cbyxyy.dll
MSConfigStartUp-dddeecaudio - fccaxw.dll
MSConfigStartUp-Desktop Cleanup Wizard - c:\documents and settings\Administrator\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-drvxslek32k - c:\documents and settings\Administrator\Application Data\drvxslek32k\drvxslek89k.exe
MSConfigStartUp-efcabasys - byvuur.dll
MSConfigStartUp-efcbxxaudio - cbyxyy.dll
MSConfigStartUp-efdebxsys - byvuur.dll
MSConfigStartUp-fccbxwaudio - fccaxw.dll
MSConfigStartUp-FG_Monitor - c:\program files\Folder Guard Pro\FGKey.exe
MSConfigStartUp-geedcdaudio - fccaxw.dll
MSConfigStartUp-hgdbbysys - byvuur.dll
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1127333085\ee\AOLSoftware.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-iifgefsys - byvuur.dll
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-itype - c:\program files\Microsoft IntelliType Pro\itype.exe
MSConfigStartUp-jdihuaab - c:\documents and settings\Administrator\Local Settings\Application Data\evubaqakd\jayfqwwtssd.exe
MSConfigStartUp-jkjgefaudio - fccaxw.dll
MSConfigStartUp-ljgebasys - byvuur.dll
MSConfigStartUp-LSA Shellu - c:\documents and settings\Administrator\lsass.exe
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
MSConfigStartUp-mlkhecaudio - fccaxw.dll
MSConfigStartUp-mlkkigaudio - cbyxyy.dll
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Network Associates Error Reporting Service - c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe
MSConfigStartUp-nnkhedsys - byvuur.dll
MSConfigStartUp-nnkljiaudio - fccaxw.dll
MSConfigStartUp-nnmnliaudio - cbyxyy.dll
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
MSConfigStartUp-PE2CKFNT SE - f:\picture gear\ChkFont.exe
MSConfigStartUp-pmnmkjaudio - cbyxyy.dll
MSConfigStartUp-qopmlisys - byvuur.dll
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SfKg6wIP - c:\documents and settings\Administrator\Application Data\Microsoft\Windows\xucld.exe
MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
MSConfigStartUp-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
MSConfigStartUp-ssqpmmaudio - fccaxw.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
MSConfigStartUp-tuvtqoaudio - fccaxw.dll
MSConfigStartUp-tuvvvwaudio - cbyxyy.dll
MSConfigStartUp-Uniblue RegistryBooster2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
MSConfigStartUp-urromlsys - byvuur.dll
MSConfigStartUp-vttqqoaudio - cbyxyy.dll
MSConfigStartUp-xxvtutaudio - cbyxyy.dll
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
MSConfigStartUp-Zone Labs Client - c:\program files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
MSConfigStartUp-{122b6b53-5ea7-6575-ef26-fa6581e13e51} - c:\windows\system32\{65e7829c-59c0-4388-a3fd-25b127a26201}.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-16 21:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2950295924-644400325-4102557543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\4&32d50c2&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\Vid_046d&Pid_c517&MI_01&Col01\8&36288310&0&0000\LogConf]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\HID\WACF004&Col02\5&9092c02&0&0001\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\msi.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
e:\lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\System32\tabbtnu.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
.
**************************************************************************
.
Completion time: 2010-09-16 21:11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-17 01:11
Pre-Run: 23,664,197,632 bytes free
Post-Run: 24,285,949,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional (on Volume 1)"
- - End Of File - - A4AD6A36478BDA81CDB4F5EE494ACF40
Sign In
Create Account
