Jump to content

Need quick help after malware clean up please...

oogee

By oogee
in Resolved Malware Removal Logs

 Share

Recommended Posts

oogee

oogee

Posted
Posted

Hello,

A few weeks ago I got hit by some Java exploiting malware/virus *Win32/Cryptor* that installed nasty viruses and rootkits all over my PC and did so by exploiting Java *which I have uinstalled now* and turning off my firewall. I unhooked my modem as fast as I saw this happen but it was too late it had already installed all the junk in the computer. After A LOT of work I was able to remove the rootkit/virus and everything off my computer, however, a slight issue I've noticed now.

It appears some folders etc are locked now and "Access Denied" so avast can't even scan them.

I already know the drill of the logs after weeks of trying to remove the nasty rootkit/virus so here's the most current logs:

Win32KDiag Log

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point	   : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\nvidia icons\nvidia icons

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2004-08-04 01:56:52 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Found mount point	   : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point	   : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Finished!

SecurityCheck.exe Log:

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Antivirus

Windows Live OneCare safety scanner

Windows Live OneCare safety scanner

ProxyFirewall 1.0.4 Beta

avast! updated!

``````````````````````````````

Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner (remove only)

DH Driver Cleaner Professional Edition

Adobe Flash Player 10

Adobe Reader 9.1

``````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe

Alwil Software Avast4 ashServ.exe

Alwil Software Avast4 ashDisp.exe

Alwil Software Avast4 ashWebSv.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

ComboFix Log:

ComboFix 09-09-11.05 - Owner 12/09/2009  9:51.1.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3582.2908 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
[i] ADS - system32: deleted 12 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\My Documents\freshreg.reg
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\149154.msi
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-08-12 to 2009-09-12  )))))))))))))))))))))))))))))))
.

2009-09-12 02:18 . 2009-09-12 02:18	--------	d-----w-	c:\program files\Adobe Media Player
2009-09-11 22:20 . 2009-09-11 22:20	348940	----a-w-	c:\windows\uninstall Warsong_.exe
2009-09-11 22:20 . 2009-09-11 22:20	8447846	----a-w-	c:\windows\Warsong_.scr
2009-09-11 13:49 . 2009-09-11 13:49	--------	d-----w-	c:\documents and settings\Owner\Application Data\Leadertech
2009-09-11 13:46 . 2009-09-11 13:46	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-09-11 13:37 . 2009-09-11 13:37	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2009-09-07 00:34 . 2009-02-27 19:55	111992	----a-w-	c:\windows\system32\acaptuser32.dll
2009-09-06 18:26 . 2009-09-06 18:26	--------	d-----w-	c:\documents and settings\Owner\Application Data\SmartFTP
2009-09-06 18:25 . 2009-09-06 18:25	--------	d-----w-	c:\program files\SmartFTP Client
2009-09-06 17:21 . 2009-08-17 16:04	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-09-06 17:21 . 2009-08-17 16:04	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-09-06 17:21 . 2009-08-17 16:03	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-09-06 17:21 . 2009-08-17 16:05	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-09-06 17:21 . 2009-08-17 16:05	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-09-06 17:21 . 2009-08-17 16:02	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-09-06 17:21 . 2009-08-17 16:06	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-09-06 17:21 . 2009-08-17 16:06	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-09-06 17:21 . 2009-08-17 16:10	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-09-06 17:21 . 2009-09-06 17:21	--------	d-----w-	c:\program files\Alwil Software
2009-08-31 05:21 . 2009-09-11 13:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-08-31 05:19 . 2009-08-31 05:19	--------	d-----w-	c:\program files\Trend Micro
2009-08-31 05:09 . 2009-09-11 14:19	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-08-31 04:58 . 2009-08-31 04:58	--------	d-----w-	c:\program files\SanityCheck
2009-08-31 04:48 . 2009-09-10 21:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 04:48 . 2009-09-11 13:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-31 04:48 . 2009-09-10 21:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-31 04:39 . 2009-08-31 04:39	128352	----a-w-	c:\windows\system32\b2849.dll
2009-08-31 04:39 . 2009-08-31 04:39	54624	----a-w-	c:\windows\system32\b2849.sys
2009-08-31 02:48 . 2009-08-31 02:48	167936	----a-w-	c:\windows\system32\appmgmts.dll
2009-08-31 02:47 . 2009-08-31 02:47	180224	-c--a-w-	c:\windows\system32\dllcache\scecli.dll
2009-08-31 02:47 . 2009-08-31 02:47	180224	----a-w-	c:\windows\system32\scecli.dll
2009-08-31 01:25 . 2005-10-20 01:50	16384	----a-w-	c:\windows\system32\restart.exe
2009-08-31 01:25 . 2005-01-20 20:47	175616	----a-w-	c:\windows\system32\strings.exe
2009-08-31 01:25 . 2005-01-14 04:41	39184	----a-w-	c:\windows\system32\Ntrights.exe
2009-08-31 01:25 . 2005-01-14 04:41	11254	----a-w-	c:\windows\system32\locate.com
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\foot.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copy4ofrp.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copy5ofrp.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copyofrp.sys
2009-08-31 00:55 . 2009-08-31 00:55	34816	----a-w-	c:\windows\system32\drivers\copy3ofrp.sys
2009-08-31 00:45 . 2009-08-31 00:45	34816	----a-w-	c:\windows\system32\drivers\copy2ofrp.sys
2009-08-30 21:54 . 2009-08-30 21:54	128352	----a-w-	c:\windows\system32\c0119.dll
2009-08-30 21:54 . 2009-08-30 21:54	54624	----a-w-	c:\windows\system32\c0119.sys
2009-08-30 08:52 . 2009-03-08 04:23	30136	----a-w-	c:\windows\system32\drivers\rspSanity32.sys
2009-08-30 08:47 . 2009-08-30 08:47	128352	----a-w-	c:\windows\system32\9e21E.dll
2009-08-30 08:47 . 2009-08-30 08:47	54624	----a-w-	c:\windows\system32\9e21E.sys
2009-08-30 00:11 . 2008-06-20 00:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys
2009-08-29 23:26 . 2009-08-30 18:07	34592	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-08-29 23:26 . 2009-08-30 18:07	1304608	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-08-29 23:21 . 2009-08-30 17:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-29 20:35 . 2009-08-29 20:35	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-29 19:03 . 2009-08-29 19:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Subversion
2009-08-29 19:02 . 2009-08-29 19:02	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2009-08-29 17:26 . 2009-08-29 23:37	27656	----a-w-	c:\windows\system32\drivers\pxsec.sys
2009-08-29 17:26 . 2009-08-29 23:37	22024	----a-w-	c:\windows\system32\drivers\pxscan.sys
2009-08-29 17:26 . 2009-08-29 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-29 16:55 . 2009-08-31 04:37	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-08-29 16:29 . 2009-08-29 16:29	--------	d-----w-	C:\spoolerlogs
2009-08-29 16:29 . 2009-08-29 16:29	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2009-08-29 05:09 . 2009-08-29 05:09	86016	----a-w-	c:\windows\system32\frapsvid.dll
2009-08-26 04:47 . 2009-08-26 04:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-26 03:33 . 2009-09-11 03:36	--------	d-----w-	c:\program files\World of Warcraft Public Test
2009-08-23 04:03 . 2009-08-23 04:03	349156	----a-w-	c:\windows\uninstall Deathwin.exe
2009-08-23 04:03 . 2009-08-23 04:03	8655167	----a-w-	c:\windows\Deathwin.scr
2009-08-17 05:22 . 2009-08-17 05:22	--------	d-----w-	c:\documents and settings\Default User\Local Settings\Application Data\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 03:38 . 2008-04-27 00:55	--------	d-----w-	c:\program files\iCall
2009-09-12 02:31 . 2008-01-13 08:23	183264	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 02:21 . 2008-01-14 21:15	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-12 02:02 . 2008-08-18 17:47	--------	d-----w-	c:\documents and settings\Owner\Application Data\Download Manager
2009-09-11 14:10 . 2009-05-26 03:47	--------	d-----w-	c:\program files\PeerGuardian2
2009-09-11 13:49 . 2008-01-13 21:03	--------	d-----w-	c:\program files\Common Files\Logishrd
2009-09-11 13:49 . 2008-01-13 21:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-11 13:47 . 2008-01-13 10:47	--------	d-----w-	c:\program files\DivX
2009-09-11 13:42 . 2008-08-20 17:08	--------	d-----w-	c:\program files\BitComet
2009-09-07 17:40 . 2008-01-13 10:16	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-06 23:27 . 2008-03-10 21:40	--------	d-----w-	c:\documents and settings\Owner\Application Data\Publish Providers
2009-09-06 16:55 . 2008-04-06 08:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avg8
2009-08-31 05:55 . 2009-05-23 07:22	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2009-08-31 05:53 . 2008-05-25 03:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-31 05:53 . 2008-05-25 03:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 05:12 . 2008-04-13 18:26	69	----a-w-	c:\windows\RunSC.bat
2009-08-31 04:29 . 2008-05-19 05:09	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-08-30 18:07 . 2009-08-29 23:26	4316	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-08-30 18:07 . 2009-08-29 23:26	18548	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-08-30 08:46 . 2008-08-18 18:47	153104	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-08-29 19:58 . 2009-05-28 05:43	--------	d-----w-	c:\program files\PE Explorer
2009-08-29 16:57 . 2008-04-13 18:05	--------	d-----w-	c:\program files\SmartScan
2009-08-29 16:34 . 2008-01-14 09:39	--------	d-----w-	c:\documents and settings\Owner\Application Data\Azureus
2009-08-29 02:00 . 2009-03-04 07:43	--------	d-----w-	c:\documents and settings\Owner\Application Data\tor
2009-08-29 01:57 . 2009-03-04 07:42	--------	d-----w-	c:\documents and settings\Owner\Application Data\Vidalia
2009-08-29 01:50 . 2009-03-04 07:14	--------	d-----w-	c:\program files\ProxyFirewall
2009-08-26 03:52 . 2008-01-13 08:44	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2009-08-23 16:09 . 2008-05-04 08:56	--------	d-----w-	c:\program files\EVGA Precision
2009-08-18 00:36 . 2008-07-12 04:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-16 16:54 . 2009-04-26 18:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Watermark Factory
2009-08-12 00:31 . 2009-08-12 00:31	13016513	----a-w-	c:\windows\Ignis_th.scr
2009-08-09 22:23 . 2008-04-06 05:51	--------	d-----w-	c:\program files\PC Wizard 2008
2009-08-09 21:39 . 2008-01-13 08:44	--------	d-----w-	c:\program files\World of Warcraft
2009-08-09 21:39 . 2009-05-07 21:32	--------	d-----w-	c:\program files\WinHTTrack
2009-08-09 21:38 . 2008-01-13 10:26	--------	d-----w-	c:\program files\Winamp
2009-08-09 21:38 . 2009-04-26 18:59	--------	d-----w-	c:\program files\Watermark Factory 2
2009-08-09 21:38 . 2009-05-31 07:03	--------	d-----w-	c:\program files\VB Decompiler Lite
2009-08-09 21:37 . 2008-04-06 02:33	--------	d-----w-	c:\program files\SpeedFan
2009-08-09 21:33 . 2009-07-18 18:38	--------	d-----w-	c:\program files\Safari
2009-08-09 21:31 . 2009-05-15 05:28	--------	d-----w-	c:\program files\PADGen
2009-08-09 21:19 . 2009-06-08 08:06	--------	d-----w-	c:\program files\megui
2009-08-09 21:19 . 2008-01-13 07:25	--------	d-----w-	c:\program files\MagicISO
2009-08-09 21:19 . 2008-07-27 02:25	--------	d-----w-	c:\program files\MagicDisc
2009-08-09 21:15 . 2008-07-06 21:02	--------	d-----w-	c:\program files\CommView
2009-08-09 21:15 . 2008-04-13 21:33	--------	d-----w-	c:\program files\Common Files\Webroot Shared
2009-08-09 21:07 . 2008-01-14 09:39	--------	d-----w-	c:\program files\Azureus
2009-08-09 21:07 . 2008-01-16 06:50	--------	d-----w-	c:\program files\ATITool
2009-08-09 21:06 . 2008-06-24 02:13	--------	d-----w-	c:\program files\AIM6
2009-08-09 21:06 . 2008-06-11 02:07	--------	d-----w-	c:\program files\AIM
2009-08-09 21:04 . 2009-05-06 04:24	--------	d-----w-	c:\program files\Advanced JPEG Compressor
2009-08-09 20:15 . 2008-07-09 08:28	--------	d-----w-	c:\program files\XP Codec Pack
2009-08-09 19:26 . 2008-02-07 22:43	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-08-09 19:24 . 2009-05-31 16:07	--------	d-----w-	c:\program files\Screensaver Factory 5 Enterprise
2009-08-09 19:24 . 2008-07-09 06:55	--------	d-----w-	c:\program files\ReNamer
2009-08-09 19:14 . 2008-03-30 21:46	--------	d-----w-	c:\program files\Driver Cleaner Pro
2009-08-09 07:49 . 2009-05-31 19:20	--------	d-----w-	c:\documents and settings\Owner\Application Data\TortoiseSVN
2009-08-09 06:56 . 2009-08-09 06:56	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2009-08-09 06:56 . 2009-08-09 06:56	--------	d-----w-	c:\program files\TortoiseSVN
2009-08-09 04:02 . 2009-08-09 04:02	--------	d-----w-	c:\program files\Sony
2009-08-09 03:48 . 2009-05-28 03:57	--------	d-----w-	c:\documents and settings\Owner\Application Data\4Media Software Studio
2009-08-09 03:48 . 2009-05-28 03:56	--------	d-----w-	c:\program files\4Media
2009-08-05 09:01 . 2003-03-31 19:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 00:49 . 2008-12-28 07:25	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-08-01 21:38 . 2009-08-01 21:02	--------	d-----w-	c:\documents and settings\Owner\Application Data\Eltima Software
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\program files\AGEIA Technologies
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-29 16:15 . 2008-07-12 05:00	--------	d-----w-	c:\program files\Common Files\Merge Modules
2009-07-20 19:26 . 2009-03-07 17:15	84496	----a-w-	c:\windows\system32\KemXML.dll
2009-07-20 19:26 . 2009-03-07 17:15	117264	----a-w-	c:\windows\system32\KemWnd.dll
2009-07-20 19:26 . 2009-03-07 17:15	145936	----a-w-	c:\windows\system32\KemUtil.dll
2009-07-20 19:26 . 2009-03-07 17:15	170512	----a-w-	c:\windows\system32\kemutb.dll
2009-07-20 19:25 . 2009-03-07 17:15	301656	----a-w-	c:\windows\system32\BtCoreIf.dll
2009-07-18 18:38 . 2009-07-18 18:38	119796	---ha-w-	c:\windows\system32\mlfcache.dat
2009-07-18 18:38 . 2009-05-29 05:24	--------	d-----w-	c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-17 19:01 . 2003-03-31 19:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 20:35 . 2009-07-14 20:35	2173472	----a-w-	c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35	3170304	----a-w-	c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34	4923392	----a-w-	c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34	168004	----a-w-	c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34	13877248	----a-w-	c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-08-01 17:12	485920	----a-w-	c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-01 17:12	7741664	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-08-01 17:09	2189856	----a-w-	c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-01 17:09	1706528	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-01 17:09	10457088	----a-w-	c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2009-08-01 17:09	868352	----a-w-	c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-08-01 17:09	2002944	----a-w-	c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-01 17:09	1597690	----a-w-	c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-08-01 17:09	151552	----a-w-	c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-08-01 17:09	151552	----a-w-	c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2008-10-03 03:12	5842816	----a-w-	c:\windows\system32\nv4_disp.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-7 813584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Keylogger Hunter.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Keylogger Hunter.lnk
backup=c:\windows\pss\Keylogger Hunter.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiKeyloggers"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Owner\\OctoshapeClient.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Zend\\Zend Studio for Eclipse - 6.1.2\\ZendStudio.exe"=
"c:\\ROFL (Blizz-Like) V2.0.0.1\\ROFL (Blizz-Like) V2.0.0.1\\Realm\\hearthstone-world.exe"=
"c:\\Program Files\\4Media\\HD Video Converter\\vcloader.exe"=
"c:\\Program Files\\4Media\\SWF Converter\\vcloader.exe"=
"c:\\AC Web Ultimate Repack\\trincore\\TrinityCore.exe"=
"c:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\AC Web MaNGOS Hybrid\\MaNGOS\\mangosd.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-to-0.2.2.10357-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizz Downloader 2: 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12802:TCP"= 12802:TCP:BitComet 12802 TCP
"12802:UDP"= 12802:UDP:BitComet 12802 UDP
"3306:TCP"= 3306:TCP:*:Disabled:mysql
"3306:UDP"= 3306:UDP:*:Disabled:mysql

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/08/2009 5:11 PM 28544]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/08/2009 10:26 AM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/08/2009 10:26 AM 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 10:21 AM 114768]
R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [06/07/2008 1:57 PM 36928]
R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [06/07/2008 1:57 PM 53312]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [06/07/2008 2:02 PM 24096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 10:21 AM 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [07/03/2009 10:16 AM 10384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [13/04/2008 2:20 PM 598856]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296]
S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?]
S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [30/08/2009 1:47 AM 54624]
S3 Apache2.2;Apache2.2;c:\www\Apache22\bin\httpd.exe [14/01/2008 2:49 AM 24631]
S3 b2849;b2849;c:\windows\system32\b2849.sys [30/08/2009 9:39 PM 54624]
S3 c0119;c0119;c:\windows\system32\c0119.sys [30/08/2009 2:54 PM 54624]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352]
S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [30/08/2009 5:45 PM 34816]
S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [30/08/2009 5:55 PM 34816]
S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [30/08/2009 5:56 PM 34816]
S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [30/08/2009 5:56 PM 34816]
S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [30/08/2009 5:56 PM 34816]
S3 cpuz129;cpuz129;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [06/07/2008 2:02 PM 19240]
S3 foot;foot;c:\windows\system32\drivers\foot.sys [30/08/2009 5:56 PM 34816]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 1:24 AM 6656]
S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\ET5\MARKFUN.W32 [10/01/2009 3:23 PM 17912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [30/08/2009 1:52 AM 30136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408]
S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [08/03/2009 7:09 PM 536896]
S4 ATZO;ATZO;c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe [?]
S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S4 D;D;c:\docume~1\Owner\LOCALS~1\Temp\D.exe --> c:\docume~1\Owner\LOCALS~1\Temp\D.exe [?]
S4 DPUK;DPUK;c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe --> c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe [?]
S4 KIG;KIG;c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe [?]
S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe [?]
S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe [?]
S4 RVQDJY;RVQDJY;c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe --> c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe [?]
S4 SB;SB;c:\docume~1\Owner\LOCALS~1\Temp\SB.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SB.exe [?]
S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe [?]
S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe --> c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab
DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806060_SUA_900\npoctoshape.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\ZendStudio.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\10.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-12 17:11

Pre-Run: 30,948,806,656 bytes free
Post-Run: 30,812,549,120 bytes free

566	--- E O F ---	2009-08-26 05:46

Will be posting RootRepeal log soon...I want to be able to remove the access denided to all these folders/files as it appears that based on Malwarebytes' Anti-Malware/SuperAntiSpyware and Avast Antivirus no viruses/trojans/rootkits are found.

Thank you in advance.

Link to post
Share on other sites
oogee

oogee

Posted
  • Author
Posted

Ok just finished hte RootRepeal scan, these are the locked API's i'm not sure how to fix this so they're not locked anymore.

RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:        2009/09/12 11:24

Program Version:        Version 1.3.5.0

Windows Version:        Windows XP SP3

==================================================


Hidden/Locked Files

-------------------

Path: C:\WINDOWS\mui\mui

Status: Locked to the Windows API!


Path: C:\WINDOWS\nvidia icons\nvidia icons

Status: Locked to the Windows API!


Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Status: Locked to the Windows API!


Path: C:\WINDOWS\PIF\PIF

Status: Locked to the Windows API!


Path: C:\WINDOWS\security\logs\logs

Status: Locked to the Windows API!


Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Status: Locked to the Windows API!


Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1025\1025

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1028\1028

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1031\1031

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1037\1037

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1041\1041

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1042\1042

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\1054\1054

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\2052\2052

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\3076\3076

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\3com_dmi\3com_dmi

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\export\export

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\inetsrv\inetsrv

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\dhcp\dhcp

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\ShellExt\ShellExt

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\wins\wins

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\xircom\xircom

Status: Locked to the Windows API!


Path: C:\WINDOWS\Registration\CRMLog\CRMLog

Status: Locked to the Windows API!


Path: C:\Program Files\Alwil Software\Avast4\DATA\aswAr.run

Status: Visible to the Windows API, but not on disk.


Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Status: Locked to the Windows API!


Path: C:\WINDOWS\Sun\Java\Deployment\Deployment

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\Adobe\update\update

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\oobe\sample\sample

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\wbem\snmp\snmp

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\drivers\disdn\disdn

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\mui\dispspec\dispspec

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\Macromed\update\update

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Status: Locked to the Windows API!


Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\wbem\mof\bad\bad

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\wbem\mof\good\good

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\spool\drivers\IA64\IA64

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\spool\drivers\x64\x64

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Status: Locked to the Windows API!


Path: C:\WINDOWS\PCHealth\HelpCtr\System\News\News

Status: Locked to the Windows API!


Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\sessionstore.js

Status: Could not get file information (Error 0xc0000008)


Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!


Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!


Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.cdf-ms

Status: Locked to the Windows API!


Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.manifest

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Status: Locked to the Windows API!


Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Status: Locked to the Windows API!

OTL Log:

OTL logfile created on: 12/09/2009 11:19:46 AM - Run 1

OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 6144 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 28.72 Gb Free Space | 12.33% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OWNER

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/08/06 17:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe

PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe

PRC - [2009/09/09 21:17:36 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/09/12 11:19:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/20 14:13:36 | 00,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2 [On_Demand | Stopped])

SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - File not found -- -- (ATZO [Disabled | Stopped])

SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])

SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - File not found -- -- (AVYTBJJMCCA [Disabled | Stopped])

SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])

SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped])

SRV - File not found -- -- (CSIScanner [Disabled | Stopped])

SRV - File not found -- -- (D [Disabled | Stopped])

SRV - File not found -- -- (DPUK [Disabled | Stopped])

SRV - [2009/09/11 19:11:33 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - File not found -- -- (KIG [Disabled | Stopped])

SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])

SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped])

SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])

SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])

SRV - [2009/04/01 15:53:18 | 06,574,720 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL [Disabled | Stopped])

SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])

SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2008/04/20 11:28:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])

SRV - [2008/04/20 11:29:55 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])

SRV - File not found -- -- (QLEOLYTKCKZRF [Disabled | Stopped])

SRV - File not found -- -- (QPKTDICDANJA [Disabled | Stopped])

SRV - File not found -- -- (RVQDJY [Disabled | Stopped])

SRV - File not found -- -- (SB [Disabled | Stopped])

SRV - [2009/02/07 03:08:16 | 00,536,896 | ---- | M] (My Privacy Tools, Inc.) -- C:\Program Files\Hide My IP 2009\SecureSrv.exe -- (SecureSrv [On_Demand | Stopped])

SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])

SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])

SRV - File not found -- -- (SUVGMVQKALG [Disabled | Stopped])

SRV - File not found -- -- (UserAccess7 [Disabled | Stopped])

SRV - [2008/01/18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])

SRV - [2008/04/17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])

SRV - File not found -- -- (WKBFSJCQH [Disabled | Stopped])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

SRV - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys -- (9e21E [On_Demand | Stopped])

DRV - [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])

DRV - [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running])

DRV - [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys -- (b2849 [On_Demand | Stopped])

DRV - [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys -- (c0119 [On_Demand | Stopped])

DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])

DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])

DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])

DRV - [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys -- (copy2ofrp [On_Demand | Stopped])

DRV - [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys -- (copy3ofrp [On_Demand | Stopped])

DRV - [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys -- (copy4ofrp [On_Demand | Stopped])

DRV - [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys -- (copy5ofrp [On_Demand | Stopped])

DRV - [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys -- (copyofrp [On_Demand | Stopped])

DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])

DRV - [2008/08/21 15:02:40 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])

DRV - [2008/08/21 15:03:18 | 00,532,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])

DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])

DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])

DRV - [2008/08/21 15:04:28 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])

DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped])

DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])

DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])

DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])

DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])

DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])

DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped])

DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])

DRV - [2008/08/21 15:06:40 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])

DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])

DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])

DRV - [2008/08/21 15:07:06 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2006/12/07 22:04:48 | 00,019,240 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\DRIVERS\cv2k1.sys -- (CV2K1 [On_Demand | Stopped])

DRV - [2008/08/21 15:08:06 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])

DRV - [2006/11/24 15:47:50 | 00,040,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped])

DRV - [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys -- (foot [On_Demand | Stopped])

DRV - [2009/01/10 14:48:26 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])

DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running])

DRV - [2008/08/21 15:08:56 | 00,797,720 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])

DRV - [2008/08/21 15:09:26 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])

DRV - [2008/08/21 15:09:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Running])

DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2007/09/29 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [boot | Running])

DRV - [2008/04/13 16:04:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])

DRV - [2009/06/17 09:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])

DRV - [2009/06/17 09:55:26 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])

DRV - [2008/12/19 00:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])

DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc [system | Stopped])

DRV - [2009/06/17 09:56:24 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])

DRV - [2005/12/26 01:24:00 | 00,006,656 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LtcyCfgWDM.sys -- (LtcyCfgWDM [On_Demand | Stopped])

DRV - [2007/08/21 12:49:28 | 00,017,912 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\Gigabyte\ET5\markfun.w32 -- (MarkFun_NT [On_Demand | Stopped])

DRV - [2008/07/13 21:10:44 | 00,101,120 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])

DRV - [2009/07/14 11:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2008/08/21 15:06:14 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2008/07/06 13:57:28 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [system | Running])

DRV - [2008/07/06 13:57:29 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdklbf.sys -- (PsSdkLBF [system | Running])

DRV - [2003/03/31 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [boot | Running])

DRV - [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [boot | Running])

DRV - [2009/03/07 21:23:54 | 00,030,136 | ---- | M] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\DRIVERS\rspSanity32.sys -- (rspSanity [On_Demand | Stopped])

DRV - [2008/07/01 11:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])

DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])

DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [system | Running])

DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running])

DRV - [2007/06/19 23:35:40 | 00,024,096 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\drivers\ts_lb.sys -- (ts_lb [system | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\S-1-5-21-329068152-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WallpaperWarp Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 19:23:39 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 21:17:43 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 06:48:36 | 00,000,000 | ---D | M]

[2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions

[2008/07/12 10:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions

[2009/06/24 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/07/24 08:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

[2009/05/04 17:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}

[2008/08/13 10:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}

[2009/05/14 19:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009/08/12 21:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/07/19 23:25:10 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pnpftflf.default\searchplugins\conduit.xml

[2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/09 21:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/08 19:09:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com

[2009/09/09 21:17:34 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/09/09 21:17:34 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll

[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009/08/30 21:37:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2009/09/09 21:17:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll

[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll

[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)

O3 - HKU\S-1-5-21-329068152-436374069-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)

O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)

O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)

O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/...t3dactivex2.cab (Quest3DCtlr2 Class)

O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/12 23:53:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]

[2009/09/12 11:18:25 | 00,135,168 | ---- | C] () -- C:\zip.exe

[2009/09/12 11:18:25 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys

[2009/09/12 11:18:25 | 00,019,286 | ---- | C] () -- C:\cleanup.exe

[2009/09/12 11:18:25 | 00,000,574 | ---- | C] () -- C:\cleanup.bat

[2009/09/12 11:15:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/12 10:51:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/09/12 09:50:44 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/09/12 09:50:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/09/12 09:50:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/09/12 09:50:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/09/12 09:50:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/09/12 09:50:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/09/12 09:50:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/09/12 09:50:27 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/09/11 19:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Adobe

[2009/09/11 19:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2009/09/11 17:42:00 | 08,527,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf

[2009/09/11 15:20:39 | 00,001,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk

[2009/09/11 15:20:38 | 08,447,846 | ---- | C] () -- C:\WINDOWS\Warsong_.scr

[2009/09/11 15:20:38 | 00,348,940 | ---- | C] () -- C:\WINDOWS\uninstall Warsong_.exe

[2009/09/11 06:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2009/09/11 06:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2009/09/11 06:40:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/09/11 06:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2009/09/08 14:20:43 | 00,025,174 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg

[2009/09/07 21:16:42 | 01,204,889 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg

[2009/09/07 21:16:26 | 01,129,497 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg

[2009/09/07 19:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Fragments

[2009/09/07 08:30:38 | 00,022,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg

[2009/09/06 17:34:30 | 00,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\acaptuser32.dll

[2009/09/06 11:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartFTP

[2009/09/06 11:25:54 | 00,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk

[2009/09/06 11:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client

[2009/09/06 10:21:44 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/09/06 10:21:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/09/06 10:21:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/09/06 10:21:43 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/09/06 10:21:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/09/06 10:21:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/09/06 10:21:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/09/06 10:21:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/09/06 10:21:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/09/06 10:21:27 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/09/06 10:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2009/08/30 22:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/08/30 22:19:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/08/30 22:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/08/30 22:09:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/08/30 22:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/08/30 21:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck

[2009/08/30 21:48:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/30 21:48:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/30 21:48:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/30 21:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/30 21:39:37 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\b2849.dll

[2009/08/30 21:39:34 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\b2849.sys

[2009/08/30 21:39:32 | 16,068,777 | ---- | C] () -- C:\WINDOWS\System32\MKIQWHEKO

[2009/08/30 21:39:25 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\32048.mht

[2009/08/30 21:35:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2009/08/30 19:48:42 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll

[2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

[2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll

[2009/08/30 19:41:42 | 00,036,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr

ent

[2009/08/30 18:36:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/08/30 18:35:58 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/08/30 18:35:53 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/08/30 18:25:22 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\strings.exe

[2009/08/30 18:25:22 | 00,039,184 | ---- | C] () -- C:\WINDOWS\System32\Ntrights.exe

[2009/08/30 18:25:22 | 00,016,384 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\restart.exe

[2009/08/30 18:25:22 | 00,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com

[2009/08/30 17:56:37 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\foot.sys

[2009/08/30 17:56:09 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys

[2009/08/30 17:56:05 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys

[2009/08/30 17:56:03 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copyofrp.sys

[2009/08/30 17:55:57 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys

[2009/08/30 17:55:52 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\VX

[2009/08/30 17:53:18 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\WQDWTZYKT

[2009/08/30 17:45:23 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys

[2009/08/30 14:54:55 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\c0119.dll

[2009/08/30 14:54:54 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\c0119.sys

[2009/08/30 14:54:49 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\8d518.mht

[2009/08/30 11:51:48 | 07,000,064 | ---- | C] () -- C:\WINDOWS\System32\ER

[2009/08/30 10:43:56 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2009/08/30 10:41:45 | 00,107,814 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg

[2009/08/30 10:30:17 | 07,016,448 | ---- | C] () -- C:\WINDOWS\System32\BZASACLRSI

[2009/08/30 01:52:39 | 00,030,136 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys

[2009/08/30 01:47:14 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\9e21E.dll

[2009/08/30 01:47:11 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\9e21E.sys

[2009/08/30 01:46:53 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c7f1D.mht

[2009/08/30 01:38:42 | 52,269,056 | ---- | C] () -- C:\WINDOWS\System32\TAA

[2009/08/30 01:26:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IONRPSU

[2009/08/30 01:23:30 | 02,312,871 | ---- | C] () -- C:\WINDOWS\System32\KPGS

[2009/08/30 01:16:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\DNQZHCQ

[2009/08/29 17:11:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2009/08/29 16:50:56 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\ME

[2009/08/29 16:47:06 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX

[2009/08/29 16:43:00 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\YCNL

[2009/08/29 16:26:44 | 01,304,608 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/08/29 16:26:44 | 00,034,592 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/08/29 16:26:44 | 00,018,548 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/08/29 16:26:44 | 00,004,316 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2009/08/29 16:21:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/08/29 13:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/29 10:26:55 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys

[2009/08/29 10:26:55 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/08/29 10:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2009/08/29 10:26:42 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/29 09:55:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache

[2009/08/29 09:55:10 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/29 09:29:30 | 00,000,000 | ---D | C] -- C:\spoolerlogs

[2009/08/28 22:09:28 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll

[2009/08/25 21:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

[2009/08/25 20:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test

[2009/08/22 21:03:47 | 00,349,156 | ---- | C] () -- C:\WINDOWS\uninstall Deathwin.exe

[2009/08/22 21:03:46 | 08,655,167 | ---- | C] () -- C:\WINDOWS\Deathwin.scr

[2009/08/21 22:01:40 | 11,023,8230 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi

[2009/08/19 18:39:19 | 08,117,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Flexibility-flexsqueeze_theme_multiple_use.zip

[2009/08/19 18:39:18 | 00,905,162 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\aats3748233.zip

[2009/08/19 18:37:47 | 06,649,944 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\imperial_themeforest.zip

[2009/08/19 18:35:53 | 00,471,323 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Headway1.0.rar

[2009/08/19 18:35:52 | 00,176,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\arthemia-premium.rar

[2009/08/19 18:35:49 | 05,357,159 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\edir7.rar

[2009/08/19 18:35:43 | 07,594,256 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar

[2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini

[2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\Copy of my.ini

[2009/06/08 01:00:55 | 01,111,142 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll

[2009/06/08 01:00:55 | 00,789,962 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/06/08 01:00:55 | 00,466,432 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll

[2009/06/08 01:00:55 | 00,185,344 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll

[2009/06/08 01:00:54 | 01,430,136 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll

[2009/05/31 20:03:43 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\OneWaySerial.dll

[2009/05/28 20:00:03 | 00,000,480 | ---- | C] () -- C:\WINDOWS\w32demo8.ini

[2009/05/27 21:20:47 | 00,000,464 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini

[2009/05/27 21:18:28 | 00,000,793 | ---- | C] () -- C:\WINDOWS\iScreensaver Designer.ini

[2009/05/23 23:23:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2009/05/23 00:43:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2009/05/22 22:50:21 | 01,712,128 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll

[2009/02/27 23:44:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009/01/12 00:59:28 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini

[2008/12/28 11:00:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/08/21 13:17:46 | 00,049,567 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2008/08/21 13:17:44 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2008/08/21 12:40:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll

[2008/08/21 12:38:22 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2008/07/12 10:12:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2008/07/11 22:14:22 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/23 19:10:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2008/06/12 10:36:38 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008/05/04 02:19:56 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini.old

[2008/05/04 02:06:35 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll

[2008/04/19 19:39:47 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2008/04/13 16:04:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.sys

[2008/04/13 16:03:05 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini

[2008/04/05 20:47:12 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys

[2008/01/15 00:48:11 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/01/13 01:53:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2007/08/13 21:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

[2007/08/07 19:22:22 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/07/10 08:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll

[2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

[2006/10/02 18:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2005/12/26 01:24:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys

[2004/11/24 11:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[2004/10/11 23:42:59 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2004/10/11 23:42:45 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2004/10/11 23:42:42 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2004/10/11 23:42:40 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2004/10/11 23:42:39 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2004/10/11 23:42:30 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2004/10/11 23:42:29 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2004/10/11 23:40:56 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004/10/11 23:39:47 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004/10/11 23:39:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004/10/11 23:38:47 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2004/10/05 01:16:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004/10/03 10:59:29 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004/10/03 10:50:53 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004/10/03 10:50:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2003/03/31 12:00:00 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini

[2003/03/31 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini

[2002/10/29 16:04:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\Impborl.dll

[2002/09/16 12:59:46 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI

[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009/09/12 11:18:25 | 00,135,168 | ---- | M] () -- C:\zip.exe

[2009/09/12 11:18:25 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys

[2009/09/12 11:18:25 | 00,019,286 | ---- | M] () -- C:\cleanup.exe

[2009/09/12 11:18:25 | 00,000,574 | ---- | M] () -- C:\cleanup.bat

[2009/09/12 11:06:57 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/09/12 11:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/12 11:06:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx

[2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx

[2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx

[2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx

[2009/09/12 11:06:00 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx

[2009/09/12 11:00:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/09/12 10:05:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/11 19:56:31 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/11 19:34:01 | 03,068,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/11 19:31:37 | 00,183,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/09/11 18:00:33 | 08,527,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf

[2009/09/11 15:20:39 | 00,348,940 | ---- | M] () -- C:\WINDOWS\uninstall Warsong_.exe

[2009/09/11 15:20:39 | 00,001,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk

[2009/09/11 15:20:38 | 08,447,846 | ---- | M] () -- C:\WINDOWS\Warsong_.scr

[2009/09/11 07:14:14 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk

[2009/09/11 06:48:47 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fraps.lnk

[2009/09/11 06:47:55 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk

[2009/09/11 06:47:54 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[2009/09/11 06:47:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk

[2009/09/11 06:47:05 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk

[2009/09/11 06:46:08 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk

[2009/09/11 06:40:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/09/09 17:24:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/08 14:20:43 | 00,025,174 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg

[2009/09/07 21:16:42 | 01,204,889 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg

[2009/09/07 21:16:26 | 01,129,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg

[2009/09/07 17:36:37 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk

[2009/09/07 08:30:41 | 00,022,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg

[2009/09/06 11:25:54 | 00,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk

[2009/09/06 10:50:45 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/09/06 10:21:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/08/30 23:03:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/08/30 22:19:20 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/08/30 22:12:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\RunSC.bat

[2009/08/30 22:09:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2009/08/30 21:48:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/30 21:40:35 | 16,068,777 | ---- | M] () -- C:\WINDOWS\System32\MKIQWHEKO

[2009/08/30 21:39:37 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\b2849.dll

[2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys

[2009/08/30 21:39:25 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\32048.mht

[2009/08/30 21:37:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/08/30 19:48:43 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll

[2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

[2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll

[2009/08/30 19:41:43 | 00,036,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr

ent

[2009/08/30 18:36:01 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys

[2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys

[2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys

[2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys

[2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys

[2009/08/30 17:55:54 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\VX

[2009/08/30 17:53:23 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\WQDWTZYKT

[2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys

[2009/08/30 14:54:55 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\c0119.dll

[2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys

[2009/08/30 14:54:50 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\8d518.mht

[2009/08/30 11:51:50 | 07,000,064 | ---- | M] () -- C:\WINDOWS\System32\ER

[2009/08/30 11:07:29 | 01,304,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/08/30 11:07:29 | 00,034,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2009/08/30 11:07:29 | 00,018,548 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/08/30 11:07:29 | 00,004,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2009/08/30 10:42:31 | 00,107,814 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg

[2009/08/30 10:30:18 | 07,016,448 | ---- | M] () -- C:\WINDOWS\System32\BZASACLRSI

[2009/08/30 01:47:14 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\9e21E.dll

[2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys

[2009/08/30 01:46:53 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c7f1D.mht

[2009/08/30 01:46:10 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2009/08/30 01:40:20 | 52,269,056 | ---- | M] () -- C:\WINDOWS\System32\TAA

[2009/08/30 01:26:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IONRPSU

[2009/08/30 01:24:09 | 02,312,871 | ---- | M] () -- C:\WINDOWS\System32\KPGS

[2009/08/30 01:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\DNQZHCQ

[2009/08/29 17:31:27 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/08/29 16:50:59 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\ME

[2009/08/29 16:47:09 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX

[2009/08/29 16:43:03 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\YCNL

[2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys

[2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys

[2009/08/29 16:37:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2009/08/29 15:23:03 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2009/08/29 15:12:17 | 00,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2009/08/29 12:58:13 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PE Explorer.lnk

[2009/08/29 12:00:42 | 03,773,284 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2009/08/29 09:55:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache

[2009/08/28 22:09:28 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll

[2009/08/28 18:14:25 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk

[2009/08/23 09:09:27 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVGA Precision.lnk

[2009/08/22 21:03:48 | 00,349,156 | ---- | M] () -- C:\WINDOWS\uninstall Deathwin.exe

[2009/08/22 21:03:46 | 08,655,167 | ---- | M] () -- C:\WINDOWS\Deathwin.scr

[2009/08/21 22:05:47 | 11,023,8230 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi

[2009/08/19 18:20:03 | 05,357,159 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\edir7.rar

[2009/08/19 18:09:40 | 07,594,256 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar

[2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA868A70

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

Link to post
Share on other sites
oogee

oogee

Posted
  • Author
Posted

DSS Log

DDS (Ver_09-07-30.01) - NTFSx86  
Run by Owner at 11:13:40.96 on 12/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab
DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pnpftflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\octoshape streaming services\owner\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\zend\zend studio for eclipse - 6.1.2\ZendStudio.exe
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",	  5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-29 28544]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-8-29 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-8-29 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-6 114768]
R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-6 36928]
R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-7-6 53312]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2008-7-6 24096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-6 138680]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-7 10384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-13 598856]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-6 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?]
S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [2009-8-30 54624]
S3 Apache2.2;Apache2.2;c:\www\apache22\bin\httpd.exe [2008-1-14 24631]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-6 254040]
S3 b2849;b2849;c:\windows\system32\b2849.sys [2009-8-30 54624]
S3 c0119;c0119;c:\windows\system32\c0119.sys [2009-8-30 54624]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [2009-8-30 34816]
S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [2009-8-30 34816]
S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [2009-8-30 34816]
S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [2009-8-30 34816]
S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [2009-8-30 34816]
S3 cpuz129;cpuz129;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-7-6 19240]
S3 foot;foot;c:\windows\system32\drivers\foot.sys [2009-8-30 34816]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2009-1-10 17912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2009-8-30 30136]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-3-8 536896]
S4 ATZO;ATZO;c:\docume~1\owner\locals~1\temp\atzo.exe --> c:\docume~1\owner\locals~1\temp\ATZO.exe [?]
S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\owner\locals~1\temp\avytbjjmcca.exe --> c:\docume~1\owner\locals~1\temp\AVYTBJJMCCA.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
S4 D;D;c:\docume~1\owner\locals~1\temp\d.exe --> c:\docume~1\owner\locals~1\temp\D.exe [?]
S4 DPUK;DPUK;c:\docume~1\owner\locals~1\temp\dpuk.exe --> c:\docume~1\owner\locals~1\temp\DPUK.exe [?]
S4 KIG;KIG;c:\docume~1\owner\locals~1\temp\kig.exe --> c:\docume~1\owner\locals~1\temp\KIG.exe [?]
S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\owner\locals~1\temp\qleolytkckzrf.exe --> c:\docume~1\owner\locals~1\temp\QLEOLYTKCKZRF.exe [?]
S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\owner\locals~1\temp\qpktdicdanja.exe --> c:\docume~1\owner\locals~1\temp\QPKTDICDANJA.exe [?]
S4 RVQDJY;RVQDJY;c:\docume~1\owner\locals~1\temp\rvqdjy.exe --> c:\docume~1\owner\locals~1\temp\RVQDJY.exe [?]
S4 SB;SB;c:\docume~1\owner\locals~1\temp\sb.exe --> c:\docume~1\owner\locals~1\temp\SB.exe [?]
S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\owner\locals~1\temp\suvgmvqkalg.exe --> c:\docume~1\owner\locals~1\temp\SUVGMVQKALG.exe [?]
S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\owner\locals~1\temp\wkbfsjcqh.exe --> c:\docume~1\owner\locals~1\temp\WKBFSJCQH.exe [?]

=============== Created Last 30 ================

2009-09-12 09:50	230,912	a-------	c:\windows\PEV.exe
2009-09-12 09:50	161,792	a-------	c:\windows\SWREG.exe
2009-09-12 09:50	98,816	a-------	c:\windows\sed.exe
2009-09-11 15:20	8,447,846	a-------	c:\windows\Warsong_.scr
2009-09-11 15:20	348,940	a-------	c:\windows\uninstall Warsong_.exe
2009-09-11 06:46	<DIR>	--d-----	c:\program files\common files\DivX Shared
2009-09-06 17:34	111,992	a-------	c:\windows\system32\acaptuser32.dll
2009-09-06 11:25	<DIR>	--d-----	c:\program files\SmartFTP Client
2009-08-30 22:19	<DIR>	--d-----	c:\program files\Trend Micro
2009-08-30 22:09	<DIR>	--d-----	c:\program files\SUPERAntiSpyware
2009-08-30 21:58	<DIR>	--d-----	c:\program files\SanityCheck
2009-08-30 21:48	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:48	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-08-30 21:48	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2009-08-30 21:39	128,352	a-------	c:\windows\system32\b2849.dll
2009-08-30 21:39	54,624	a-------	c:\windows\system32\b2849.sys
2009-08-30 21:39	16,068,777	a-------	c:\windows\system32\MKIQWHEKO
2009-08-30 21:39	2,335,270	a-------	c:\windows\system32\32048.mht
2009-08-30 19:48	167,936	--------	c:\windows\system32\appmgmts.dll
2009-08-30 19:47	180,224	ac------	c:\windows\system32\dllcache\scecli.dll
2009-08-30 19:47	180,224	--------	c:\windows\system32\scecli.dll
2009-08-30 18:35	<DIR>	a-dshr--	C:\cmdcons
2009-08-30 18:25	175,616	a-------	c:\windows\system32\strings.exe
2009-08-30 18:25	39,184	a-------	c:\windows\system32\Ntrights.exe
2009-08-30 18:25	16,384	a-------	c:\windows\system32\restart.exe
2009-08-30 18:25	11,254	a-------	c:\windows\system32\locate.com
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\foot.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copy4ofrp.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copy5ofrp.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copyofrp.sys
2009-08-30 17:55	34,816	a-------	c:\windows\system32\drivers\copy3ofrp.sys
2009-08-30 17:55	7,012,352	a-------	c:\windows\system32\VX
2009-08-30 17:53	7,012,352	a-------	c:\windows\system32\WQDWTZYKT
2009-08-30 17:45	34,816	a-------	c:\windows\system32\drivers\copy2ofrp.sys
2009-08-30 14:54	714,752	a-------	c:\windows\system32\a131A.tmp
2009-08-30 14:54	128,352	a-------	c:\windows\system32\c0119.dll
2009-08-30 14:54	54,624	a-------	c:\windows\system32\c0119.sys
2009-08-30 14:54	2,335,270	a-------	c:\windows\system32\8d518.mht
2009-08-30 11:51	7,000,064	a-------	c:\windows\system32\ER
2009-08-30 10:30	7,016,448	a-------	c:\windows\system32\BZASACLRSI
2009-08-30 01:52	30,136	a-------	c:\windows\system32\drivers\rspSanity32.sys
2009-08-30 01:47	128,352	a-------	c:\windows\system32\9e21E.dll
2009-08-30 01:47	714,752	a-------	c:\windows\system32\2b41F.tmp
2009-08-30 01:47	54,624	a-------	c:\windows\system32\9e21E.sys
2009-08-30 01:46	2,335,270	a-------	c:\windows\system32\c7f1D.mht
2009-08-30 01:38	52,269,056	a-------	c:\windows\system32\TAA
2009-08-30 01:26	0	a-------	c:\windows\system32\IONRPSU
2009-08-30 01:23	2,312,871	a-------	c:\windows\system32\KPGS
2009-08-30 01:16	0	a-------	c:\windows\system32\DNQZHCQ
2009-08-29 17:11	28,544	a-------	c:\windows\system32\drivers\pavboot.sys
2009-08-29 16:50	6,967,296	a-------	c:\windows\system32\ME
2009-08-29 16:47	6,967,296	a-------	c:\windows\system32\NIIIAHSTWXNDKX
2009-08-29 16:43	6,967,296	a-------	c:\windows\system32\YCNL
2009-08-29 16:26	1,304,608	a--sh---	c:\windows\system32\drivers\fidbox.dat
2009-08-29 16:26	34,592	a--sh---	c:\windows\system32\drivers\fidbox2.dat
2009-08-29 16:26	18,548	a--sh---	c:\windows\system32\drivers\fidbox.idx
2009-08-29 16:26	4,316	a--sh---	c:\windows\system32\drivers\fidbox2.idx
2009-08-29 16:21	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-08-29 10:26	27,656	a-------	c:\windows\system32\drivers\pxsec.sys
2009-08-29 10:26	22,024	a-------	c:\windows\system32\drivers\pxscan.sys
2009-08-29 10:26	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-08-29 10:26	64	a-------	c:\windows\wininit.ini
2009-08-29 09:55	411,368	a-------	c:\windows\system32\deploytk.dll
2009-08-29 09:29	<DIR>	--d-----	C:\spoolerlogs
2009-08-28 22:09	86,016	a-------	c:\windows\system32\frapsvid.dll
2009-08-25 21:47	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-25 20:33	<DIR>	--d-----	c:\program files\World of Warcraft Public Test
2009-08-22 21:03	349,156	a-------	c:\windows\uninstall Deathwin.exe
2009-08-22 21:03	8,655,167	a-------	c:\windows\Deathwin.scr

==================== Find3M  ====================

2009-08-30 01:46	153,104	a-------	c:\windows\system32\drivers\tmcomm.sys
2009-08-11 17:31	13,016,513	a-------	c:\windows\Ignis_th.scr
2009-08-05 02:01	204,800	a-------	c:\windows\system32\mswebdvd.dll
2009-07-20 12:26	84,496	a-------	c:\windows\system32\KemXML.dll
2009-07-20 12:26	117,264	a-------	c:\windows\system32\KemWnd.dll
2009-07-20 12:26	145,936	a-------	c:\windows\system32\KemUtil.dll
2009-07-20 12:26	170,512	a-------	c:\windows\system32\kemutb.dll
2009-07-20 12:25	301,656	a-------	c:\windows\system32\BtCoreIf.dll
2009-07-18 11:38	119,796	a---h---	c:\windows\system32\mlfcache.dat
2009-07-17 12:01	58,880	a-------	c:\windows\system32\atl.dll
2009-07-14 13:35	2,173,472	a-------	c:\windows\system32\nvcplui.exe
2009-07-14 13:35	81,920	a-------	c:\windows\system32\nvwddi.dll
2009-07-14 13:35	4,026,368	a-------	c:\windows\system32\nvvitvs.dll
2009-07-14 13:35	3,170,304	a-------	c:\windows\system32\nvwss.dll
2009-07-14 13:34	13,877,248	a-------	c:\windows\system32\nvcpl.dll
2009-07-14 13:34	4,923,392	a-------	c:\windows\system32\nvdisps.dll
2009-07-14 13:34	3,547,136	a-------	c:\windows\system32\nvgames.dll
2009-07-14 13:34	1,286,144	a-------	c:\windows\system32\nvmobls.dll
2009-07-14 13:34	188,416	a-------	c:\windows\system32\nvmccss.dll
2009-07-14 13:34	168,004	a-------	c:\windows\system32\nvsvc32.exe
2009-07-14 13:34	143,360	a-------	c:\windows\system32\nvcolor.exe
2009-07-14 13:34	86,016	a-------	c:\windows\system32\nvmctray.dll
2009-07-14 13:34	229,376	a-------	c:\windows\system32\nvmccs.dll
2009-07-14 11:54	10,457,088	a-------	c:\windows\system32\nvoglnt.dll
2009-07-14 11:54	7,741,664	a-------	c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 11:54	5,842,816	a-------	c:\windows\system32\nv4_disp.dll
2009-07-14 11:54	2,189,856	a-------	c:\windows\system32\nvcuvid.dll
2009-07-14 11:54	2,002,944	a-------	c:\windows\system32\nvcuda.dll
2009-07-14 11:54	1,706,528	a-------	c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54	1,597,690	a-------	c:\windows\system32\nvdata.bin
2009-07-14 11:54	868,352	a-------	c:\windows\system32\nvapi.dll
2009-07-14 11:54	485,920	a-------	c:\windows\system32\nvudisp.exe
2009-07-14 11:54	151,552	a-------	c:\windows\system32\nvcodins.dll
2009-07-14 11:54	151,552	a-------	c:\windows\system32\nvcod.dll
2009-07-13 23:43	286,208	--------	c:\windows\system32\wmpdxm.dll
2009-07-10 07:01	485,920	a-------	c:\windows\system32\NVUNINST.EXE
2009-07-03 10:09	915,456	--------	c:\windows\system32\wininet.dll
2009-06-17 09:55	55,824	a-------	c:\windows\KHALMNPR.Exe
2009-06-16 07:36	119,808	a-------	c:\windows\system32\t2embed.dll
2009-06-16 07:36	81,920	a-------	c:\windows\system32\fontsub.dll
2008-04-20 11:30	22,328	a-------	c:\docume~1\owner\applic~1\PnkBstrK.sys

============= FINISH: 11:13:51.87 ===============

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.