Jump to content

Malwarebytes

Need quick help after malware clean up please...

- - - - -
Started by oogee, Sep 12 2009 05:44 PM

5 replies to this topic

#1
oogee
Posted 12 September 2009 - 05:44 PM

    New Member

  • Members
  • Pip
  • 4 posts
Hello,

A few weeks ago I got hit by some Java exploiting malware/virus *Win32/Cryptor* that installed nasty viruses and rootkits all over my PC and did so by exploiting Java *which I have uinstalled now* and turning off my firewall. I unhooked my modem as fast as I saw this happen but it was too late it had already installed all the junk in the computer. After A LOT of work I was able to remove the rootkit/virus and everything off my computer, however, a slight issue I've noticed now.

It appears some folders etc are locked now and "Access Denied" so avast can't even scan them.

I already know the drill of the logs after weeks of trying to remove the nasty rootkit/virus so here's the most current logs:

Win32KDiag Log

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point	   : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\nvidia icons\nvidia icons

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2004-08-04 01:56:52 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Found mount point	   : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point	   : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Finished!


SecurityCheck.exe Log:

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner

ProxyFirewall 1.0.4 Beta

avast! updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
DH Driver Cleaner Professional Edition
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashWebSv.exe


``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



ComboFix Log:

ComboFix 09-09-11.05 - Owner 12/09/2009  9:51.1.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3582.2908 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
[i] ADS - system32: deleted 12 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\My Documents\freshreg.reg
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\149154.msi
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-08-12 to 2009-09-12  )))))))))))))))))))))))))))))))
.

2009-09-12 02:18 . 2009-09-12 02:18	--------	d-----w-	c:\program files\Adobe Media Player
2009-09-11 22:20 . 2009-09-11 22:20	348940	----a-w-	c:\windows\uninstall Warsong_.exe
2009-09-11 22:20 . 2009-09-11 22:20	8447846	----a-w-	c:\windows\Warsong_.scr
2009-09-11 13:49 . 2009-09-11 13:49	--------	d-----w-	c:\documents and settings\Owner\Application Data\Leadertech
2009-09-11 13:46 . 2009-09-11 13:46	--------	d-----w-	c:\program files\Common Files\DivX Shared
2009-09-11 13:37 . 2009-09-11 13:37	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2009-09-07 00:34 . 2009-02-27 19:55	111992	----a-w-	c:\windows\system32\acaptuser32.dll
2009-09-06 18:26 . 2009-09-06 18:26	--------	d-----w-	c:\documents and settings\Owner\Application Data\SmartFTP
2009-09-06 18:25 . 2009-09-06 18:25	--------	d-----w-	c:\program files\SmartFTP Client
2009-09-06 17:21 . 2009-08-17 16:04	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-09-06 17:21 . 2009-08-17 16:04	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-09-06 17:21 . 2009-08-17 16:03	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-09-06 17:21 . 2009-08-17 16:05	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-09-06 17:21 . 2009-08-17 16:05	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-09-06 17:21 . 2009-08-17 16:02	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-09-06 17:21 . 2009-08-17 16:06	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-09-06 17:21 . 2009-08-17 16:06	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-09-06 17:21 . 2009-08-17 16:10	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-09-06 17:21 . 2009-09-06 17:21	--------	d-----w-	c:\program files\Alwil Software
2009-08-31 05:21 . 2009-09-11 13:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-08-31 05:19 . 2009-08-31 05:19	--------	d-----w-	c:\program files\Trend Micro
2009-08-31 05:09 . 2009-09-11 14:19	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-08-31 04:58 . 2009-08-31 04:58	--------	d-----w-	c:\program files\SanityCheck
2009-08-31 04:48 . 2009-09-10 21:54	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 04:48 . 2009-09-11 13:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-31 04:48 . 2009-09-10 21:53	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-31 04:39 . 2009-08-31 04:39	128352	----a-w-	c:\windows\system32\b2849.dll
2009-08-31 04:39 . 2009-08-31 04:39	54624	----a-w-	c:\windows\system32\b2849.sys
2009-08-31 02:48 . 2009-08-31 02:48	167936	----a-w-	c:\windows\system32\appmgmts.dll
2009-08-31 02:47 . 2009-08-31 02:47	180224	-c--a-w-	c:\windows\system32\dllcache\scecli.dll
2009-08-31 02:47 . 2009-08-31 02:47	180224	----a-w-	c:\windows\system32\scecli.dll
2009-08-31 01:25 . 2005-10-20 01:50	16384	----a-w-	c:\windows\system32\restart.exe
2009-08-31 01:25 . 2005-01-20 20:47	175616	----a-w-	c:\windows\system32\strings.exe
2009-08-31 01:25 . 2005-01-14 04:41	39184	----a-w-	c:\windows\system32\Ntrights.exe
2009-08-31 01:25 . 2005-01-14 04:41	11254	----a-w-	c:\windows\system32\locate.com
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\foot.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copy4ofrp.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copy5ofrp.sys
2009-08-31 00:56 . 2009-08-31 00:56	34816	----a-w-	c:\windows\system32\drivers\copyofrp.sys
2009-08-31 00:55 . 2009-08-31 00:55	34816	----a-w-	c:\windows\system32\drivers\copy3ofrp.sys
2009-08-31 00:45 . 2009-08-31 00:45	34816	----a-w-	c:\windows\system32\drivers\copy2ofrp.sys
2009-08-30 21:54 . 2009-08-30 21:54	128352	----a-w-	c:\windows\system32\c0119.dll
2009-08-30 21:54 . 2009-08-30 21:54	54624	----a-w-	c:\windows\system32\c0119.sys
2009-08-30 08:52 . 2009-03-08 04:23	30136	----a-w-	c:\windows\system32\drivers\rspSanity32.sys
2009-08-30 08:47 . 2009-08-30 08:47	128352	----a-w-	c:\windows\system32\9e21E.dll
2009-08-30 08:47 . 2009-08-30 08:47	54624	----a-w-	c:\windows\system32\9e21E.sys
2009-08-30 00:11 . 2008-06-20 00:24	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys
2009-08-29 23:26 . 2009-08-30 18:07	34592	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-08-29 23:26 . 2009-08-30 18:07	1304608	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-08-29 23:21 . 2009-08-30 17:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-29 20:35 . 2009-08-29 20:35	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-29 19:03 . 2009-08-29 19:03	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Subversion
2009-08-29 19:02 . 2009-08-29 19:02	--------	d-sh--w-	c:\documents and settings\Administrator\IETldCache
2009-08-29 17:26 . 2009-08-29 23:37	27656	----a-w-	c:\windows\system32\drivers\pxsec.sys
2009-08-29 17:26 . 2009-08-29 23:37	22024	----a-w-	c:\windows\system32\drivers\pxscan.sys
2009-08-29 17:26 . 2009-08-29 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\PrevxCSI
2009-08-29 16:55 . 2009-08-31 04:37	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-08-29 16:29 . 2009-08-29 16:29	--------	d-----w-	C:\spoolerlogs
2009-08-29 16:29 . 2009-08-29 16:29	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2009-08-29 05:09 . 2009-08-29 05:09	86016	----a-w-	c:\windows\system32\frapsvid.dll
2009-08-26 04:47 . 2009-08-26 04:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-26 03:33 . 2009-09-11 03:36	--------	d-----w-	c:\program files\World of Warcraft Public Test
2009-08-23 04:03 . 2009-08-23 04:03	349156	----a-w-	c:\windows\uninstall Deathwin.exe
2009-08-23 04:03 . 2009-08-23 04:03	8655167	----a-w-	c:\windows\Deathwin.scr
2009-08-17 05:22 . 2009-08-17 05:22	--------	d-----w-	c:\documents and settings\Default User\Local Settings\Application Data\Microsoft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 03:38 . 2008-04-27 00:55	--------	d-----w-	c:\program files\iCall
2009-09-12 02:31 . 2008-01-13 08:23	183264	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 02:21 . 2008-01-14 21:15	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-12 02:02 . 2008-08-18 17:47	--------	d-----w-	c:\documents and settings\Owner\Application Data\Download Manager
2009-09-11 14:10 . 2009-05-26 03:47	--------	d-----w-	c:\program files\PeerGuardian2
2009-09-11 13:49 . 2008-01-13 21:03	--------	d-----w-	c:\program files\Common Files\Logishrd
2009-09-11 13:49 . 2008-01-13 21:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\LogiShrd
2009-09-11 13:47 . 2008-01-13 10:47	--------	d-----w-	c:\program files\DivX
2009-09-11 13:42 . 2008-08-20 17:08	--------	d-----w-	c:\program files\BitComet
2009-09-07 17:40 . 2008-01-13 10:16	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-06 23:27 . 2008-03-10 21:40	--------	d-----w-	c:\documents and settings\Owner\Application Data\Publish Providers
2009-09-06 16:55 . 2008-04-06 08:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avg8
2009-08-31 05:55 . 2009-05-23 07:22	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2009-08-31 05:53 . 2008-05-25 03:28	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-31 05:53 . 2008-05-25 03:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 05:12 . 2008-04-13 18:26	69	----a-w-	c:\windows\RunSC.bat
2009-08-31 04:29 . 2008-05-19 05:09	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-08-30 18:07 . 2009-08-29 23:26	4316	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-08-30 18:07 . 2009-08-29 23:26	18548	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-08-30 08:46 . 2008-08-18 18:47	153104	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-08-29 19:58 . 2009-05-28 05:43	--------	d-----w-	c:\program files\PE Explorer
2009-08-29 16:57 . 2008-04-13 18:05	--------	d-----w-	c:\program files\SmartScan
2009-08-29 16:34 . 2008-01-14 09:39	--------	d-----w-	c:\documents and settings\Owner\Application Data\Azureus
2009-08-29 02:00 . 2009-03-04 07:43	--------	d-----w-	c:\documents and settings\Owner\Application Data\tor
2009-08-29 01:57 . 2009-03-04 07:42	--------	d-----w-	c:\documents and settings\Owner\Application Data\Vidalia
2009-08-29 01:50 . 2009-03-04 07:14	--------	d-----w-	c:\program files\ProxyFirewall
2009-08-26 03:52 . 2008-01-13 08:44	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2009-08-23 16:09 . 2008-05-04 08:56	--------	d-----w-	c:\program files\EVGA Precision
2009-08-18 00:36 . 2008-07-12 04:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-16 16:54 . 2009-04-26 18:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Watermark Factory
2009-08-12 00:31 . 2009-08-12 00:31	13016513	----a-w-	c:\windows\Ignis_th.scr
2009-08-09 22:23 . 2008-04-06 05:51	--------	d-----w-	c:\program files\PC Wizard 2008
2009-08-09 21:39 . 2008-01-13 08:44	--------	d-----w-	c:\program files\World of Warcraft
2009-08-09 21:39 . 2009-05-07 21:32	--------	d-----w-	c:\program files\WinHTTrack
2009-08-09 21:38 . 2008-01-13 10:26	--------	d-----w-	c:\program files\Winamp
2009-08-09 21:38 . 2009-04-26 18:59	--------	d-----w-	c:\program files\Watermark Factory 2
2009-08-09 21:38 . 2009-05-31 07:03	--------	d-----w-	c:\program files\VB Decompiler Lite
2009-08-09 21:37 . 2008-04-06 02:33	--------	d-----w-	c:\program files\SpeedFan
2009-08-09 21:33 . 2009-07-18 18:38	--------	d-----w-	c:\program files\Safari
2009-08-09 21:31 . 2009-05-15 05:28	--------	d-----w-	c:\program files\PADGen
2009-08-09 21:19 . 2009-06-08 08:06	--------	d-----w-	c:\program files\megui
2009-08-09 21:19 . 2008-01-13 07:25	--------	d-----w-	c:\program files\MagicISO
2009-08-09 21:19 . 2008-07-27 02:25	--------	d-----w-	c:\program files\MagicDisc
2009-08-09 21:15 . 2008-07-06 21:02	--------	d-----w-	c:\program files\CommView
2009-08-09 21:15 . 2008-04-13 21:33	--------	d-----w-	c:\program files\Common Files\Webroot Shared
2009-08-09 21:07 . 2008-01-14 09:39	--------	d-----w-	c:\program files\Azureus
2009-08-09 21:07 . 2008-01-16 06:50	--------	d-----w-	c:\program files\ATITool
2009-08-09 21:06 . 2008-06-24 02:13	--------	d-----w-	c:\program files\AIM6
2009-08-09 21:06 . 2008-06-11 02:07	--------	d-----w-	c:\program files\AIM
2009-08-09 21:04 . 2009-05-06 04:24	--------	d-----w-	c:\program files\Advanced JPEG Compressor
2009-08-09 20:15 . 2008-07-09 08:28	--------	d-----w-	c:\program files\XP Codec Pack
2009-08-09 19:26 . 2008-02-07 22:43	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-08-09 19:24 . 2009-05-31 16:07	--------	d-----w-	c:\program files\Screensaver Factory 5 Enterprise
2009-08-09 19:24 . 2008-07-09 06:55	--------	d-----w-	c:\program files\ReNamer
2009-08-09 19:14 . 2008-03-30 21:46	--------	d-----w-	c:\program files\Driver Cleaner Pro
2009-08-09 07:49 . 2009-05-31 19:20	--------	d-----w-	c:\documents and settings\Owner\Application Data\TortoiseSVN
2009-08-09 06:56 . 2009-08-09 06:56	--------	d-----w-	c:\program files\Common Files\TortoiseOverlays
2009-08-09 06:56 . 2009-08-09 06:56	--------	d-----w-	c:\program files\TortoiseSVN
2009-08-09 04:02 . 2009-08-09 04:02	--------	d-----w-	c:\program files\Sony
2009-08-09 03:48 . 2009-05-28 03:57	--------	d-----w-	c:\documents and settings\Owner\Application Data\4Media Software Studio
2009-08-09 03:48 . 2009-05-28 03:56	--------	d-----w-	c:\program files\4Media
2009-08-05 09:01 . 2003-03-31 19:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 00:49 . 2008-12-28 07:25	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-08-01 21:38 . 2009-08-01 21:02	--------	d-----w-	c:\documents and settings\Owner\Application Data\Eltima Software
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\program files\AGEIA Technologies
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\program files\NVIDIA Corporation
2009-08-01 17:13 . 2009-08-01 17:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-29 16:15 . 2008-07-12 05:00	--------	d-----w-	c:\program files\Common Files\Merge Modules
2009-07-20 19:26 . 2009-03-07 17:15	84496	----a-w-	c:\windows\system32\KemXML.dll
2009-07-20 19:26 . 2009-03-07 17:15	117264	----a-w-	c:\windows\system32\KemWnd.dll
2009-07-20 19:26 . 2009-03-07 17:15	145936	----a-w-	c:\windows\system32\KemUtil.dll
2009-07-20 19:26 . 2009-03-07 17:15	170512	----a-w-	c:\windows\system32\kemutb.dll
2009-07-20 19:25 . 2009-03-07 17:15	301656	----a-w-	c:\windows\system32\BtCoreIf.dll
2009-07-18 18:38 . 2009-07-18 18:38	119796	---ha-w-	c:\windows\system32\mlfcache.dat
2009-07-18 18:38 . 2009-05-29 05:24	--------	d-----w-	c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-17 19:01 . 2003-03-31 19:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 20:35 . 2009-07-14 20:35	2173472	----a-w-	c:\windows\system32\nvcplui.exe
2009-07-14 20:35 . 2009-07-14 20:35	81920	----a-w-	c:\windows\system32\nvwddi.dll
2009-07-14 20:35 . 2009-07-14 20:35	4026368	----a-w-	c:\windows\system32\nvvitvs.dll
2009-07-14 20:35 . 2009-07-14 20:35	3170304	----a-w-	c:\windows\system32\nvwss.dll
2009-07-14 20:34 . 2009-07-14 20:34	86016	----a-w-	c:\windows\system32\nvmctray.dll
2009-07-14 20:34 . 2009-07-14 20:34	4923392	----a-w-	c:\windows\system32\nvdisps.dll
2009-07-14 20:34 . 2009-07-14 20:34	3547136	----a-w-	c:\windows\system32\nvgames.dll
2009-07-14 20:34 . 2009-07-14 20:34	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-07-14 20:34 . 2009-07-14 20:34	168004	----a-w-	c:\windows\system32\nvsvc32.exe
2009-07-14 20:34 . 2009-07-14 20:34	143360	----a-w-	c:\windows\system32\nvcolor.exe
2009-07-14 20:34 . 2009-07-14 20:34	13877248	----a-w-	c:\windows\system32\nvcpl.dll
2009-07-14 20:34 . 2009-07-14 20:34	1286144	----a-w-	c:\windows\system32\nvmobls.dll
2009-07-14 20:34 . 2009-07-14 20:34	229376	----a-w-	c:\windows\system32\nvmccs.dll
2009-07-14 18:54 . 2009-08-01 17:12	485920	----a-w-	c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-01 17:12	7741664	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-08-01 17:09	2189856	----a-w-	c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-01 17:09	1706528	----a-w-	c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-01 17:09	10457088	----a-w-	c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2009-08-01 17:09	868352	----a-w-	c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-08-01 17:09	2002944	----a-w-	c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-01 17:09	1597690	----a-w-	c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-08-01 17:09	151552	----a-w-	c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-08-01 17:09	151552	----a-w-	c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2008-10-03 03:12	5842816	----a-w-	c:\windows\system32\nv4_disp.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-09-02 . 3CF3A7B11E4A1DF6CD13B41A76E8B53E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 16:13	85768	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2009-08-18 273424]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-7 813584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Keylogger Hunter.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Keylogger Hunter.lnk
backup=c:\windows\pss\Keylogger Hunter.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiKeyloggers"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iCall Internet Phone"="c:\program files\iCall\iCall.exe" /startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\iCall\\iCall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Owner\\OctoshapeClient.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\GBTUpd.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Zend\\Zend Studio for Eclipse - 6.1.2\\ZendStudio.exe"=
"c:\\ROFL (Blizz-Like) V2.0.0.1\\ROFL (Blizz-Like) V2.0.0.1\\Realm\\hearthstone-world.exe"=
"c:\\Program Files\\4Media\\HD Video Converter\\vcloader.exe"=
"c:\\Program Files\\4Media\\SWF Converter\\vcloader.exe"=
"c:\\AC Web Ultimate Repack\\trincore\\TrinityCore.exe"=
"c:\\AC Web Ultimate Repack\\Server\\apache\\bin\\apache.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\AC Web MaNGOS Hybrid\\MaNGOS\\mangosd.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10257-to-0.2.2.10357-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10357-to-0.2.2.10371-enUS-ptr-downloader.exe"=
"c:\\Program Files\\GIGABYTE\\ET5\\update.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10371-to-0.2.2.10392-enUS-ptr-downloader.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.2.10392-to-0.2.2.10433-enUS-ptr-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizz Downloader 2: 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12802:TCP"= 12802:TCP:BitComet 12802 TCP
"12802:UDP"= 12802:UDP:BitComet 12802 UDP
"3306:TCP"= 3306:TCP:*:Disabled:mysql
"3306:UDP"= 3306:UDP:*:Disabled:mysql

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [29/08/2009 5:11 PM 28544]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [29/08/2009 10:26 AM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [29/08/2009 10:26 AM 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06/09/2009 10:21 AM 114768]
R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [06/07/2008 1:57 PM 36928]
R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [06/07/2008 1:57 PM 53312]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 4:06 PM 74480]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [06/07/2008 2:02 PM 24096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2009 10:21 AM 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [07/03/2009 10:16 AM 10384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [13/04/2008 2:20 PM 598856]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296]
S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?]
S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [30/08/2009 1:47 AM 54624]
S3 Apache2.2;Apache2.2;c:\www\Apache22\bin\httpd.exe [14/01/2008 2:49 AM 24631]
S3 b2849;b2849;c:\windows\system32\b2849.sys [30/08/2009 9:39 PM 54624]
S3 c0119;c0119;c:\windows\system32\c0119.sys [30/08/2009 2:54 PM 54624]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [21/08/2008 2:55 PM 99352]
S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [30/08/2009 5:45 PM 34816]
S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [30/08/2009 5:55 PM 34816]
S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [30/08/2009 5:56 PM 34816]
S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [30/08/2009 5:56 PM 34816]
S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [30/08/2009 5:56 PM 34816]
S3 cpuz129;cpuz129;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [21/08/2008 2:55 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [21/08/2008 2:56 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [21/08/2008 2:56 PM 566296]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [06/07/2008 2:02 PM 19240]
S3 foot;foot;c:\windows\system32\drivers\foot.sys [30/08/2009 5:56 PM 34816]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [26/12/2005 1:24 AM 6656]
S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\ET5\MARKFUN.W32 [10/01/2009 3:23 PM 17912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [30/08/2009 1:52 AM 30136]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 4:06 PM 7408]
S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [08/03/2009 7:09 PM 536896]
S4 ATZO;ATZO;c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe --> c:\docume~1\Owner\LOCALS~1\Temp\ATZO.exe [?]
S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\AVYTBJJMCCA.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S4 D;D;c:\docume~1\Owner\LOCALS~1\Temp\D.exe --> c:\docume~1\Owner\LOCALS~1\Temp\D.exe [?]
S4 DPUK;DPUK;c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe --> c:\docume~1\Owner\LOCALS~1\Temp\DPUK.exe [?]
S4 KIG;KIG;c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\KIG.exe [?]
S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QLEOLYTKCKZRF.exe [?]
S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe --> c:\docume~1\Owner\LOCALS~1\Temp\QPKTDICDANJA.exe [?]
S4 RVQDJY;RVQDJY;c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe --> c:\docume~1\Owner\LOCALS~1\Temp\RVQDJY.exe [?]
S4 SB;SB;c:\docume~1\Owner\LOCALS~1\Temp\SB.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SB.exe [?]
S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe --> c:\docume~1\Owner\LOCALS~1\Temp\SUVGMVQKALG.exe [?]
S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe --> c:\docume~1\Owner\LOCALS~1\Temp\WKBFSJCQH.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab
DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806060_SUA_900\npoctoshape.dll
FF - plugin: c:\program files\Octoshape Streaming Services\Owner\octoprogram-L03-NMS0806260_SUA_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\Zend\Zend Studio for Eclipse - 6.1.2\ZendStudio.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\10.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 10:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-12 17:11

Pre-Run: 30,948,806,656 bytes free
Post-Run: 30,812,549,120 bytes free

566	--- E O F ---	2009-08-26 05:46

Will be posting RootRepeal log soon...I want to be able to remove the access denided to all these folders/files as it appears that based on Malwarebytes' Anti-Malware/SuperAntiSpyware and Avast Antivirus no viruses/trojans/rootkits are found.

Thank you in advance.

#2
oogee
Posted 12 September 2009 - 06:31 PM

    New Member

  • Members
  • Pip
  • 4 posts
Ok just finished hte RootRepeal scan, these are the locked API's i'm not sure how to fix this so they're not locked anymore.

RootRepeal Log:

CODE
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2009/09/12 11:24
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\mui\mui
Status: Locked to the Windows API!

Path: C:\WINDOWS\nvidia icons\nvidia icons
Status: Locked to the Windows API!

Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Status: Locked to the Windows API!

Path: C:\WINDOWS\PIF\PIF
Status: Locked to the Windows API!

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1025\1025
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1028\1028
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1031\1031
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1037\1037
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1041\1041
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1042\1042
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1054\1054
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\2052\2052
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3076\3076
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3com_dmi\3com_dmi
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\export\export
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\inetsrv\inetsrv
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\dhcp\dhcp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\ShellExt\ShellExt
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wins\wins
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\xircom\xircom
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\Program Files\Alwil Software\Avast4\DATA\aswAr.run
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\Adobe\update\update
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\sample\sample
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\snmp\snmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\disdn\disdn
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\mui\dispspec\dispspec
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\Macromed\update\update
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\bad\bad
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\good\good
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\drivers\IA64\IA64
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\drivers\WIN40\WIN40
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\drivers\x64\x64
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Recent\Recent
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\PCHealth\HelpCtr\System\News\News
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pnpftflf.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\JWOH8PVO.55W\P5KR2PX0.X8Q\manifests\CodeCompare.exe.manifest
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Status: Locked to the Windows API!



OTL Log:


OTL logfile created on: 12/09/2009 11:19:46 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6144 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 28.72 Gb Free Space | 12.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/06 17:51:54 | 00,613,128 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/07/20 12:30:50 | 00,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe
PRC - [2009/09/09 21:17:36 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/12 11:19:16 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/20 14:13:36 | 00,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - File not found -- -- (ATZO [Disabled | Stopped])
SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - File not found -- -- (AVYTBJJMCCA [Disabled | Stopped])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped])
SRV - File not found -- -- (CSIScanner [Disabled | Stopped])
SRV - File not found -- -- (D [Disabled | Stopped])
SRV - File not found -- -- (DPUK [Disabled | Stopped])
SRV - [2009/09/11 19:11:33 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (KIG [Disabled | Stopped])
SRV - [2009/07/20 12:28:10 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped])
SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2009/04/01 15:53:18 | 06,574,720 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL [Disabled | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/07/14 13:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/04/20 11:28:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2008/04/20 11:29:55 | 00,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - File not found -- -- (QLEOLYTKCKZRF [Disabled | Stopped])
SRV - File not found -- -- (QPKTDICDANJA [Disabled | Stopped])
SRV - File not found -- -- (RVQDJY [Disabled | Stopped])
SRV - File not found -- -- (SB [Disabled | Stopped])
SRV - [2009/02/07 03:08:16 | 00,536,896 | ---- | M] (My Privacy Tools, Inc.) -- C:\Program Files\Hide My IP 2009\SecureSrv.exe -- (SecureSrv [On_Demand | Stopped])
SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - File not found -- -- (SUVGMVQKALG [Disabled | Stopped])
SRV - File not found -- -- (UserAccess7 [Disabled | Stopped])
SRV - [2008/01/18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
SRV - [2008/04/17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
SRV - File not found -- -- (WKBFSJCQH [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/11/26 14:47:40 | 00,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys -- (9e21E [On_Demand | Stopped])
DRV - [2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [System | Running])
DRV - [2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys -- (b2849 [On_Demand | Stopped])
DRV - [2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys -- (c0119 [On_Demand | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2008/08/21 14:55:10 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys -- (copy2ofrp [On_Demand | Stopped])
DRV - [2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys -- (copy3ofrp [On_Demand | Stopped])
DRV - [2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys -- (copy4ofrp [On_Demand | Stopped])
DRV - [2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys -- (copy5ofrp [On_Demand | Stopped])
DRV - [2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys -- (copyofrp [On_Demand | Stopped])
DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
DRV - [2008/08/21 15:02:40 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2008/08/21 15:03:18 | 00,532,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2008/08/21 14:55:38 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])
DRV - [2008/08/21 15:04:28 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2008/08/21 14:56:52 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
DRV - [2008/08/21 15:06:40 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2008/08/21 14:56:18 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])
DRV - [2008/08/21 15:07:06 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006/12/07 22:04:48 | 00,019,240 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\DRIVERS\cv2k1.sys -- (CV2K1 [On_Demand | Stopped])
DRV - [2008/08/21 15:08:06 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2006/11/24 15:47:50 | 00,040,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped])
DRV - [2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys -- (foot [On_Demand | Stopped])
DRV - [2009/01/10 14:48:26 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [1996/04/03 12:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2008/08/21 15:08:56 | 00,797,720 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2008/08/21 15:09:26 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2008/08/21 15:09:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Running])
DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/09/29 16:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/04/13 16:04:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2009/06/17 09:55:18 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2009/06/17 09:55:26 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])
DRV - [2008/12/19 00:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
DRV - [2008/04/13 11:40:26 | 00,034,688 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc [System | Stopped])
DRV - [2009/06/17 09:56:24 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2005/12/26 01:24:00 | 00,006,656 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LtcyCfgWDM.sys -- (LtcyCfgWDM [On_Demand | Stopped])
DRV - [2007/08/21 12:49:28 | 00,017,912 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\Gigabyte\ET5\markfun.w32 -- (MarkFun_NT [On_Demand | Stopped])
DRV - [2008/07/13 21:10:44 | 00,101,120 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2009/07/14 11:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/08/21 15:06:14 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2008/07/06 13:57:28 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [System | Running])
DRV - [2008/07/06 13:57:29 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdklbf.sys -- (PsSdkLBF [System | Running])
DRV - [2003/03/31 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [Boot | Running])
DRV - [2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [Boot | Running])
DRV - [2009/03/07 21:23:54 | 00,030,136 | ---- | M] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\DRIVERS\rspSanity32.sys -- (rspSanity [On_Demand | Stopped])
DRV - [2008/07/01 11:27:44 | 00,108,800 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2006/09/24 06:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2007/06/19 23:35:40 | 00,024,096 | ---- | M] (TamoSoft) -- C:\WINDOWS\System32\drivers\ts_lb.sys -- (ts_lb [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-436374069-839522115-1003\S-1-5-21-329068152-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WallpaperWarp Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/23 19:23:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 21:17:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 06:48:36 | 00,000,000 | ---D | M]

[2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/07/12 10:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/07 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions
[2009/06/24 22:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/24 08:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/05/04 17:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{3c9761ad-a43d-4447-b924-f5d83cb48063}
[2008/08/13 10:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/05/14 19:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/08/12 21:48:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\pnpftflf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/19 23:25:10 | 00,000,888 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\pnpftflf.default\searchplugins\conduit.xml
[2009/09/12 11:18:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/09 21:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/08 19:09:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com
[2009/09/09 21:17:34 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/09 21:17:34 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/11 00:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/30 21:37:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/09 21:17:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/28 22:25:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O3 - HKU\S-1-5-21-329068152-436374069-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-329068152-436374069-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Zend Studio - Debug current page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O8 - Extra context menu item: Zend Studio - Debug next page - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\Zend Studio for Eclipse - 6.1.2\toolbars\ZendIEToolbar.dll (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/...t3dactivex2.cab (Quest3DCtlr2 Class)
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/12 23:53:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/09/12 11:18:25 | 00,135,168 | ---- | C] () -- C:\zip.exe
[2009/09/12 11:18:25 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys
[2009/09/12 11:18:25 | 00,019,286 | ---- | C] () -- C:\cleanup.exe
[2009/09/12 11:18:25 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/09/12 11:15:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/12 10:51:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/12 09:50:44 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/12 09:50:44 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/12 09:50:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/12 09:50:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/12 09:50:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/12 09:50:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/12 09:50:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/12 09:50:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/11 19:44:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Adobe
[2009/09/11 19:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/09/11 17:42:00 | 08,527,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf
[2009/09/11 15:20:39 | 00,001,343 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk
[2009/09/11 15:20:38 | 08,447,846 | ---- | C] () -- C:\WINDOWS\Warsong_.scr
[2009/09/11 15:20:38 | 00,348,940 | ---- | C] () -- C:\WINDOWS\uninstall Warsong_.exe
[2009/09/11 06:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/09/11 06:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/09/11 06:40:49 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/11 06:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/08 14:20:43 | 00,025,174 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg
[2009/09/07 21:16:42 | 01,204,889 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg
[2009/09/07 21:16:26 | 01,129,497 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg
[2009/09/07 19:59:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Fragments
[2009/09/07 08:30:38 | 00,022,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg
[2009/09/06 17:34:30 | 00,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\acaptuser32.dll
[2009/09/06 11:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartFTP
[2009/09/06 11:25:54 | 00,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2009/09/06 11:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2009/09/06 10:21:44 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/09/06 10:21:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/09/06 10:21:44 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/06 10:21:43 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/09/06 10:21:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/09/06 10:21:41 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/09/06 10:21:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/09/06 10:21:40 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/09/06 10:21:40 | 00,093,392 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/09/06 10:21:27 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/09/06 10:21:25 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/08/30 22:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/30 22:19:20 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/30 22:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/30 22:09:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/30 22:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/30 21:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2009/08/30 21:48:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 21:48:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/30 21:48:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/30 21:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/30 21:39:37 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\b2849.dll
[2009/08/30 21:39:34 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\b2849.sys
[2009/08/30 21:39:32 | 16,068,777 | ---- | C] () -- C:\WINDOWS\System32\MKIQWHEKO
[2009/08/30 21:39:25 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\32048.mht
[2009/08/30 21:35:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/08/30 19:48:42 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll
[2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[2009/08/30 19:47:22 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll
[2009/08/30 19:41:42 | 00,036,714 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr
ent
[2009/08/30 18:36:01 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/30 18:35:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/30 18:35:53 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/30 18:25:22 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\strings.exe
[2009/08/30 18:25:22 | 00,039,184 | ---- | C] () -- C:\WINDOWS\System32\Ntrights.exe
[2009/08/30 18:25:22 | 00,016,384 | ---- | C] (WareSoft Software) -- C:\WINDOWS\System32\restart.exe
[2009/08/30 18:25:22 | 00,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2009/08/30 17:56:37 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\foot.sys
[2009/08/30 17:56:09 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys
[2009/08/30 17:56:05 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys
[2009/08/30 17:56:03 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copyofrp.sys
[2009/08/30 17:55:57 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys
[2009/08/30 17:55:52 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\VX
[2009/08/30 17:53:18 | 07,012,352 | ---- | C] () -- C:\WINDOWS\System32\WQDWTZYKT
[2009/08/30 17:45:23 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys
[2009/08/30 14:54:55 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\c0119.dll
[2009/08/30 14:54:54 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\c0119.sys
[2009/08/30 14:54:49 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\8d518.mht
[2009/08/30 11:51:48 | 07,000,064 | ---- | C] () -- C:\WINDOWS\System32\ER
[2009/08/30 10:43:56 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/08/30 10:41:45 | 00,107,814 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg
[2009/08/30 10:30:17 | 07,016,448 | ---- | C] () -- C:\WINDOWS\System32\BZASACLRSI
[2009/08/30 01:52:39 | 00,030,136 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2009/08/30 01:47:14 | 00,128,352 | ---- | C] () -- C:\WINDOWS\System32\9e21E.dll
[2009/08/30 01:47:11 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\9e21E.sys
[2009/08/30 01:46:53 | 02,335,270 | ---- | C] () -- C:\WINDOWS\System32\c7f1D.mht
[2009/08/30 01:38:42 | 52,269,056 | ---- | C] () -- C:\WINDOWS\System32\TAA
[2009/08/30 01:26:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\IONRPSU
[2009/08/30 01:23:30 | 02,312,871 | ---- | C] () -- C:\WINDOWS\System32\KPGS
[2009/08/30 01:16:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\DNQZHCQ
[2009/08/29 17:11:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/08/29 16:50:56 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\ME
[2009/08/29 16:47:06 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX
[2009/08/29 16:43:00 | 06,967,296 | ---- | C] () -- C:\WINDOWS\System32\YCNL
[2009/08/29 16:26:44 | 01,304,608 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/29 16:26:44 | 00,034,592 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/29 16:26:44 | 00,018,548 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/29 16:26:44 | 00,004,316 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/29 16:21:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/29 13:25:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/29 10:26:55 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/08/29 10:26:55 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/08/29 10:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/08/29 10:26:42 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/29 09:55:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/29 09:55:10 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/29 09:29:30 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009/08/28 22:09:28 | 00,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2009/08/25 21:47:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/08/25 20:33:52 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test
[2009/08/22 21:03:47 | 00,349,156 | ---- | C] () -- C:\WINDOWS\uninstall Deathwin.exe
[2009/08/22 21:03:46 | 08,655,167 | ---- | C] () -- C:\WINDOWS\Deathwin.scr
[2009/08/21 22:01:40 | 11,023,8230 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi
[2009/08/19 18:39:19 | 08,117,024 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Flexibility-flexsqueeze_theme_multiple_use.zip
[2009/08/19 18:39:18 | 00,905,162 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\aats3748233.zip
[2009/08/19 18:37:47 | 06,649,944 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\imperial_themeforest.zip
[2009/08/19 18:35:53 | 00,471,323 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Headway1.0.rar
[2009/08/19 18:35:52 | 00,176,640 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\arthemia-premium.rar
[2009/08/19 18:35:49 | 05,357,159 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\edir7.rar
[2009/08/19 18:35:43 | 07,594,256 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar
[2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini
[2009/08/09 01:24:51 | 00,000,912 | ---- | C] () -- C:\WINDOWS\Copy of my.ini
[2009/06/08 01:00:55 | 01,111,142 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/06/08 01:00:55 | 00,789,962 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/08 01:00:55 | 00,466,432 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2009/06/08 01:00:55 | 00,185,344 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2009/06/08 01:00:54 | 01,430,136 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/05/31 20:03:43 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\OneWaySerial.dll
[2009/05/28 20:00:03 | 00,000,480 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2009/05/27 21:20:47 | 00,000,464 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2009/05/27 21:18:28 | 00,000,793 | ---- | C] () -- C:\WINDOWS\iScreensaver Designer.ini
[2009/05/23 23:23:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/05/23 00:43:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/05/22 22:50:21 | 01,712,128 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009/02/27 23:44:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/12 00:59:28 | 00,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2008/12/28 11:00:50 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/21 13:17:46 | 00,049,567 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/08/21 13:17:44 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/21 12:40:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/08/21 12:38:22 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/12 10:12:48 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/11 22:14:22 | 00,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/23 19:10:53 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/12 10:36:38 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/04 02:19:56 | 00,000,912 | ---- | C] () -- C:\WINDOWS\my.ini.old
[2008/05/04 02:06:35 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/04/19 19:39:47 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/04/13 16:04:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.sys
[2008/04/13 16:03:05 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini
[2008/04/05 20:47:12 | 00,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008/01/15 00:48:11 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/13 01:53:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/08/13 21:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/08/07 19:22:22 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/07/10 08:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/10/02 18:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/12/26 01:24:00 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\LtcyCfgWDM.sys
[2004/11/24 11:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/11 23:42:59 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2004/10/11 23:42:45 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2004/10/11 23:42:42 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2004/10/11 23:42:40 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2004/10/11 23:42:39 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2004/10/11 23:42:30 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2004/10/11 23:42:29 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2004/10/11 23:40:56 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/11 23:39:47 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/11 23:39:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/11 23:38:47 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2004/10/05 01:16:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 10:59:29 | 00,228,352 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/03 10:50:53 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/10/03 10:50:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2003/03/31 12:00:00 | 00,000,881 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/03/31 12:00:00 | 00,000,284 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/10/29 16:04:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\Impborl.dll
[2002/09/16 12:59:46 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/12 11:18:25 | 00,135,168 | ---- | M] () -- C:\zip.exe
[2009/09/12 11:18:25 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\ljehbttk.sys
[2009/09/12 11:18:25 | 00,019,286 | ---- | M] () -- C:\cleanup.exe
[2009/09/12 11:18:25 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/09/12 11:06:57 | 00,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/09/12 11:06:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/12 11:06:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx
[2009/09/12 11:06:00 | 00,030,624 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx
[2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx
[2009/09/12 11:06:00 | 00,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx
[2009/09/12 11:06:00 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000008-10011102}.rfx
[2009/09/12 11:00:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/12 10:05:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/11 19:56:31 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 19:34:01 | 03,068,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/11 19:31:37 | 00,183,264 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/11 18:00:33 | 08,527,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tahma.swf
[2009/09/11 15:20:39 | 00,348,940 | ---- | M] () -- C:\WINDOWS\uninstall Warsong_.exe
[2009/09/11 15:20:39 | 00,001,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Preview Warsong Hold - v1.0.lnk
[2009/09/11 15:20:38 | 08,447,846 | ---- | M] () -- C:\WINDOWS\Warsong_.scr
[2009/09/11 07:14:14 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/09/11 06:48:47 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fraps.lnk
[2009/09/11 06:47:55 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2009/09/11 06:47:54 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/09/11 06:47:39 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/09/11 06:47:05 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/09/11 06:46:08 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2009/09/11 06:40:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 17:24:24 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/08 14:20:43 | 00,025,174 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_160x600.jpg
[2009/09/07 21:16:42 | 01,204,889 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Thuder_Bluff_by_wowculture.jpg
[2009/09/07 21:16:26 | 01,129,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The_Exodar_by_wowculture.jpg
[2009/09/07 17:36:37 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2009/09/07 08:30:41 | 00,022,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jinx_728x90.jpg
[2009/09/06 11:25:54 | 00,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2009/09/06 10:50:45 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/06 10:21:44 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/30 23:03:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/30 22:19:20 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/08/30 22:12:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\RunSC.bat
[2009/08/30 22:09:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/30 21:48:16 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 21:40:35 | 16,068,777 | ---- | M] () -- C:\WINDOWS\System32\MKIQWHEKO
[2009/08/30 21:39:37 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\b2849.dll
[2009/08/30 21:39:34 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\b2849.sys
[2009/08/30 21:39:25 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\32048.mht
[2009/08/30 21:37:19 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/30 19:48:43 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll
[2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[2009/08/30 19:47:23 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scecli.dll
[2009/08/30 19:41:43 | 00,036,714 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows_Vista_Ultimate_64bit_(x64)_Final_English_DVD_Image.3560993.TPB.torr
ent
[2009/08/30 18:36:01 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/30 17:56:38 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\foot.sys
[2009/08/30 17:56:22 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copyofrp.sys
[2009/08/30 17:56:09 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy4ofrp.sys
[2009/08/30 17:56:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy5ofrp.sys
[2009/08/30 17:55:57 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy3ofrp.sys
[2009/08/30 17:55:54 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\VX
[2009/08/30 17:53:23 | 07,012,352 | ---- | M] () -- C:\WINDOWS\System32\WQDWTZYKT
[2009/08/30 17:45:23 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\copy2ofrp.sys
[2009/08/30 14:54:55 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\c0119.dll
[2009/08/30 14:54:54 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\c0119.sys
[2009/08/30 14:54:50 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\8d518.mht
[2009/08/30 11:51:50 | 07,000,064 | ---- | M] () -- C:\WINDOWS\System32\ER
[2009/08/30 11:07:29 | 01,304,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/30 11:07:29 | 00,034,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/30 11:07:29 | 00,018,548 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/30 11:07:29 | 00,004,316 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/30 10:42:31 | 00,107,814 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090830_104143.reg
[2009/08/30 10:30:18 | 07,016,448 | ---- | M] () -- C:\WINDOWS\System32\BZASACLRSI
[2009/08/30 01:47:14 | 00,128,352 | ---- | M] () -- C:\WINDOWS\System32\9e21E.dll
[2009/08/30 01:47:11 | 00,054,624 | ---- | M] () -- C:\WINDOWS\System32\9e21E.sys
[2009/08/30 01:46:53 | 02,335,270 | ---- | M] () -- C:\WINDOWS\System32\c7f1D.mht
[2009/08/30 01:46:10 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/30 01:40:20 | 52,269,056 | ---- | M] () -- C:\WINDOWS\System32\TAA
[2009/08/30 01:26:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\IONRPSU
[2009/08/30 01:24:09 | 02,312,871 | ---- | M] () -- C:\WINDOWS\System32\KPGS
[2009/08/30 01:16:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\DNQZHCQ
[2009/08/29 17:31:27 | 00,000,881 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/29 16:50:59 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\ME
[2009/08/29 16:47:09 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\NIIIAHSTWXNDKX
[2009/08/29 16:43:03 | 06,967,296 | ---- | M] () -- C:\WINDOWS\System32\YCNL
[2009/08/29 16:37:18 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/08/29 16:37:18 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/08/29 16:37:13 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/29 15:23:03 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/29 15:12:17 | 00,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/08/29 12:58:13 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PE Explorer.lnk
[2009/08/29 12:00:42 | 03,773,284 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/08/29 09:55:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/28 22:09:28 | 00,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2009/08/28 18:14:25 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/08/23 09:09:27 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVGA Precision.lnk
[2009/08/22 21:03:48 | 00,349,156 | ---- | M] () -- C:\WINDOWS\uninstall Deathwin.exe
[2009/08/22 21:03:46 | 08,655,167 | ---- | M] () -- C:\WINDOWS\Deathwin.scr
[2009/08/21 22:05:47 | 11,023,8230 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WOWX3-Cataclysm_Trailer_en_US_ESRB.avi
[2009/08/19 18:20:03 | 05,357,159 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\edir7.rar
[2009/08/19 18:09:40 | 07,594,256 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\eSyndiCat.Pro.v2.1.02.NULL.MST-www.p2cmonitor.com.rar
[2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA868A70
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

#3
oogee
Posted 12 September 2009 - 06:32 PM

    New Member

  • Members
  • Pip
  • 4 posts
DSS Log

DDS (Ver_09-07-30.01) - NTFSx86  
Run by Owner at 11:13:40.96 on 12/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Security + Protetion\RootRepeal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Zend Studio - Debug current page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\zend\zend studio for eclipse - 6.1.2\toolbars\ZendIEToolbar.dll/DebugNext.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.2\toolbars\ZENDIE~1.DLL
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} - hxxp://www.quest3d.com/webplugin/download/quest3dactivex2.cab
DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\pnpftflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272238&SearchSource=3&q={searchTerms}
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\octoshape streaming services\owner\octoprogram-l03-nms0806260_sua_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: zend.ZDE_Path - c:\program files\zend\zend studio for eclipse - 6.1.2\ZendStudio.exe
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",	  5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-29 28544]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-8-29 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-8-29 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-6 114768]
R1 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-6 36928]
R1 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2008-7-6 53312]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2008-7-6 24096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-6 138680]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-7 10384]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-4-13 598856]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-6 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S2 uhjm;uhjm;c:\windows\system32\drivers\kmgfbnxb.sys --> c:\windows\system32\drivers\kmgfbnxb.sys [?]
S3 9e21E;9e21E;c:\windows\system32\9e21E.sys [2009-8-30 54624]
S3 Apache2.2;Apache2.2;c:\www\apache22\bin\httpd.exe [2008-1-14 24631]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-6 254040]
S3 b2849;b2849;c:\windows\system32\b2849.sys [2009-8-30 54624]
S3 c0119;c0119;c:\windows\system32\c0119.sys [2009-8-30 54624]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-8-21 99352]
S3 copy2ofrp;copy2ofrp;c:\windows\system32\drivers\copy2ofrp.sys [2009-8-30 34816]
S3 copy3ofrp;copy3ofrp;c:\windows\system32\drivers\copy3ofrp.sys [2009-8-30 34816]
S3 copy4ofrp;copy4ofrp;c:\windows\system32\drivers\copy4ofrp.sys [2009-8-30 34816]
S3 copy5ofrp;copy5ofrp;c:\windows\system32\drivers\copy5ofrp.sys [2009-8-30 34816]
S3 copyofrp;copyofrp;c:\windows\system32\drivers\copyofrp.sys [2009-8-30 34816]
S3 cpuz129;cpuz129;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-8-21 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-8-21 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-8-21 566296]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-7-6 19240]
S3 foot;foot;c:\windows\system32\drivers\foot.sys [2009-8-30 34816]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5\MARKFUN.W32 [2009-1-10 17912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\10.tmp --> c:\windows\system32\10.tmp [?]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2009-8-30 30136]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 SecureSrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-3-8 536896]
S4 ATZO;ATZO;c:\docume~1\owner\locals~1\temp\atzo.exe --> c:\docume~1\owner\locals~1\temp\ATZO.exe [?]
S4 AVYTBJJMCCA;AVYTBJJMCCA;c:\docume~1\owner\locals~1\temp\avytbjjmcca.exe --> c:\docume~1\owner\locals~1\temp\AVYTBJJMCCA.exe [?]
S4 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
S4 D;D;c:\docume~1\owner\locals~1\temp\d.exe --> c:\docume~1\owner\locals~1\temp\D.exe [?]
S4 DPUK;DPUK;c:\docume~1\owner\locals~1\temp\dpuk.exe --> c:\docume~1\owner\locals~1\temp\DPUK.exe [?]
S4 KIG;KIG;c:\docume~1\owner\locals~1\temp\kig.exe --> c:\docume~1\owner\locals~1\temp\KIG.exe [?]
S4 QLEOLYTKCKZRF;QLEOLYTKCKZRF;c:\docume~1\owner\locals~1\temp\qleolytkckzrf.exe --> c:\docume~1\owner\locals~1\temp\QLEOLYTKCKZRF.exe [?]
S4 QPKTDICDANJA;QPKTDICDANJA;c:\docume~1\owner\locals~1\temp\qpktdicdanja.exe --> c:\docume~1\owner\locals~1\temp\QPKTDICDANJA.exe [?]
S4 RVQDJY;RVQDJY;c:\docume~1\owner\locals~1\temp\rvqdjy.exe --> c:\docume~1\owner\locals~1\temp\RVQDJY.exe [?]
S4 SB;SB;c:\docume~1\owner\locals~1\temp\sb.exe --> c:\docume~1\owner\locals~1\temp\SB.exe [?]
S4 SUVGMVQKALG;SUVGMVQKALG;c:\docume~1\owner\locals~1\temp\suvgmvqkalg.exe --> c:\docume~1\owner\locals~1\temp\SUVGMVQKALG.exe [?]
S4 WKBFSJCQH;WKBFSJCQH;c:\docume~1\owner\locals~1\temp\wkbfsjcqh.exe --> c:\docume~1\owner\locals~1\temp\WKBFSJCQH.exe [?]

=============== Created Last 30 ================

2009-09-12 09:50	230,912	a-------	c:\windows\PEV.exe
2009-09-12 09:50	161,792	a-------	c:\windows\SWREG.exe
2009-09-12 09:50	98,816	a-------	c:\windows\sed.exe
2009-09-11 15:20	8,447,846	a-------	c:\windows\Warsong_.scr
2009-09-11 15:20	348,940	a-------	c:\windows\uninstall Warsong_.exe
2009-09-11 06:46	<DIR>	--d-----	c:\program files\common files\DivX Shared
2009-09-06 17:34	111,992	a-------	c:\windows\system32\acaptuser32.dll
2009-09-06 11:25	<DIR>	--d-----	c:\program files\SmartFTP Client
2009-08-30 22:19	<DIR>	--d-----	c:\program files\Trend Micro
2009-08-30 22:09	<DIR>	--d-----	c:\program files\SUPERAntiSpyware
2009-08-30 21:58	<DIR>	--d-----	c:\program files\SanityCheck
2009-08-30 21:48	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 21:48	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-08-30 21:48	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware
2009-08-30 21:39	128,352	a-------	c:\windows\system32\b2849.dll
2009-08-30 21:39	54,624	a-------	c:\windows\system32\b2849.sys
2009-08-30 21:39	16,068,777	a-------	c:\windows\system32\MKIQWHEKO
2009-08-30 21:39	2,335,270	a-------	c:\windows\system32\32048.mht
2009-08-30 19:48	167,936	--------	c:\windows\system32\appmgmts.dll
2009-08-30 19:47	180,224	ac------	c:\windows\system32\dllcache\scecli.dll
2009-08-30 19:47	180,224	--------	c:\windows\system32\scecli.dll
2009-08-30 18:35	<DIR>	a-dshr--	C:\cmdcons
2009-08-30 18:25	175,616	a-------	c:\windows\system32\strings.exe
2009-08-30 18:25	39,184	a-------	c:\windows\system32\Ntrights.exe
2009-08-30 18:25	16,384	a-------	c:\windows\system32\restart.exe
2009-08-30 18:25	11,254	a-------	c:\windows\system32\locate.com
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\foot.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copy4ofrp.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copy5ofrp.sys
2009-08-30 17:56	34,816	a-------	c:\windows\system32\drivers\copyofrp.sys
2009-08-30 17:55	34,816	a-------	c:\windows\system32\drivers\copy3ofrp.sys
2009-08-30 17:55	7,012,352	a-------	c:\windows\system32\VX
2009-08-30 17:53	7,012,352	a-------	c:\windows\system32\WQDWTZYKT
2009-08-30 17:45	34,816	a-------	c:\windows\system32\drivers\copy2ofrp.sys
2009-08-30 14:54	714,752	a-------	c:\windows\system32\a131A.tmp
2009-08-30 14:54	128,352	a-------	c:\windows\system32\c0119.dll
2009-08-30 14:54	54,624	a-------	c:\windows\system32\c0119.sys
2009-08-30 14:54	2,335,270	a-------	c:\windows\system32\8d518.mht
2009-08-30 11:51	7,000,064	a-------	c:\windows\system32\ER
2009-08-30 10:30	7,016,448	a-------	c:\windows\system32\BZASACLRSI
2009-08-30 01:52	30,136	a-------	c:\windows\system32\drivers\rspSanity32.sys
2009-08-30 01:47	128,352	a-------	c:\windows\system32\9e21E.dll
2009-08-30 01:47	714,752	a-------	c:\windows\system32\2b41F.tmp
2009-08-30 01:47	54,624	a-------	c:\windows\system32\9e21E.sys
2009-08-30 01:46	2,335,270	a-------	c:\windows\system32\c7f1D.mht
2009-08-30 01:38	52,269,056	a-------	c:\windows\system32\TAA
2009-08-30 01:26	0	a-------	c:\windows\system32\IONRPSU
2009-08-30 01:23	2,312,871	a-------	c:\windows\system32\KPGS
2009-08-30 01:16	0	a-------	c:\windows\system32\DNQZHCQ
2009-08-29 17:11	28,544	a-------	c:\windows\system32\drivers\pavboot.sys
2009-08-29 16:50	6,967,296	a-------	c:\windows\system32\ME
2009-08-29 16:47	6,967,296	a-------	c:\windows\system32\NIIIAHSTWXNDKX
2009-08-29 16:43	6,967,296	a-------	c:\windows\system32\YCNL
2009-08-29 16:26	1,304,608	a--sh---	c:\windows\system32\drivers\fidbox.dat
2009-08-29 16:26	34,592	a--sh---	c:\windows\system32\drivers\fidbox2.dat
2009-08-29 16:26	18,548	a--sh---	c:\windows\system32\drivers\fidbox.idx
2009-08-29 16:26	4,316	a--sh---	c:\windows\system32\drivers\fidbox2.idx
2009-08-29 16:21	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-08-29 10:26	27,656	a-------	c:\windows\system32\drivers\pxsec.sys
2009-08-29 10:26	22,024	a-------	c:\windows\system32\drivers\pxscan.sys
2009-08-29 10:26	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-08-29 10:26	64	a-------	c:\windows\wininit.ini
2009-08-29 09:55	411,368	a-------	c:\windows\system32\deploytk.dll
2009-08-29 09:29	<DIR>	--d-----	C:\spoolerlogs
2009-08-28 22:09	86,016	a-------	c:\windows\system32\frapsvid.dll
2009-08-25 21:47	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-08-25 20:33	<DIR>	--d-----	c:\program files\World of Warcraft Public Test
2009-08-22 21:03	349,156	a-------	c:\windows\uninstall Deathwin.exe
2009-08-22 21:03	8,655,167	a-------	c:\windows\Deathwin.scr

==================== Find3M  ====================

2009-08-30 01:46	153,104	a-------	c:\windows\system32\drivers\tmcomm.sys
2009-08-11 17:31	13,016,513	a-------	c:\windows\Ignis_th.scr
2009-08-05 02:01	204,800	a-------	c:\windows\system32\mswebdvd.dll
2009-07-20 12:26	84,496	a-------	c:\windows\system32\KemXML.dll
2009-07-20 12:26	117,264	a-------	c:\windows\system32\KemWnd.dll
2009-07-20 12:26	145,936	a-------	c:\windows\system32\KemUtil.dll
2009-07-20 12:26	170,512	a-------	c:\windows\system32\kemutb.dll
2009-07-20 12:25	301,656	a-------	c:\windows\system32\BtCoreIf.dll
2009-07-18 11:38	119,796	a---h---	c:\windows\system32\mlfcache.dat
2009-07-17 12:01	58,880	a-------	c:\windows\system32\atl.dll
2009-07-14 13:35	2,173,472	a-------	c:\windows\system32\nvcplui.exe
2009-07-14 13:35	81,920	a-------	c:\windows\system32\nvwddi.dll
2009-07-14 13:35	4,026,368	a-------	c:\windows\system32\nvvitvs.dll
2009-07-14 13:35	3,170,304	a-------	c:\windows\system32\nvwss.dll
2009-07-14 13:34	13,877,248	a-------	c:\windows\system32\nvcpl.dll
2009-07-14 13:34	4,923,392	a-------	c:\windows\system32\nvdisps.dll
2009-07-14 13:34	3,547,136	a-------	c:\windows\system32\nvgames.dll
2009-07-14 13:34	1,286,144	a-------	c:\windows\system32\nvmobls.dll
2009-07-14 13:34	188,416	a-------	c:\windows\system32\nvmccss.dll
2009-07-14 13:34	168,004	a-------	c:\windows\system32\nvsvc32.exe
2009-07-14 13:34	143,360	a-------	c:\windows\system32\nvcolor.exe
2009-07-14 13:34	86,016	a-------	c:\windows\system32\nvmctray.dll
2009-07-14 13:34	229,376	a-------	c:\windows\system32\nvmccs.dll
2009-07-14 11:54	10,457,088	a-------	c:\windows\system32\nvoglnt.dll
2009-07-14 11:54	7,741,664	a-------	c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 11:54	5,842,816	a-------	c:\windows\system32\nv4_disp.dll
2009-07-14 11:54	2,189,856	a-------	c:\windows\system32\nvcuvid.dll
2009-07-14 11:54	2,002,944	a-------	c:\windows\system32\nvcuda.dll
2009-07-14 11:54	1,706,528	a-------	c:\windows\system32\nvcuvenc.dll
2009-07-14 11:54	1,597,690	a-------	c:\windows\system32\nvdata.bin
2009-07-14 11:54	868,352	a-------	c:\windows\system32\nvapi.dll
2009-07-14 11:54	485,920	a-------	c:\windows\system32\nvudisp.exe
2009-07-14 11:54	151,552	a-------	c:\windows\system32\nvcodins.dll
2009-07-14 11:54	151,552	a-------	c:\windows\system32\nvcod.dll
2009-07-13 23:43	286,208	--------	c:\windows\system32\wmpdxm.dll
2009-07-10 07:01	485,920	a-------	c:\windows\system32\NVUNINST.EXE
2009-07-03 10:09	915,456	--------	c:\windows\system32\wininet.dll
2009-06-17 09:55	55,824	a-------	c:\windows\KHALMNPR.Exe
2009-06-16 07:36	119,808	a-------	c:\windows\system32\t2embed.dll
2009-06-16 07:36	81,920	a-------	c:\windows\system32\fontsub.dll
2008-04-20 11:30	22,328	a-------	c:\docume~1\owner\applic~1\PnkBstrK.sys

============= FINISH: 11:13:51.87 ===============

#4
oogee
Posted 13 September 2009 - 03:28 AM

    New Member

  • Members
  • Pip
  • 4 posts
I know it's a lot to read, but any insight on how I can fix the API locked applications would be great if they're something that I should actually worry about or not...the rootkit did some odd damage after it was removed.

#5
LonnyRJ
Posted 17 September 2009 - 04:06 AM

    True Member

  • Experts
  • PipPipPipPip
  • 353 posts
  • Gender:Male
  • Location:pugent sound
Welcome to the forum oogee
Have you already ran Win32KDiag in this fashion ? if not do so please.

Go start run copy then paste in the line below and press enter
"%userprofile%\desktop\Win32kDiag.exe" -r -f
A log should open when it is finished, post it please.

#6
AdvancedSetup
Posted 29 September 2009 - 08:03 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,575 posts
  • Gender:Male
  • Location:US
Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us