Tech Support Forum - View Single Post - search-daily.com

Michael Wayne · 12-04-2007, 09:28 AM

Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Michael Bottella.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:22 AM, on 12/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael Bottella\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael Bottella.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {2EC4CC15-1E33-40F8-A44C-93CDE50437E8} - C:\WINDOWS\System32\clbcatexu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {987D027C-F0EF-40fa-9A1A-C45007F1F36F} - (no file)
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\{5E7A60E4-8B8F-4DA5-9341-2AEEAEC35AB0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.wwe.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1186686942690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186686931264
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 11238 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,53
.cmd - cmdfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,53
.chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,49
.hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,7
.inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,46
.ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,46
.js - JSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,47
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Cryo64Genesis2\Cryo64 Genesis 2.icl,55

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 gyljbokr - c:\windows\system32\drivers\hobiowbn.dat
R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys
R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 Ausbflt - c:\windows\system32\drivers\ausbflt.sys <Not Verified; Adaptec Inc.; WDM filter driver for USB devices>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S2 ohciusb (Open Host Controller Miniport USB Driver) - c:\windows\system32\drivers\ohciusb.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R0 Nla (Network Location Awareness (NLA)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
R0 SENS (System Event Notification) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) -
S3 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-04 01:23:40 386 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job

-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 11:22:01 0 d-------- C:\Program Files\Trend Micro
2007-12-04 11:16:50 0 dr-h----- C:\Documents and Settings\Michael Bottella\Recent
2007-12-03 17:57:55 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-03 17:57:04 248 --a------ C:\WINDOWS\System32\PavCPL.dat
2007-12-03 17:56:59 0 d-------- C:\WINDOWS\System32\PAV
2007-12-03 17:56:28 0 d-------- C:\Program Files\Panda Security
2007-12-03 17:51:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-03 14:40:58 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-12-03 13:47:32 0 d-------- C:\Program Files\Yahoo!
2007-12-03 13:47:22 0 d-------- C:\Program Files\CCleaner
2007-12-01 16:08:08 164 --a------ C:\install.dat
2007-12-01 16

40 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\GetRightToGo
2007-12-01 15:09:11 0 d-------- C:\Program Files\XoftSpySE
2007-11-30 00:16:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-30 00:15:50 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-28 17:40:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-28 17:40:19 216576 --a------ C:\WINDOWS\System32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2007-11-28 17:40:16 0 d-------- C:\Program Files\Comodo
2007-11-28 14:23:32 0 d-------- C:\b77fcd83296f02416190b03693858402
2007-11-28 14:22:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-28 14:22:05 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2007-11-28 02:54:18 0 d-------- C:\WINDOWS\System32\AppCert
2007-11-27 22:48:40 19200 --a------ C:\WINDOWS\System32\drivers\hobiowbn.dat
2007-11-27 22:48:13 106752 --a------ C:\WINDOWS\System32\clbcatexu.dll

-- Find3M Report ---------------------------------------------------------------

2007-12-04 11:09:33 4593 --ahs---- C:\WINDOWS\System32\mmf.sys
2007-12-04 04:27:39 24 --a------ C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat
2007-12-04 04:27:39 24 --a------ C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat
2007-12-04 00:58:21 0 d-------- C:\Program Files\eMule
2007-12-03 17:56:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-03 15:45:57 0 d-------- C:\Program Files\SmartPopupBlocker
2007-12-03 15:37:23 0 d-------- C:\Program Files\LeechGet 2006
2007-11-30 17:27:36 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\.ABC
2007-11-30 15:29:17 29 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 03:04:18 0 d-------- C:\Program Files\Common Files
2007-11-27 23:13:03 0 d-------- C:\Program Files\PeerGuardian2
2007-11-27 01:04:24 0 d-------- C:\Program Files\AIM6
2007-11-15 22:50:29 0 d-------- C:\Program Files\Sony
2007-11-13 09:16:17 0 d-------- C:\Program Files\Norton SystemWorks
2007-11-06 03:23:56 0 d-------- C:\Program Files\MySpace
2007-10-20 21:36:46 0 d-------- C:\Program Files\Security Task Manager
2007-10-20 10:13:19 0 d-------- C:\Program Files\Java
2007-10-18 19:09:26 0 d-------- C:\Program Files\MP3+G Toolz .NET 4
2007-10-08 13:40:10 0 d-------- C:\Program Files\Alcohol Soft
2007-10-08 12:55:52 0 d-------- C:\Documents and Settings\Michael Bottella\Application Data\SlySoft
2007-10-08 11:40:05 0 d-------- C:\Program Files\SlySoft
2007-10-08 10:39:47 0 d-------- C:\Program Files\Common Files\cdrdao
2007-10-05 23:46:48 0 d-------- C:\Program Files\ABC
2007-10-04 04:16:59 0 d-------- C:\Program Files\Symantec
2007-10-03 06:07:06 24576 --a------ C:\WINDOWS\OkyFlyPC_uninstall.exe <Not Verified; ; UNINSTALL Applicazione>
2007-09-30 20:40:15 45568 --a------ C:\WINDOWS\System32\realbsf1.dll
2007-09-30 20:40:15 69632 --a------ C:\WINDOWS\System32\realbap1.dll
2007-09-25 04:56:46 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EC4CC15-1E33-40F8-A44C-93CDE50437E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [12/26/2001 02:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/31/2007 01:34 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 11:35 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"LanzarL2007"="C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\{5E7A60E4-8B8F-4DA5-9341-2AEEAEC35AB0}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" []
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [07/19/2007 03:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 05:27 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/29/2006 1:38:55 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 08:02 PM 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michael Bottella^Start Menu^Programs^Startup^Eyetide Launcher.lnk]
path=C:\Documents and Settings\Michael Bottella\Start Menu\Programs\Startup\Eyetide Launcher.lnk
backup=C:\WINDOWS\pss\Eyetide Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A+PopUpBlocker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
C:\Program Files\Creative\SBLive2k\Launcher\CTLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\funk]
funk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
C:\Program Files\Creative\News\NewsUpd.EXE /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
C:\Program Files\Power Scan\powerscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\System32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
C:\WINDOWS\satmat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
C:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
C:\Program Files\Freescan\freescan.exe -FastScan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
"C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
C:\WINDOWS\System32\msnvl.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost

-- End of Deckard's System Scanner: finished at 2007-12-04 11:25:52 ------------