Anti Virus 2010 Plus more and mbam starts.....

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 27 Sep 2010, 4:50 am

Mbam starts runs for 2 seconds and stop spyware doctor does the same thing Where do I go from here

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 27 Sep 2010, 4:53 am

ComboFix log



ComboFix 10-09-25.07 - Main 09/26/2010 11:40:47.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.141 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sdra64.exe . . . . Failed to delete
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\.wtav
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\USRINI~1.EXE
c:\windows\system32\zettcap.dll
D:\Uninstall.exe
D:\WinRAR.exe
c:\windows\system32\sdra64.exe . . . . Failed to delete

c:\windows\system32\Drivers\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_USERINIT
-------\Service_6to4
-------\Service_userinit


((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:10 . 2010-09-24 18:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-24 18:10 . 2010-09-24 18:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-24 18:09 . 2010-09-24 18:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-24 18:09 . 2010-09-24 18:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-24 18:09 . 2010-09-24 18:09 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-06 15:03 . 2010-09-06 15:03 -------- d-----w- c:\program files\Ask.com
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 14:16 . 2010-09-25 14:16 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-25 14:16 . 2010-09-25 14:16 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-25 14:16 . 2010-09-25 14:16 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-25 14:16 . 2010-09-25 14:16 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-25 14:16 . 2010-09-25 14:16 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-25 14:16 . 2010-09-25 14:16 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-25 14:16 . 2010-09-25 14:16 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-25 14:16 . 2010-09-25 14:16 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-25 14:16 . 2010-09-25 14:16 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:30 . 2010-09-26 03:00 53632 ----a-w- c:\documents and settings\Main\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.
Code:
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\windows\system32\atiptaxx .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateMyDrivers"="d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Steam"="c:\program files\steam\steam.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"NVIEW"="nview.dll" [2003-07-28 852038]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-26 16120832]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"hostsvr"="d:\warcraft\hostsvr\hostsvr .exe" [N/A]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]
"AtiPTA"="atiptaxx.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-24 18:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/24/2010 1:09 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/24/2010 1:10 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [9/24/2010 1:07 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/24/2010 1:07 PM 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S3 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-zettcap - (no file)
AddRemove-WinRAR archiver - D:\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-26 11:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(604)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-09-26 12:02:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-26 17:02

Pre-Run: 7,501,250,560 bytes free
Post-Run: 7,493,042,176 bytes free

- - End Of File - - D564AF50AEF398436556E1145A80638B

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 27 Sep 2010, 4:53 am

RootRepeal


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/26 12:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE647000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B8E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB2B6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\IX2J1B59\captcha[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\ANAU7NZQ\reload[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\OY3XQ35F\captcha[1].htm
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7499112

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf74782d6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf74784c8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7499900

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7499bb4

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7497e12

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf749a020

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74993d2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7477f44

==EOF==

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 27 Sep 2010, 4:55 am

SysProt AntiRootkit log


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE647000
Module End: EE65F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B8E000
Module End: F7B90000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7499112
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcess
Address: F74782D6
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcessEx
Address: F74784C8
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwDeleteKey
Address: F7499900
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwDeleteValueKey
Address: F7499BB4
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwOpenKey
Address: F7497E12
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwRenameKey
Address: F749A020
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwSetValueKey
Address: F74993D2
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwTerminateProcess
Address: F7477F44
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HOME-4D3B93B4D6:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-4D3B93B4D6:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\AVG\AVG9\AVGEMC.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:5929
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Documents and Settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
State: LISTENING

Local Address: HOME-4D3B93B4D6:5152
Remote Address: LOCALHOST:1327
Type: TCP
Process: C:\Program Files\Java\JRE6\BIN\jqs.exe
State: CLOSE_WAIT

Local Address: HOME-4D3B93B4D6:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\JRE6\BIN\jqs.exe
State: LISTENING

Local Address: HOME-4D3B93B4D6:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\ALG.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-4D3B93B4D6:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-4D3B93B4D6:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-4D3B93B4D6:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1069
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1044
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: NA

Local Address: HOME-4D3B93B4D6:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\LSASS.EXE
State: NA

Local Address: HOME-4D3B93B4D6:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\LSASS.EXE
State: NA

Local Address: HOME-4D3B93B4D6:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************

Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{034BAC85-E292-460C-B5C9-C43

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Mon 27 Sep 2010, 8:13 am

Hello.
Below I have attached a file called CFScript, please download that to your Desktop.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



  3. Referring to the picture above, drag CFScript into ComboFix.exe
  4. When finished, it shall produce a log for you at C:\ComboFix.txt
  5. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Tue 28 Sep 2010, 2:25 am

ComboFix 10-09-26.04 - Main 09/27/2010 10:12:06.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.184 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\sdra64.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\warcraft\hostsvr\hostsvr .exe
d:\warcraft\hostsvr\hostsvr .exe

.
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 18:14 . 2010-09-26 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-06 15:03 . 2010-09-06 15:03 -------- d-----w- c:\program files\Ask.com
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.
Code:
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zettcap]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostsvr]
d:\warcraft\hostsvr\hostsvr .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S4 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-27 10:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(596)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-09-27 10:23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-27 15:23
ComboFix2.txt 2010-09-26 17:02

Pre-Run: 7,424,376,832 bytes free
Post-Run: 7,556,038,656 bytes free

- - End Of File - - CAF4BC13B86E8F616F4AB360354A7DBF

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Tue 28 Sep 2010, 6:54 am

Hello.
Before we continue, do this for me.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 29 Sep 2010, 1:13 am

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Antivirus 2010
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Browser Defender 2.0.6.15
Build a Lot 5 - Elizabethan Era Premium Edition
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center - Branding
CCleaner
CrossLoop 2.74
EASEUS Partition Master 6.1.1 Home Edition
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
ImgBurn
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Windows 2000/XP Display Drivers
Pando Media Booster
Partition Wizard Home Edition 5.0
PokerStars.net
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Spybot - Search & Destroy
Spyware Doctor 7.0
Steam
SUPERAntiSpyware
SWAT 4 - Gold
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Warcraft III
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XP Codec Pack
Yahoo! Toolbar


swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 29 Sep 2010, 1:15 am

AntiVirus 2010 is not in add or remove programs even though it says it is!

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Wed 29 Sep 2010, 7:37 am

Hello.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Antivirus 2010
    Ask Toolbar

Now lets try this one more time.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    RenV::
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zettcap]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostsvr]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Thu 30 Sep 2010, 2:40 am

The ask toolbar I removed antivirus is not in my add remove programs here is the log!


ComboFix 10-09-28.03 - Main 09/29/2010 10:09:18.4.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.178 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 00:36 . 2010-09-29 00:35 77312 ----a-w- C:\mbr.exe
2010-09-28 18:17 . 2010-09-28 18:17 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Adobe
2010-09-28 01:47 . 2010-09-28 01:47 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 01:47 . 2010-09-28 01:47 -------- d-----w- c:\program files\Trend Micro
2010-09-28 01:47 . 2010-09-28 01:47 1402880 ----a-w- C:\HiJackThis.msi
2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 18:14 . 2010-09-26 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-13 22:21 . 2010-03-18 18:18 509304 ------w- c:\documents and settings\All Users\Application Data\Free Ride Games\ExentCtl.ocx
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.
Code:
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S4 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-29 10:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(596)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-29 10:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-29 15:21
ComboFix2.txt 2010-09-27 15:23
ComboFix3.txt 2010-09-26 17:02

Pre-Run: 7,132,741,632 bytes free
Post-Run: 7,335,493,632 bytes free

- - End Of File - - 35FF893B98A0D71E0CFD71DD9B09834E

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Thu 30 Sep 2010, 10:39 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Thu 30 Sep 2010, 11:17 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=25ce2d7913399a42b3fdf1cf81504f63
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-30 12:11:52
# local_time=2010-09-29 07:11:52 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80808
# found=6
# cleaned=6
# scan_time=1276
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ActualSpy.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Sierra\SWAT 4 - Gold\Content\System\swat4.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Sierra\SWAT 4 - Gold\ContentExpansion\System\swat4X.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\SSWv6.9.dll a variant of Win32/Conficker.X worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Compelete\Swat 4 Gold Edition [FULL] + Crack-=-\Crack & Instructions\Content\System\swat4.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Compelete\Swat 4 Gold Edition [FULL] + Crack-=-\Crack & Instructions\ContentExpansion\System\swat4x.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Fri 01 Oct 2010, 10:30 am

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 04 Oct 2010, 8:49 am

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Mon 04 Oct 2010, 10:39 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Mon 04 Oct 2010, 10:50 am

its running smoother i made another user account and am useing that 1 but i still cannot run mbam or spyware doctor they both shut off

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 06 Oct 2010, 10:59 am

I cannot run any maleware removal programs they all close after the first few seconds of running them and I dont even wanna check what my other user profile does when I log onto it any reason why?

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Wed 06 Oct 2010, 11:34 am

Hello.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 06 Oct 2010, 12:18 pm

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...



i am now useing on screen keyboard cause regular ones wont work help also had to make another user acct do you think you could maybe use crossloop to help?

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 06 Oct 2010, 12:20 pm

also noticed inefolif.dll is in my startup everyime i uncheck it rechecks on startup

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Wed 06 Oct 2010, 1:48 pm

Got my keyboard working!!! WooHooo!!! But still alot of messed up things so you helping me is awsome

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Thu 07 Oct 2010, 8:14 am

Please run Combofix one more time and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by swiftzcz on Thu 07 Oct 2010, 10:45 am

ComboFix 10-10-06.02 - ackkkkkk 10/06/2010 18:29:25.6.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.160 [GMT -5:00]
Running from: c:\documents and settings\ackkkkkk\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ackkkkkk\LOCALS~1\Temp\SAS9.tmp
c:\documents and settings\ackkkkkk\Local Settings\Temp\SAS9.tmp
c:\documents and settings\Main\Application Data\hotfix.exe
c:\documents and settings\Main\Application Data\inst.exe
c:\documents and settings\Main\Application Data\srsf.bat
c:\documents and settings\Main\g2mdlhlpx.exe
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome.manifest
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome\content\_cfg.js
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome\content\overlay.xul
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\spool\prtprocs\w32x86\MY555.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

-- Previous Run --

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

--------

c:\windows\system32\userinit.exe . . . is infected!!

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 03:27 . 2010-10-06 03:39 63488 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-06 03:26 . 2010-10-06 03:26 52224 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-06 03:25 . 2010-10-06 03:39 117760 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-06 03:25 . 2010-10-06 03:25 -------- d-----w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com
2010-10-06 03:08 . 2010-10-06 03:08 0 ----a-w- c:\windows\nsreg.dat
2010-10-06 03:08 . 2010-10-06 03:08 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\Mozilla
2010-10-06 03:00 . 2010-10-06 03:00 -------- d-----w- c:\documents and settings\ackkkkkk\Application Data\Malwarebytes
2010-10-06 02:32 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-06 02:32 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-10-06 02:14 . 2010-10-06 02:14 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\Adobe
2010-10-06 01:29 . 2010-10-06 01:30 16992 ----a-w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-06 01:08 . 2010-10-06 01:08 -------- d-sh--w- c:\documents and settings\ackkkkkk\IETldCache
2010-10-06 01:07 . 2010-10-06 01:07 -------- d-sh--w- c:\documents and settings\ackkkkkk\PrivacIE
2010-10-06 00:38 . 2010-10-06 00:38 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\{0968B9C0-3720-47AA-AE07-DCE21C191A09}
2010-10-06 00:36 . 2010-10-06 00:36 -------- d-----w- C:\FOUND.006
2010-10-06 00:31 . 2010-10-06 00:31 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-06 00:30 . 2010-10-06 00:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-10-06 00:29 . 2010-10-06 00:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-10-06 00:29 . 2010-10-06 00:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-10-06 00:28 . 2010-10-06 00:28 -------- d-----w- C:\FOUND.005
2010-10-06 00:10 . 2010-10-06 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-10-06 00:09 . 2010-10-06 00:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\{B287F30E-08D9-41E6-A0A2-EA296289C4ED}
2010-10-06 00:05 . 2010-10-06 00:05 -------- d-----w- C:\FOUND.004
2010-10-06 00:02 . 2010-10-06 00:02 120 ----a-w- c:\windows\Ydosivaf.dat
2010-10-06 00:02 . 2010-10-06 00:02 0 ----a-w- c:\windows\Fnejogavimov.bin
2010-10-06 00:00 . 2010-10-06 00:01 45056 ----a-w- c:\documents and settings\NetworkService\Application Data\n2ivc.exe
2010-10-06 00:00 . 2010-10-06 00:00 38252 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Partner\uninstall\myHomey\partner_uninstall.exe
2010-10-06 00:00 . 2010-10-06 00:00 -------- d-----w- c:\documents and settings\Main\Application Data\Genieo
2010-10-06 00:00 . 2010-10-06 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-10-05 02:58 . 2010-10-05 02:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-05 02:46 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-04 21:29 . 2010-10-04 21:29 -------- d-----w- c:\documents and settings\Main\Application Data\ImgBurn
2010-10-04 21:00 . 2010-10-04 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-10-04 19:05 . 2010-10-04 19:05 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-04 19:05 . 2010-10-04 19:05 47360 ----a-w- c:\documents and settings\Main\Application Data\pcouffin.sys
2010-10-04 19:05 . 2010-10-04 19:05 -------- d-----w- c:\documents and settings\Main\Application Data\Vso
2010-10-04 19:05 . 2010-02-09 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-10-04 19:05 . 2010-02-09 20:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-10-04 19:05 . 2010-02-09 20:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-10-04 19:05 . 2010-02-09 20:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-10-04 19:05 . 2010-02-09 20:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-10-04 19:05 . 2010-02-09 20:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-10-04 19:05 . 2010-02-09 20:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-10-04 19:05 . 2010-10-04 19:05 -------- d-----w- c:\program files\VSO
2010-10-04 18:42 . 2010-10-04 18:42 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-10-04 18:41 . 2010-10-04 18:41 -------- d-----w- c:\documents and settings\Main\Application Data\BitTorrent
2010-10-04 13:31 . 2010-10-04 13:31 -------- d-----w- c:\program files\MSECache
2010-10-01 13:34 . 2010-10-01 13:34 -------- d-----w- c:\program files\Citrix
2010-09-30 23:59 . 2010-09-30 23:59 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ATI
2010-09-30 23:59 . 2010-09-30 23:59 -------- d-----w- c:\documents and settings\Main\Application Data\ATI
2010-09-29 00:36 . 2010-09-29 00:35 77312 ----a-w- C:\mbr.exe
2010-09-28 18:17 . 2010-09-28 18:17 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Adobe
2010-09-28 01:47 . 2010-09-28 01:47 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 01:47 . 2010-09-28 01:47 -------- d-----w- c:\program files\Trend Micro
2010-09-28 01:47 . 2010-09-28 01:47 1402880 ----a-w- C:\HiJackThis.msi
2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-19 10:46 . 2010-09-19 10:46 318832 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Updater\genieo_temp\homey_setup.exe
2010-09-19 10:46 . 2010-09-19 10:46 455552 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Updater\genieo_temp\InstallMyHomey.exe
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 02:27 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-31 21:12 . 2010-08-31 20:52 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2008-07-25 16:17 . 2008-07-25 16:17 1172472 ----a-w- c:\program files\rst32i.exe
.
Code:
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-04 . 3583C761EBB02A32101D803D6C72B941 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2004-08-04 . C2828822F8189939BCA7FA4AF1E063BF . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iwodufisawan"="c:\windows\inefolif.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Home\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-04 18:41 654648 ----a-w- d:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cnimetofiw]
2004-08-04 17:00 86528 ----a-w- c:\windows\wrtoc40.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iwodufisawan]
c:\windows\inefolif.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]

--- Other Services/Drivers In Memory ---

*Deregistered* - sdzutpx
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
.
.
------- Supplementary Scan -------
.
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\ackkkkkk\Application Data\Mozilla\Firefox\Profiles\wxjlwjb9.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\SASSEH.DLL
Notify-!SASWinLogon - d:\program files\SASWINLO.DLL



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzutpx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="\SystemRoot\system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-06 18:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 23:42
ComboFix2.txt 2010-09-29 15:21

Pre-Run: 2,438,545,408 bytes free
Post-Run: 2,605,907,968 bytes free

- - End Of File - - C9AE86201956D037D0CC97F1281669EF

swiftzcz

Newbie Surfer
Newbie Surfer

Posts : 23
Joined : 2010-09-27
Operating System : Xp pro

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Belahzur on Thu 07 Oct 2010, 11:04 am

Not good, TDL4.

Do you have your XP disc?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Anti Virus 2010 Plus more and mbam starts.....

Post by Sponsored content Today at 7:59 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum