ComboFix 10-09-26.04 - Main 09/27/2010 10:12:06.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.184 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\sdra64.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\warcraft\hostsvr\hostsvr .exe
d:\warcraft\hostsvr\hostsvr .exe
.
((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))
.
2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 18:14 . 2010-09-26 18:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:52 . 2010-09-26 15:52 -------- d-----w- c:\program files\Hotdoga
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-26 01:41 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-26 01:41 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-26 01:41 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-09-26 01:41 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-26 01:41 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-26 01:41 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-26 01:38 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 01:38 . 2010-09-26 01:59 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-26 01:38 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 01:37 . 2010-09-26 01:59 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Spyware Doctor
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\Home\Application Data\PC Tools
2010-09-26 01:37 . 2010-09-26 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!
2010-09-06 15:04 . 2010-09-06 15:04 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\AskToolbar
2010-09-06 15:03 . 2010-09-06 15:03 -------- d-----w- c:\program files\Ask.com
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\HP
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-02 22:29 . 2010-09-02 22:29 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\ApplicationHistory
2010-09-02 22:27 . 2010-09-02 22:27 -------- d-----w- C:\FOUND.002
2010-09-02 13:37 . 2010-09-02 13:37 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Yahoo!
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-09-01 01:40 . 2000-07-08 20:06 87040 ----a-w- c:\windows\UnGins.exe
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:58 . 2010-08-31 20:58 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-31 20:55 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-31 20:55 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-31 20:55 . 2004-09-29 17:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-31 20:55 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-31 20:55 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-31 20:55 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-31 20:55 . 2004-09-29 17:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-31 20:52 . 2010-08-31 21:12 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 20:52 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-08-31 20:52 . 2004-10-05 13:26 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-08-31 20:52 . 2004-10-05 13:26 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-08-31 20:52 . 2004-10-01 13:45 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-08-31 20:52 . 2004-10-01 13:44 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-08-31 20:52 . 2004-10-01 13:44 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-08-31 20:52 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-08-31 20:52 . 2004-10-01 13:46 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-08-31 20:52 . 2004-10-01 13:46 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\windows\Downloaded Installations
2010-08-31 20:40 . 2010-08-31 20:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:31 . 2010-08-31 20:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-31 20:28 . 2010-08-31 20:28 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Adobe
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PC_Drivers_Headquarters
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 11:47 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\MSBuild
2010-08-04 08:05 . 2010-08-04 08:05 -------- d-----w- c:\program files\Reference Assemblies
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 05:48 . 2010-08-03 05:48 -------- d-----w- c:\documents and settings\Home\Application Data\BitTorrent
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 03:20 . 2010-08-03 03:20 -------- d-----w- c:\documents and settings\Home\Application Data\LolClient
2010-08-03 02:48 . 2010-08-03 02:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 02:33 . 2010-08-03 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-03 02:32 . 2010-08-03 02:32 -------- d-----w- c:\program files\Pando Networks
2010-08-02 15:41 . 2010-08-02 15:41 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 14:43 . 2010-08-02 14:42 -------- d-----w- c:\program files\EASEUS
2010-08-02 14:37 . 2010-08-02 14:37 -------- d-----w- c:\program files\Partition Wizard Home Edition 5.0
2010-08-02 10:41 . 2010-08-02 10:41 -------- d-----w- c:\documents and settings\Home\Application Data\AVS4YOU
2010-08-02 10:38 . 2010-08-02 10:38 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-02 10:37 . 2010-08-02 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-08-02 08:31 . 2010-08-02 08:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-02 01:02 . 2010-08-02 01:02 -------- d-----w- c:\documents and settings\Home\Application Data\LimeWire
2010-08-02 00:54 . 2010-08-02 00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-08-02 00:35 . 2010-08-02 00:35 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-02 00:33 . 2010-08-02 00:33 -------- d-----w- c:\program files\Java
2010-08-02 00:08 . 2010-08-02 00:08 -------- d-----w- c:\program files\microsoft frontpage
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
.
Code:
<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zettcap]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostsvr]
d:\warcraft\hostsvr\hostsvr .exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 16:20 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Home\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/25/2010 8:38 PM 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [9/25/2010 8:41 PM 112592]
S4 CrossLoopService;CrossLoop Service;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [9/22/2010 3:16 PM 560848]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2010 8:37 PM 366840]
S4 tvnserver;TightVNC Server;c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe [9/22/2010 3:16 PM 814080]
.
Contents of the 'Scheduled Tasks' folder
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
2010-09-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 10:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKFileSec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IKSysFlt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files\Spyware Doctor\pctsAuxs.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files\Spyware Doctor\pctsSvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvnserver]
"ImagePath"=""c:\documents and settings\Home\Local Settings\Application Data\CrossLoop\tvnserver.exe" -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,d7,fe,bf,72,b7,6e,49,97,c4,9b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(596)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-09-27 10:23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-27 15:23
ComboFix2.txt 2010-09-26 17:02
Pre-Run: 7,424,376,832 bytes free
Post-Run: 7,556,038,656 bytes free
- - End Of File - - CAF4BC13B86E8F616F4AB360354A7DBF