WiredWX Hobby Weather ToolsLog in

 


Anti Virus 2010 Plus more and mbam starts.....

2 posters

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyAnti Virus 2010 Plus more and mbam starts.....

more_horiz
Mbam starts runs for 2 seconds and stop spyware doctor does the same thing Where do I go from here

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
ComboFix log



ComboFix 10-09-25.07 - Main 09/26/2010 11:40:47.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.141 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sdra64.exe . . . . Failed to delete
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\.wtav
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\USRINI~1.EXE
c:\windows\system32\zettcap.dll
D:\Uninstall.exe
D:\WinRAR.exe
c:\windows\system32\sdra64.exe . . . . Failed to delete

c:\windows\system32\Drivers\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_USERINIT
-------\Service_6to4
-------\Service_userinit


((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:10 . 2010-09-24 18:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-24 18:10 . 2010-09-24 18:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-24 18:09 . 2010-09-24 18:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-24 18:09 . 2010-09-24 18:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-24 18:09 . 2010-09-24 18:09 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-06 15:03 . 2010-09-06 15:03 -------- d-----w- c:\program files\Ask.com
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 14:16 . 2010-09-25 14:16 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-25 14:16 . 2010-09-25 14:16 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-25 14:16 . 2010-09-25 14:16 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-25 14:16 . 2010-09-25 14:16 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-25 14:16 . 2010-09-25 14:16 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-25 14:16 . 2010-09-25 14:16 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-25 14:16 . 2010-09-25 14:16 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-25 14:16 . 2010-09-25 14:16 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-25 14:16 . 2010-09-25 14:16 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:30 . 2010-09-26 03:00 53632 ----a-w- c:\documents and settings\Main\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.

Code:

<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\windows\system32\atiptaxx .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateMyDrivers"="d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Steam"="c:\program files\steam\steam.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"NVIEW"="nview.dll" [2003-07-28 852038]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-26 16120832]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"hostsvr"="d:\warcraft\hostsvr\hostsvr .exe" [N/A]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-24 2065760]
"AtiPTA"="atiptaxx.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-24 18:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/24/2010 1:09 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/24/2010 1:10 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [9/24/2010 1:07 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/24/2010 1:07 PM 308136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S3 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-zettcap - (no file)
AddRemove-WinRAR archiver - D:\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 11:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(604)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-09-26 12:02:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-26 17:02

Pre-Run: 7,501,250,560 bytes free
Post-Run: 7,493,042,176 bytes free

- - End Of File - - D564AF50AEF398436556E1145A80638B

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
RootRepeal


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/09/26 12:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE647000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B8E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB2B6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\IX2J1B59\captcha[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\ANAU7NZQ\reload[1].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\OY3XQ35F\captcha[1].htm
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7499112

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf74782d6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf74784c8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7499900

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7499bb4

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7497e12

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf749a020

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74993d2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7477f44

==EOF==

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
SysProt AntiRootkit log


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE647000
Module End: EE65F000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B8E000
Module End: F7B90000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7499112
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcess
Address: F74782D6
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcessEx
Address: F74784C8
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwDeleteKey
Address: F7499900
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwDeleteValueKey
Address: F7499BB4
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwOpenKey
Address: F7497E12
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwRenameKey
Address: F749A020
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwSetValueKey
Address: F74993D2
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

Function Name: ZwTerminateProcess
Address: F7477F44
Driver Base: F746D000
Driver End: F74A6000
Driver Name: PCTCore.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HOME-4D3B93B4D6:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-4D3B93B4D6:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\AVG\AVG9\AVGEMC.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:5929
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Documents and Settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
State: LISTENING

Local Address: HOME-4D3B93B4D6:5152
Remote Address: LOCALHOST:1327
Type: TCP
Process: C:\Program Files\Java\JRE6\BIN\jqs.exe
State: CLOSE_WAIT

Local Address: HOME-4D3B93B4D6:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\JRE6\BIN\jqs.exe
State: LISTENING

Local Address: HOME-4D3B93B4D6:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\ALG.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME-4D3B93B4D6:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: LISTENING

Local Address: HOME-4D3B93B4D6:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-4D3B93B4D6:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME-4D3B93B4D6:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1069
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: NA

Local Address: HOME-4D3B93B4D6:1044
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
State: NA

Local Address: HOME-4D3B93B4D6:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\SVCHOST.EXE
State: NA

Local Address: HOME-4D3B93B4D6:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\LSASS.EXE
State: NA

Local Address: HOME-4D3B93B4D6:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\LSASS.EXE
State: NA

Local Address: HOME-4D3B93B4D6:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************

Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{034BAC85-E292-460C-B5C9-C43

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Hello.
Below I have attached a file called CFScript, please download that to your Desktop.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Anti Virus 2010 Plus more and mbam starts..... Cfscriptb4i

  3. Referring to the picture above, drag CFScript into ComboFix.exe
  4. When finished, it shall produce a log for you at C:\ComboFix.txt
  5. Please post the contents of the log in your next reply.

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
ComboFix 10-09-26.04 - Main 09/27/2010 10:12:06.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.184 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\sdra64.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\warcraft\hostsvr\hostsvr .exe
d:\warcraft\hostsvr\hostsvr .exe

.
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.

2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 18:14 . 2010-09-26 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-06 15:03 . 2010-09-06 15:03 -------- d-----w- c:\program files\Ask.com
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.

Code:

<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zettcap]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostsvr]
d:\warcraft\hostsvr\hostsvr .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S4 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 10:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(596)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-09-27 10:23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-27 15:23
ComboFix2.txt 2010-09-26 17:02

Pre-Run: 7,424,376,832 bytes free
Post-Run: 7,556,038,656 bytes free

- - End Of File - - CAF4BC13B86E8F616F4AB360354A7DBF

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Hello.
Before we continue, do this for me.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Antivirus 2010
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Browser Defender 2.0.6.15
Build a Lot 5 - Elizabethan Era Premium Edition
Burn4Free CD & DVD 4.9.0.0
Catalyst Control Center - Branding
CCleaner
CrossLoop 2.74
EASEUS Partition Master 6.1.1 Home Edition
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
ImgBurn
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Windows 2000/XP Display Drivers
Pando Media Booster
Partition Wizard Home Edition 5.0
PokerStars.net
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Spybot - Search & Destroy
Spyware Doctor 7.0
Steam
SUPERAntiSpyware
SWAT 4 - Gold
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Warcraft III
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
XP Codec Pack
Yahoo! Toolbar

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
AntiVirus 2010 is not in add or remove programs even though it says it is!

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Hello.
Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Antivirus 2010
    Ask Toolbar

Now lets try this one more time.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    RenV::
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zettcap]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostsvr]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Anti Virus 2010 Plus more and mbam starts..... Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
The ask toolbar I removed antivirus is not in my add remove programs here is the log!


ComboFix 10-09-28.03 - Main 09/29/2010 10:09:18.4.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.178 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 00:36 . 2010-09-29 00:35 77312 ----a-w- C:\mbr.exe
2010-09-28 18:17 . 2010-09-28 18:17 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Adobe
2010-09-28 01:47 . 2010-09-28 01:47 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 01:47 . 2010-09-28 01:47 -------- d-----w- c:\program files\Trend Micro
2010-09-28 01:47 . 2010-09-28 01:47 1402880 ----a-w- C:\HiJackThis.msi
2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 18:14 . 2010-09-26 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-13 22:21 . 2010-03-18 18:18 509304 ------w- c:\documents and settings\All Users\Application Data\Free Ride Games\ExentCtl.ocx
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.

Code:

<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S4 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 10:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(596)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2804)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-29 10:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-29 15:21
ComboFix2.txt 2010-09-27 15:23
ComboFix3.txt 2010-09-26 17:02

Pre-Run: 7,132,741,632 bytes free
Post-Run: 7,335,493,632 bytes free

- - End Of File - - 35FF893B98A0D71E0CFD71DD9B09834E

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=25ce2d7913399a42b3fdf1cf81504f63
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-30 12:11:52
# local_time=2010-09-29 07:11:52 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80808
# found=6
# cleaned=6
# scan_time=1276
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ActualSpy.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Sierra\SWAT 4 - Gold\Content\System\swat4.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Sierra\SWAT 4 - Gold\ContentExpansion\System\swat4X.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\SSWv6.9.dll a variant of Win32/Conficker.X worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Compelete\Swat 4 Gold Edition [FULL] + Crack-=-\Crack & Instructions\Content\System\swat4.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Compelete\Swat 4 Gold Edition [FULL] + Crack-=-\Crack & Instructions\ContentExpansion\System\swat4x.exe a variant of Win32/Injector.FN trojan (deleted - quarantined) 00000000000000000000000000000000 C

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

descriptionAnti Virus 2010 Plus more and mbam starts..... EmptyRe: Anti Virus 2010 Plus more and mbam starts.....

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum