Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle

Kevin350 · 10-05-2009, 07:21 PM

Hello there,

I have an eight year old Gateway computer. It is just a regular, single home desktop. It has Windows XP Home Edition, 1.25 GB of RAM (originally had 256MB of RAM and I added two sticks of 512MB of RAM). I updated my computer to Service Pack 2 using Microsoft's Windows Update. My internet speed is about 6 - 8 MB's per second (cable).

Here is my problem: When I do not use my computer, it automatically starts to load like crazy. All I hear is the churning inside my PC's tower, but nothing comes up on the screen. After 30 seconds to 1 minute, the churning goes away. Also, when it churns, I see the hour glass next to the arrow on the screen. This happens once in a while, but it is suspicious. My computer hasn't been running like it used to, so I'm concerned if there are any viruses/trojans/malware/spyware deep inside my computer that are hiding from my numerous virus/spyware scans.

Also, when this problem started, I noticed that my Internet Explorer 7 has been scrolling up and down choppy on a lot of websites. Right now, if I scroll up and down this message body where I am typing this message, it will be sluggish. But, if I scroll Tech Support's website, it is not sluggish. Even when I highlight this text, it is sluggish to highlight. Websites like -- YouTube -- forget it. Very slow and I can't even play YouTube's HD videos as they are very choppy.

I would like to know from the experts if there is anything suspicious on my computer that should be cleaned.

I would appreciate it a lot!

Thank you

-Kevin

DDS (Ver_09-09-29.01) - NTFSx86
Run by Kev at 16:52:59.06 on Mon 10/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [US4Service] c:\program files\universal shield 4.3\US4Service.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: NoRecycleFiles = 0 (0x0)
uPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
mPolicies-system: RunLogonScriptSync = 0 (0x0)
dPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: NoChangeAnimation = 0 (0x0)
dPolicies-explorer: RestrictCpl = 0 (0x0)
dPolicies-explorer: DisallowCpl = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: RestrictRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoRecycleFiles = 0 (0x0)
dPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
dPolicies-explorer: NoCustomizeWebView = 0 (0x0)
dPolicies-explorer: NoFileAssociate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoInstrumentation = 0 (0x0)
dPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
dPolicies-explorer: NoWebView = 0 (0x0)
dPolicies-explorer: DontShowSuperHidden = 0 (0x0)
dPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
dPolicies-explorer: NoPublishingWizard = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 0 (0x0)
dPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
dPolicies-explorer: NoHelp = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
dPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-explorer: NoDisconnect = 0 (0x0)
dPolicies-explorer: NoNtSecurity = 0 (0x0)
dPolicies-explorer: GreyMSIAds = 0 (0x0)
dPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoSMBalloonTips = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: HideSCAVolume = 0 (0x0)
dPolicies-explorer: HideSCANetwork = 0 (0x0)
dPolicies-explorer: HideSCAPower = 0 (0x0)
dPolicies-explorer: NoTaskGrouping = 0 (0x0)
dPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
dPolicies-explorer: NoWebServices = 0 (0x0)
dPolicies-explorer: NoFileUrl = 0 (0x0)
dPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
dPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
dPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoThumbnailCache = 0 (0x0)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-system: NoVisualStyleChoice = 0 (0x0)
dPolicies-system: NoColorChoice = 0 (0x0)
dPolicies-system: NoSizeChoice = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253515827197
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kev\applic~1\mozilla\firefox\profiles\2zxzthrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-05 08:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 08:54 <DIR> --d----- c:\docume~1\kev\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 02:31 <DIR> --d----- c:\program files\StreamingStar
2009-09-23 05:13 <DIR> --d----- c:\program files\IrfanView
2009-09-23 05:04 <DIR> --d----- c:\windows\system32\Adobe
2009-09-23 03:06 <DIR> --d----- c:\program files\Universal Shield 4.3
2009-09-23 02:51 73,392 a------- c:\windows\system32\fsproflt.exe
2009-09-22 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 17:47 <DIR> --d----- c:\program files\FinalUninstaller
2009-09-22 16:51 328 a------- c:\windows\system32\PARTIZAL.EXE
2009-09-22 03:44 <DIR> --d----- c:\docume~1\kev\applic~1\Windows Search
2009-09-22 02:21 <DIR> --d----- c:\docume~1\kev\applic~1\EMCO
2009-09-22 00:27 <DIR> --d----- c:\windows\RestoreSafeDeleted
2009-09-22 00:21 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-09-22 00:21 2 a--shrot c:\windows\winstart.bat
2009-09-22 00:18 <DIR> --d----- c:\program files\Greatis
2009-09-21 21:31 1,871,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-09-21 07:30 <DIR> --d----- c:\program files\MSXML 4.0
2009-09-21 07:10 <DIR> --d----- c:\program files\Windows Desktop Search
2009-09-21 07:10 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-09-21 07:09 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-09-21 07:09 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-09-21 06:48 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-09-21 06:48 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-09-21 06:48 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-09-21 06:30 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-21 06:28 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-21 06:24 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-21 06:23 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-09-21 06:23 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-21 06:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-09-21 06:17 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-09-21 06:17 116,736 -------- c:\windows\system32\aaclient.dll
2009-09-21 06:17 36,352 -------- c:\windows\system32\tsgqec.dll
2009-09-18 23:34 <DIR> --d----- c:\windows\network diagnostic
2009-09-18 23:34 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-18 23:34 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-18 23:34 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-09-18 23:34 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-18 23:34 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-09-18 23:34 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-09-18 23:34 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-09-18 23:34 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-09-18 23:34 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-18 23:33 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-09-18 04:36 0 a------- c:\windows\system32\ab_bl.sig
2009-09-18 03:34 0 a------- c:\windows\system32\wsbl.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_white.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_summ.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_spoof.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ph_fuzzy.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_black.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords2.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pc_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ab_sbl.sig
2009-09-17 22:53 132 a------- c:\windows\system32\rezumatenoi.dat
2009-09-17 22:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-09-17 22:38 <DIR> --d----- c:\docume~1\kev\applic~1\BitDefender
2009-09-15 22:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-14 00:18 2,690 a------- c:\windows\system32\tmp.reg
2009-09-10 13:49 168,448 a------- c:\windows\system32\unrar.dll
2009-09-10 13:49 38 a------- c:\windows\avisplitter.ini
2009-09-10 13:49 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-09-10 13:49 287,744 a------- c:\windows\system32\divxa32.acm
2009-09-10 13:49 232,448 a------- c:\windows\system32\mp3fhg.acm
2009-09-10 13:49 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-09-10 13:49 118,784 a------- c:\windows\system32\ac3acm.acm
2009-09-10 13:49 39,936 a------- c:\windows\system32\huffyuv.dll
2009-09-10 13:48 2,402,304 a------- c:\windows\system32\x264vfw.dll
2009-09-10 13:48 391,680 a------- c:\windows\system32\I263_32.drv
2009-09-10 13:48 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-10 13:44 1,101,696 a------- c:\windows\system32\drivers\BCMSM.sys
2009-09-10 13:44 147,456 a------- c:\windows\BCMSMU.exe
2009-09-10 13:44 122,880 a------- c:\windows\BCMSMMSG.exe
2009-09-10 13:44 118,784 a------- c:\windows\system32\BCMSMI32.dll
2009-09-10 13:44 57,344 a------- c:\windows\BCMSMD2K.exe
2009-09-10 13:44 34,304 a------- c:\windows\system32\BCMSM168.dll
2009-09-10 13:39 <DIR> --d----- c:\program files\Driver Checker
2009-09-10 02:01 <DIR> --d----- c:\program files\ReNamer
2009-09-10 01:12 <DIR> --d----- c:\program files\RenameTool
2009-09-09 22:32 <DIR> --d----- c:\docume~1\kev\applic~1\GameRanger
2009-09-09 07:56 121 a------- c:\windows\bdagent.INI
2009-09-08 23:28 394 a------- c:\windows\system32\BDUpdateV1.xml
2009-09-08 23:22 132 a------- C:\httpdwl.dat
2009-09-08 23:22 81,984 a------- c:\windows\system32\bdod.bin
2009-09-08 23:05 228,672 a------- c:\windows\system32\drivers\bdfsfltr.sys.bak
2009-09-08 23:05 82,568 a------- c:\windows\system32\drivers\BDVEDISK.sys.bak
2009-09-08 22:37 850 a------- c:\windows\system32\ProductTweaks.xml
2009-09-08 22:37 385 a------- c:\windows\system32\user_gensett.xml
2009-09-08 22:18 <DIR> --d----- c:\windows\system32\logs
2009-09-08 22:17 <DIR> --d----- c:\program files\BitDefender
2009-09-08 22:15 <DIR> --d----- c:\windows\system32\URTTEMP
2009-09-08 22:14 <DIR> --d----- c:\program files\common files\BitDefender
2009-09-08 02:02 <DIR> --d----- c:\program files\RapidBIT
2009-09-07 23:45 931,672 a------- c:\windows\system32\XAudioD2_4.dll
2009-09-07 23:45 125,768 a------- c:\windows\system32\XAPOFXD1_3.dll
2009-09-07 23:45 428,888 a------- c:\windows\system32\XactEngineA3_4.dll
2009-09-07 23:45 343,368 a------- c:\windows\system32\XactEngineD3_4.dll
2009-09-07 23:45 358,728 a------- c:\windows\system32\dinput8d.dll
2009-09-07 23:45 45,384 a------- c:\windows\system32\X3DAudioD1_6.dll
2009-09-07 23:45 4,280,136 a------- c:\windows\system32\D3dx9d_41.dll
2009-09-07 23:45 3,795,784 a------- c:\windows\system32\d3dx9d_33.dll
2009-09-07 23:45 3,083,592 a------- c:\windows\system32\d3d9d.dll
2009-09-07 23:45 497,480 a------- c:\windows\system32\D3DX10d_41.dll
2009-09-07 23:45 348,504 a------- c:\windows\system32\d3dref9.dll
2009-09-07 23:39 <DIR> --d----- c:\program files\Microsoft DirectX SDK (March 2009)
2009-09-07 23:38 118,104 a------- c:\windows\dxsdkuninst.exe
2009-09-07 15:10 <DIR> --d----- c:\program files\Microsoft Games

==================== Find3M ====================

2009-09-22 12:17 110,856 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-09-22 11:46 152,328 a------- c:\windows\system32\drivers\bdfm.sys
2009-09-22 11:46 105,736 a------- c:\windows\system32\drivers\bdhv.sys
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-01 14:07 7,028 a--sh--- c:\windows\system32\sys_drv.dat.bd.ren
2009-09-01 14:07 6,024 a--sh--- c:\windows\system32\sys_drv_2.dat.bd.ren
2009-08-30 15:19 990 a--sh--- c:\docume~1\kev\applic~1\systemfl.$dk.bd.ren
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-31 20:40 256,536 a------- c:\windows\system32\Prounstl.exe
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-29 00:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-15 23:29 360,580 a------- c:\windows\system32\eSellerateEngine.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-09 18:21 184,320 a------- c:\windows\system32\Ncs2Setp.dll
2009-07-09 18:09 768,632 a------- c:\windows\system32\ncs2dmix.dll
2009-07-09 18:09 539,256 a------- c:\windows\system32\accesor.dll
2009-07-09 17:53 141,944 a------- c:\windows\system32\ncs2instutility.dll
2009-07-09 17:44 1,624,696 a------- c:\windows\system32\ncscolib.dll
2009-07-09 00:55 0 a------- c:\docume~1\kev\applic~1\wklnhst.dat

============= FINISH: 16:55:35.84 ===============

extremeboy · 10-12-2009, 04:44 PM

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

Kevin350 · 10-13-2009, 12:58 PM

Extremeboy,

Thank you for your reply! I appreciate it! I'm not in a rush, so don't feel that your response(s) are late.

My symptoms have been the same as my original post. When my computer is in idle, my computer starts to randomly load (my computer churns really fast). While it is churning, my arrow has a hour glass right next to it. Eventually, the hour glass will go away and the computer will finish loading. But, when it loads really fast, no programs come up or anything.

My IE 8 was slow loading new tabs (with the middle click of my mouse). It also had slow and choppy scrolling. When I scrolled, the webpage looked like there was waves on it. Sites like YouTube are slow to load especially when I'm viewing a video (definitely a High Definition YouTube video). I changed my IE 8 back to IE 7 thinking that would clear up any bugs in IE 8. But I still have the same problems with IE 7 (which is what I'm using now).

Here are my logs:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Kev at 12:02:28.63 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [US4Service] c:\program files\universal shield 4.3\US4Service.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: NoRecycleFiles = 0 (0x0)
uPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
mPolicies-system: RunLogonScriptSync = 0 (0x0)
dPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: NoChangeAnimation = 0 (0x0)
dPolicies-explorer: RestrictCpl = 0 (0x0)
dPolicies-explorer: DisallowCpl = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: RestrictRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoRecycleFiles = 0 (0x0)
dPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
dPolicies-explorer: NoCustomizeWebView = 0 (0x0)
dPolicies-explorer: NoFileAssociate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoInstrumentation = 0 (0x0)
dPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
dPolicies-explorer: NoWebView = 0 (0x0)
dPolicies-explorer: DontShowSuperHidden = 0 (0x0)
dPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
dPolicies-explorer: NoPublishingWizard = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 0 (0x0)
dPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
dPolicies-explorer: NoHelp = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
dPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-explorer: NoDisconnect = 0 (0x0)
dPolicies-explorer: NoNtSecurity = 0 (0x0)
dPolicies-explorer: GreyMSIAds = 0 (0x0)
dPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoSMBalloonTips = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: HideSCAVolume = 0 (0x0)
dPolicies-explorer: HideSCANetwork = 0 (0x0)
dPolicies-explorer: HideSCAPower = 0 (0x0)
dPolicies-explorer: NoTaskGrouping = 0 (0x0)
dPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
dPolicies-explorer: NoWebServices = 0 (0x0)
dPolicies-explorer: NoFileUrl = 0 (0x0)
dPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
dPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
dPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoThumbnailCache = 0 (0x0)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-system: NoVisualStyleChoice = 0 (0x0)
dPolicies-system: NoColorChoice = 0 (0x0)
dPolicies-system: NoSizeChoice = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253515827197
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kev\applic~1\mozilla\firefox\profiles\2zxzthrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-06 02:44 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-10-05 08:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 08:54 <DIR> --d----- c:\docume~1\kev\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 02:31 <DIR> --d----- c:\program files\StreamingStar
2009-09-23 05:13 <DIR> --d----- c:\program files\IrfanView
2009-09-23 05:04 <DIR> --d----- c:\windows\system32\Adobe
2009-09-23 03:06 <DIR> --d----- c:\program files\Universal Shield 4.3
2009-09-23 02:51 73,392 a------- c:\windows\system32\fsproflt.exe
2009-09-22 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 17:47 <DIR> --d----- c:\program files\FinalUninstaller
2009-09-22 16:51 328 a------- c:\windows\system32\PARTIZAL.EXE
2009-09-22 03:44 <DIR> --d----- c:\docume~1\kev\applic~1\Windows Search
2009-09-22 02:21 <DIR> --d----- c:\docume~1\kev\applic~1\EMCO
2009-09-22 00:27 <DIR> --d----- c:\windows\RestoreSafeDeleted
2009-09-22 00:21 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-09-22 00:21 2 a--shrot c:\windows\winstart.bat
2009-09-22 00:18 <DIR> --d----- c:\program files\Greatis
2009-09-21 21:31 1,871,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-09-21 07:30 <DIR> --d----- c:\program files\MSXML 4.0
2009-09-21 07:10 <DIR> --d----- c:\program files\Windows Desktop Search
2009-09-21 07:10 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-09-21 07:09 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-09-21 07:09 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-09-21 06:48 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-09-21 06:48 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-09-21 06:48 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-09-21 06:30 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-21 06:28 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-21 06:24 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-21 06:23 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-09-21 06:23 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-21 06:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-09-21 06:17 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-09-21 06:17 116,736 -------- c:\windows\system32\aaclient.dll
2009-09-21 06:17 36,352 -------- c:\windows\system32\tsgqec.dll
2009-09-18 23:34 <DIR> --d----- c:\windows\network diagnostic
2009-09-18 23:34 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-18 23:34 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-18 23:34 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-09-18 23:34 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-18 23:34 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-09-18 23:34 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-09-18 23:34 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-09-18 23:34 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-09-18 23:34 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-18 23:33 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-09-18 04:36 0 a------- c:\windows\system32\ab_bl.sig
2009-09-18 03:34 0 a------- c:\windows\system32\wsbl.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_white.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_summ.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_spoof.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ph_fuzzy.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_black.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords2.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pc_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ab_sbl.sig
2009-09-17 22:53 132 a------- c:\windows\system32\rezumatenoi.dat
2009-09-17 22:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-09-17 22:38 <DIR> --d----- c:\docume~1\kev\applic~1\BitDefender
2009-09-15 22:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-14 00:18 2,690 a------- c:\windows\system32\tmp.reg

==================== Find3M ====================

2009-10-09 07:17 152,328 a------- c:\windows\system32\drivers\bdfm.sys
2009-09-28 14:00 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-09-22 12:17 110,856 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-09-22 11:46 105,736 a------- c:\windows\system32\drivers\bdhv.sys
2009-09-17 22:22 81,984 a------- c:\windows\system32\bdod.bin
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:44 1,101,696 a------- c:\windows\system32\drivers\BCMSM.sys
2009-09-10 13:44 147,456 a------- c:\windows\BCMSMU.exe
2009-09-10 13:44 122,880 a------- c:\windows\BCMSMMSG.exe
2009-09-10 13:44 118,784 a------- c:\windows\system32\BCMSMI32.dll
2009-09-10 13:44 57,344 a------- c:\windows\BCMSMD2K.exe
2009-09-10 13:44 34,304 a------- c:\windows\system32\BCMSM168.dll
2009-09-08 23:22 132 a------- C:\httpdwl.dat
2009-09-07 23:38 118,104 a------- c:\windows\dxsdkuninst.exe
2009-09-01 14:07 7,028 a--sh--- c:\windows\system32\sys_drv.dat.bd.ren
2009-09-01 14:07 6,024 a--sh--- c:\windows\system32\sys_drv_2.dat.bd.ren
2009-08-30 15:19 990 a--sh--- c:\docume~1\kev\applic~1\systemfl.$dk.bd.ren
2009-08-16 11:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-31 20:40 256,536 a------- c:\windows\system32\Prounstl.exe
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-29 02:35 2,378,752 a------- c:\windows\system32\x264vfw.dll
2009-07-29 00:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-15 23:29 360,580 a------- c:\windows\system32\eSellerateEngine.dll
2009-07-09 00:55 0 a------- c:\docume~1\kev\applic~1\wklnhst.dat

============= FINISH: 12:05:03.32 ===============

extremeboy · 10-13-2009, 02:39 PM

Thanks for the description.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Kevin350 · 10-14-2009, 10:36 AM

Extremeboy,

Here is my ComboFix log:

ComboFix 09-10-13.04 - Kev 10/14/2009 12:01.1.1 - NTFSx86
Running from: c:\documents and settings\Kev\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kev\Application Data\.#
C:\HCT11D.tmp
C:\HCT11E.tmp
C:\HCT13.tmp
C:\HCT14.tmp
c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx
c:\program files\FlashGet Network
c:\windows\Installer\147edd49.msi
c:\windows\Installer\165f1d5.msi
c:\windows\Installer\165f1db.msi
c:\windows\Installer\18f4f6b9.msi
c:\windows\Installer\1d3c64f6.msi
c:\windows\Installer\1e9e355.msi
c:\windows\Installer\21ea5457.msi
c:\windows\Installer\320f3f71.msi
c:\windows\Installer\323c9d.msi
c:\windows\Installer\323ca3.msi
c:\windows\Installer\323cad.msi
c:\windows\Installer\323cb2.msi
c:\windows\Installer\33ce7569.msi
c:\windows\Installer\460dcf03.msi
c:\windows\Installer\494bb.msi
c:\windows\Installer\54080.msi
c:\windows\Installer\5622fb1.msi
c:\windows\Installer\5d6906b.msi
c:\windows\Installer\5d69071.msi
c:\windows\Installer\73b7b.msi
c:\windows\Installer\b61a7c0.msp
c:\windows\Installer\be3fb95.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\logs
c:\windows\system32\o4Patch.exe
c:\windows\system32\PARTIZAL.EXE
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 14:55 . 2009-10-12 14:56 -------- d-----w- c:\documents and settings\Kev\Local Settings\Application Data\Deployment
2009-10-05 12:55 . 2009-10-05 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-05 12:54 . 2009-10-05 12:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\documents and settings\Kev\Application Data\SUPERAntiSpyware.com
2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 06:31 . 2009-10-01 06:31 -------- d-----w- c:\program files\StreamingStar
2009-09-23 09:13 . 2009-09-23 09:13 -------- d-----w- c:\program files\IrfanView
2009-09-23 09:04 . 2009-09-23 09:06 -------- d-----w- c:\windows\system32\Adobe
2009-09-23 07:06 . 2009-10-05 20:27 -------- d-----w- c:\program files\Universal Shield 4.3
2009-09-23 06:51 . 2009-05-03 16:22 73392 ----a-w- c:\windows\system32\fsproflt.exe
2009-09-23 03:24 . 2009-09-23 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 21:47 . 2009-09-22 21:48 -------- d-----w- c:\program files\FinalUninstaller
2009-09-22 07:44 . 2009-09-22 07:44 -------- d-----w- c:\documents and settings\Kev\Application Data\Windows Search
2009-09-22 06:21 . 2009-09-22 06:21 -------- d-----w- c:\documents and settings\Kev\Application Data\EMCO
2009-09-22 04:27 . 2009-09-22 04:27 -------- d-----w- c:\windows\RestoreSafeDeleted
2009-09-22 04:21 . 2009-09-22 21:19 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-09-22 04:21 . 2009-09-22 04:21 2 --shatr- c:\windows\winstart.bat
2009-09-22 04:18 . 2009-09-22 04:18 -------- d-----w- c:\program files\Greatis
2009-09-22 01:31 . 2009-06-09 15:06 1871872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-21 11:44 . 2009-09-21 11:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-21 11:30 . 2009-09-21 11:30 -------- d-----w- c:\program files\MSXML 4.0
2009-09-21 11:10 . 2009-09-23 02:48 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-21 11:10 . 2009-09-21 11:10 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-21 11:09 . 2008-03-07 16:56 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-21 11:09 . 2008-03-07 16:56 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-21 10:48 . 2006-08-21 12:21 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2009-09-21 10:48 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2009-09-21 10:48 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2009-09-21 10:30 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-21 10:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-21 10:23 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-21 10:23 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-21 10:21 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-21 10:17 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll
2009-09-21 10:17 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll
2009-09-21 10:17 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll
2009-09-19 03:34 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-19 03:34 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-19 03:34 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-19 03:34 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-09-19 03:34 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-19 03:34 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-09-19 03:34 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-19 03:34 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-19 03:33 . 2007-08-13 22:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\wsbl.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_white.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_black.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords.dat
2009-09-18 02:53 . 2009-10-08 17:46 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-09-18 02:45 . 2009-09-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-18 02:38 . 2009-09-18 02:38 -------- d-----w- c:\documents and settings\Kev\Application Data\BitDefender
2009-09-16 02:13 . 2009-09-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 05:59 . 2009-01-31 22:52 -------- d-----w- c:\documents and settings\Kev\Application Data\mIRC
2009-10-14 02:44 . 2009-01-31 22:52 -------- d-----w- c:\program files\mIRC
2009-10-09 11:17 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-10-08 20:01 . 2009-08-23 07:16 -------- d-----w- c:\program files\a-squared Free
2009-10-06 06:46 . 2009-10-06 06:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-06 06:37 . 2009-04-03 17:09 -------- d-----w- c:\documents and settings\Kev\Application Data\DMCache
2009-10-05 20:30 . 2009-09-08 06:02 -------- d-----w- c:\program files\RapidBIT
2009-10-05 20:26 . 2009-02-04 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 18:00 . 2009-10-06 06:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-25 08:32 . 2009-08-16 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-23 07:22 . 2009-01-31 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 07:22 . 2009-03-27 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-09-23 03:32 . 2009-06-19 02:25 -------- d-----w- c:\documents and settings\Kev\Application Data\Apple Computer
2009-09-23 03:28 . 2009-06-19 02:10 -------- d-----w- c:\program files\iTunes
2009-09-23 03:24 . 2009-06-19 02:00 -------- d-----w- c:\program files\iPod
2009-09-23 03:20 . 2009-06-19 02:23 -------- d-----w- c:\program files\QuickTime
2009-09-23 03:17 . 2009-01-31 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-23 03:15 . 2009-05-20 20:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 02:40 . 2009-07-01 19:59 -------- d-----w- c:\program files\Audio Edit Magic
2009-09-22 21:32 . 2009-07-01 22:28 -------- d-----w- c:\program files\Common Files\Acronis
2009-09-22 21:29 . 2009-04-30 03:05 -------- d-----w- c:\program files\Tweak-XP Pro 4
2009-09-22 21:28 . 2009-09-10 17:39 -------- d-----w- c:\program files\Driver Checker
2009-09-22 21:28 . 2009-07-12 05:21 -------- d-----w- c:\program files\DriverGenius
2009-09-22 16:17 . 2009-08-06 20:34 110856 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-09-22 15:46 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-22 01:38 . 2009-09-22 01:38 0 ----a-w- c:\documents and settings\All Users\Application Data\xml34.tmp
2009-09-22 01:38 . 2009-08-18 22:33 2095 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp
2009-09-22 01:38 . 2009-08-18 22:33 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlBC.tmp
2009-09-22 01:38 . 2009-08-18 22:33 8051 ----a-w- c:\documents and settings\All Users\Application Data\xmlBB.tmp
2009-09-20 06:29 . 2009-06-23 06:44 -------- d-----w- c:\program files\EasyDownloader
2009-09-20 06:28 . 2009-06-23 06:45 -------- d--h--w- c:\program files\InstallJammer Registry
2009-09-18 02:45 . 2009-09-09 02:17 -------- d-----w- c:\program files\BitDefender
2009-09-18 02:45 . 2009-09-09 02:14 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 02:22 . 2009-09-09 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-18 02:10 . 2009-07-05 21:35 -------- d-----w- c:\program files\Error Repair Professional
2009-09-16 02:11 . 2009-04-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-15 04:18 . 2009-06-22 04:43 -------- d-----w- c:\program files\Foxit Software
2009-09-11 00:33 . 2009-04-29 23:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 18:54 . 2009-08-16 14:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-16 14:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:44 . 2009-09-10 17:44 57344 ----a-w- c:\windows\BCMSMD2K.exe
2009-09-10 17:44 . 2009-09-10 17:44 34304 ----a-w- c:\windows\system32\BCMSM168.dll
2009-09-10 17:44 . 2009-09-10 17:44 147456 ----a-w- c:\windows\BCMSMU.exe
2009-09-10 17:44 . 2009-09-10 17:44 122880 ----a-w- c:\windows\BCMSMMSG.exe
2009-09-10 17:44 . 2009-09-10 17:44 118784 ----a-w- c:\windows\system32\BCMSMI32.dll
2009-09-10 17:44 . 2009-09-10 17:44 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys
2009-09-10 06:05 . 2009-09-10 06:01 -------- d-----w- c:\program files\ReNamer
2009-09-10 05:12 . 2009-09-10 05:12 -------- d-----w- c:\program files\RenameTool
2009-09-10 02:33 . 2009-09-10 02:32 -------- d-----w- c:\documents and settings\Kev\Application Data\GameRanger
2009-09-10 02:10 . 2009-03-10 20:57 -------- d-----w- c:\program files\Java
2009-09-09 06:35 . 2009-01-31 17:53 -------- d-----w- c:\program files\Gateway
2009-09-09 03:22 . 2009-09-09 03:22 132 ----a-w- C:\httpdwl.dat
2009-09-09 02:10 . 2009-06-30 05:30 -------- d-----w- c:\program files\Hard Disk Sentinel
2009-09-08 03:45 . 2009-09-08 03:39 -------- d-----w- c:\program files\Microsoft DirectX SDK (March 2009)
2009-09-08 03:39 . 2009-03-03 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 03:38 . 2009-09-08 03:38 118104 ----a-w- c:\windows\dxsdkuninst.exe
2009-09-08 03:29 . 2009-01-31 11:32 76128 ----a-w- c:\documents and settings\Kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 19:10 . 2009-09-07 19:10 -------- d-----w- c:\program files\Microsoft Games
2009-09-03 05:50 . 2009-09-03 05:50 -------- d-----w- c:\documents and settings\Kev\Application Data\Foxit Software
2009-09-01 18:07 . 2009-06-04 02:30 7028 --sha-w- c:\windows\system32\sys_drv.dat.bd.ren
2009-09-01 18:07 . 2009-06-04 02:30 6024 --sha-w- c:\windows\system32\sys_drv_2.dat.bd.ren
2009-08-30 19:19 . 2009-06-04 02:30 990 --sha-w- c:\documents and settings\Kev\Application Data\systemfl.$dk.bd.ren
2009-08-29 03:36 . 2009-08-29 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-28 05:51 . 2009-01-31 18:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-24 22:16 . 2009-07-18 02:50 -------- d-----w- c:\program files\NeoTracePro
2009-08-24 20:35 . 2009-08-24 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-08-24 20:20 . 2009-08-24 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-24 03:47 . 2009-08-24 03:40 -------- d-----w- c:\program files\Intel
2009-08-23 19:28 . 2009-05-27 21:55 -------- d-----w- c:\program files\Top Password
2009-08-18 22:32 . 2009-08-18 22:32 -------- d-----w- c:\program files\SiSoftware
2009-08-16 15:08 . 2009-10-06 06:44 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\documents and settings\Kev\Application Data\Malwarebytes
2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-05 09:11 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 00:40 . 2009-04-17 03:26 256536 ----a-w- c:\windows\system32\Prounstl.exe
2009-07-31 19:23 . 2009-03-10 20:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 06:35 . 2009-10-06 06:44 2378752 ----a-w- c:\windows\system32\x264vfw.dll
2009-07-29 04:53 . 2001-08-30 10:30 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-24 16:26 . 2009-07-24 16:26 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-07-17 18:55 . 2001-08-30 10:30 58880 ----a-w- c:\windows\system32\atl.dll
2009-09-22 15:46 . 2009-09-18 02:51 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-09-22 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-09-22 1114536]
"US4Service"="c:\program files\Universal Shield 4.3\US4Service.exe" [2009-07-09 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ !?Q??>??\0autocheck \0autocheck autocheck K\0autocheck >?>?>?>rigg\0autocheck autocheck ?>?>??>?>?>?>?>?>?>?>?>?>\0autocheck ?>+Û?>?>??>'>a?>?>O?>?>U?>?>?>
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cisvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\RpcAgentSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x]
R2 DevLdr32exe;Environmental Sound Controller;c:\windows\System32\srvany.exe [1998-11-22 8464]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [x]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-09-22 183880]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2009-09-22 29584]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-04-01 82696]
S2 CANNT;CANNT; [x]
S2 CATLNKNT;CATLNKNT; [x]
S2 DLADRVNT;DLADRVNT; [x]
S2 DLASIPNT;DLASIPNT; [x]
S2 J1708NT;J1708NT; [x]
S2 J1939NT;J1939NT; [x]
S2 PARCAII;PARCAII; [x]
S2 PCSMHNT;PCSMHNT; [x]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-10-09 152328]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-22 110856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-09-10 19160]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - pwaorkob

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Kev\Application Data\Mozilla\Firefox\Profiles\2zxzthrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
Notify-WgaLogon - (no file)
SafeBoot-US30Sys.sys
MSConfigStartUp-TrueImageMonitor - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 12:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-14 12:25
ComboFix-quarantined-files.txt 2009-10-14 16:25

Pre-Run: 18,388,504,576 bytes free
Post-Run: 18,394,451,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

425

extremeboy · 10-14-2009, 03:03 PM

Hello.

I'm busy today so we'll go thorough a begin to do some more fixing tomorrow. However, in the meantime you can perform the following 2 steps. Sorry.

Create and Run batch script

Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

Quote:

@Echo Off

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager"
Start Notepad C:\look.txt
Click File, then Save As... .
Click Desktop on the left.
Under the Save as type dropdown, select All Files.
In the box File Name, input Look.bat.
Hit OK.

When done properly, the icon should look like

for XP machines and

for Vista machines.

Double click on Look.bat to run it. If you are using Windows Vista, please right-click and Run As Administrator...

A Black DOS window shall appear and then disappear. Then notepad will open with the contents I would like to see. It can also be found in your C:\ drive entitled Look.txt

Please ATTACH the log file in your next reply. Compress/Zip it up if it's too big to attach. You can compress it and zip it up by right-clicking on it and select send to > Compressed (zipped) folder. Then attach the new Look.zip file in your next reply.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

~EB

Kevin350 · 10-15-2009, 11:28 AM

Extremeboy,

Don't be sorry -- I'm not in a rush.

The Look.bat log is attached and here's my MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2967
Windows 5.1.2600 Service Pack 2

10/15/2009 1:22:43 PM
mbam-log-2009-10-15 (13-22-43).txt

Scan type: Quick Scan
Objects scanned: 110726
Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

extremeboy · 10-15-2009, 04:21 PM

Hello.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.

Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:

Code:

RegLock::
[HKEY_USERS\.Default\Software\SetID\Internal]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
File::
c:\windows\system32\drivers\SBREdrv.sys
c:\windows\system32\DRIVERS\Lbd.sys
c:\windows\system32\drivers\Partizan.sys
c:\program files\RapidBIT\cisvc.exe
c:\windows\system32\WinFLdrv.sys
Driver::
CANNT
CATLNKNT
DLADRVNT
DLASIPNT
J1708NT
J1939NT
PARCAII
PCSMHNT
SBRE
Lbd
Partizan
FlexService
WinFLdrv

Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy

Kevin350 · 10-15-2009, 08:28 PM

Extremeboy,

Thank you very much for your time and effort!

I'll let you know if the same symptoms come back up again. Websites like Yahoo, YouTube, and scrolling up and down this text message box are still slow and choppy. But maybe that's due to my IE 7 or the fact that I have never uninstalled previous Java/Adobe Flash before I updated them with newer versions?

The cisvc.exe, lbd.sys, WinFLdrv.sys, and Partizan.sys files seemed suspicious to me. I was glad that you included them to be ComboFixed.

Here is my ComboFix log:

ComboFix 09-10-15.03 - Kev 10/15/2009 21:27.2.1 - NTFSx86
Running from: c:\documents and settings\Kev\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kev\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point

FILE ::
"c:\program files\RapidBIT\cisvc.exe"
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\drivers\Partizan.sys"
"c:\windows\system32\drivers\SBREdrv.sys"
"c:\windows\system32\WinFLdrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CANNT
-------\Legacy_CATLNKNT
-------\Legacy_DLADRVNT
-------\Legacy_DLASIPNT
-------\Legacy_FLEXSERVICE
-------\Legacy_J1708NT
-------\Legacy_J1939NT
-------\Legacy_LBD
-------\Legacy_PARCAII
-------\Legacy_PARTIZAN
-------\Legacy_PCSMHNT
-------\Legacy_SBRE
-------\Legacy_WINFLDRV
-------\Service_CANNT
-------\Service_CATLNKNT
-------\Service_DLADRVNT
-------\Service_DLASIPNT
-------\Service_FlexService
-------\Service_J1708NT
-------\Service_J1939NT
-------\Service_Lbd
-------\Service_PARCAII
-------\Service_Partizan
-------\Service_PCSMHNT
-------\Service_SBRE
-------\Service_WinFLdrv

((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-12 14:55 . 2009-10-12 14:56 -------- d-----w- c:\documents and settings\Kev\Local Settings\Application Data\Deployment
2009-10-05 12:55 . 2009-10-05 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-05 12:54 . 2009-10-05 12:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\documents and settings\Kev\Application Data\SUPERAntiSpyware.com
2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 06:31 . 2009-10-01 06:31 -------- d-----w- c:\program files\StreamingStar
2009-09-23 09:13 . 2009-09-23 09:13 -------- d-----w- c:\program files\IrfanView
2009-09-23 09:04 . 2009-09-23 09:06 -------- d-----w- c:\windows\system32\Adobe
2009-09-23 07:06 . 2009-10-05 20:27 -------- d-----w- c:\program files\Universal Shield 4.3
2009-09-23 06:51 . 2009-05-03 16:22 73392 ----a-w- c:\windows\system32\fsproflt.exe
2009-09-23 03:24 . 2009-09-23 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 21:47 . 2009-09-22 21:48 -------- d-----w- c:\program files\FinalUninstaller
2009-09-22 07:44 . 2009-09-22 07:44 -------- d-----w- c:\documents and settings\Kev\Application Data\Windows Search
2009-09-22 06:21 . 2009-09-22 06:21 -------- d-----w- c:\documents and settings\Kev\Application Data\EMCO
2009-09-22 04:27 . 2009-09-22 04:27 -------- d-----w- c:\windows\RestoreSafeDeleted
2009-09-22 04:21 . 2009-09-22 21:19 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-09-22 04:21 . 2009-09-22 04:21 2 --shatr- c:\windows\winstart.bat
2009-09-22 04:18 . 2009-09-22 04:18 -------- d-----w- c:\program files\Greatis
2009-09-22 01:31 . 2009-06-09 15:06 1871872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-21 11:44 . 2009-09-21 11:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-09-21 11:30 . 2009-09-21 11:30 -------- d-----w- c:\program files\MSXML 4.0
2009-09-21 11:10 . 2009-09-23 02:48 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-21 11:10 . 2009-09-21 11:10 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-21 11:09 . 2008-03-07 16:56 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-09-21 11:09 . 2008-03-07 16:56 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-09-21 10:48 . 2006-08-21 12:21 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll
2009-09-21 10:48 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe
2009-09-21 10:48 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys
2009-09-21 10:30 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-21 10:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-21 10:23 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-21 10:23 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-09-21 10:21 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-21 10:17 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll
2009-09-21 10:17 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll
2009-09-21 10:17 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll
2009-09-19 03:34 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-19 03:34 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-19 03:34 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-19 03:34 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-09-19 03:34 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-19 03:34 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-09-19 03:34 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-19 03:34 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-19 03:33 . 2007-08-13 22:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\wsbl.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_white.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_black.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords.dat
2009-09-18 02:53 . 2009-10-08 17:46 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-09-18 02:45 . 2009-09-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-09-18 02:38 . 2009-09-18 02:38 -------- d-----w- c:\documents and settings\Kev\Application Data\BitDefender
2009-09-16 02:13 . 2009-09-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 16:57 . 2009-08-16 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 03:42 . 2009-01-31 22:52 -------- d-----w- c:\documents and settings\Kev\Application Data\mIRC
2009-10-14 20:32 . 2009-01-31 22:52 -------- d-----w- c:\program files\mIRC
2009-10-09 11:17 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-10-08 20:01 . 2009-08-23 07:16 -------- d-----w- c:\program files\a-squared Free
2009-10-06 06:46 . 2009-10-06 06:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-06 06:37 . 2009-04-03 17:09 -------- d-----w- c:\documents and settings\Kev\Application Data\DMCache
2009-10-05 20:30 . 2009-09-08 06:02 -------- d-----w- c:\program files\RapidBIT
2009-10-05 20:26 . 2009-02-04 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 18:00 . 2009-10-06 06:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-23 07:22 . 2009-01-31 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 07:22 . 2009-03-27 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-09-23 03:32 . 2009-06-19 02:25 -------- d-----w- c:\documents and settings\Kev\Application Data\Apple Computer
2009-09-23 03:28 . 2009-06-19 02:10 -------- d-----w- c:\program files\iTunes
2009-09-23 03:24 . 2009-06-19 02:00 -------- d-----w- c:\program files\iPod
2009-09-23 03:20 . 2009-06-19 02:23 -------- d-----w- c:\program files\QuickTime
2009-09-23 03:17 . 2009-01-31 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-23 03:15 . 2009-05-20 20:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 02:40 . 2009-07-01 19:59 -------- d-----w- c:\program files\Audio Edit Magic
2009-09-22 21:32 . 2009-07-01 22:28 -------- d-----w- c:\program files\Common Files\Acronis
2009-09-22 21:29 . 2009-04-30 03:05 -------- d-----w- c:\program files\Tweak-XP Pro 4
2009-09-22 21:28 . 2009-09-10 17:39 -------- d-----w- c:\program files\Driver Checker
2009-09-22 21:28 . 2009-07-12 05:21 -------- d-----w- c:\program files\DriverGenius
2009-09-22 16:17 . 2009-08-06 20:34 110856 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-09-22 15:46 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-09-22 01:38 . 2009-09-22 01:38 0 ----a-w- c:\documents and settings\All Users\Application Data\xml34.tmp
2009-09-22 01:38 . 2009-08-18 22:33 2095 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp
2009-09-22 01:38 . 2009-08-18 22:33 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlBC.tmp
2009-09-22 01:38 . 2009-08-18 22:33 8051 ----a-w- c:\documents and settings\All Users\Application Data\xmlBB.tmp
2009-09-20 06:29 . 2009-06-23 06:44 -------- d-----w- c:\program files\EasyDownloader
2009-09-20 06:28 . 2009-06-23 06:45 -------- d--h--w- c:\program files\InstallJammer Registry
2009-09-18 02:45 . 2009-09-09 02:17 -------- d-----w- c:\program files\BitDefender
2009-09-18 02:45 . 2009-09-09 02:14 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 02:22 . 2009-09-09 03:22 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-18 02:10 . 2009-07-05 21:35 -------- d-----w- c:\program files\Error Repair Professional
2009-09-16 02:11 . 2009-04-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-15 04:18 . 2009-06-22 04:43 -------- d-----w- c:\program files\Foxit Software
2009-09-11 00:33 . 2009-04-29 23:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 18:54 . 2009-08-16 14:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-16 14:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 17:44 . 2009-09-10 17:44 57344 ----a-w- c:\windows\BCMSMD2K.exe
2009-09-10 17:44 . 2009-09-10 17:44 34304 ----a-w- c:\windows\system32\BCMSM168.dll
2009-09-10 17:44 . 2009-09-10 17:44 147456 ----a-w- c:\windows\BCMSMU.exe
2009-09-10 17:44 . 2009-09-10 17:44 122880 ----a-w- c:\windows\BCMSMMSG.exe
2009-09-10 17:44 . 2009-09-10 17:44 118784 ----a-w- c:\windows\system32\BCMSMI32.dll
2009-09-10 17:44 . 2009-09-10 17:44 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys
2009-09-10 06:05 . 2009-09-10 06:01 -------- d-----w- c:\program files\ReNamer
2009-09-10 05:12 . 2009-09-10 05:12 -------- d-----w- c:\program files\RenameTool
2009-09-10 02:33 . 2009-09-10 02:32 -------- d-----w- c:\documents and settings\Kev\Application Data\GameRanger
2009-09-10 02:10 . 2009-03-10 20:57 -------- d-----w- c:\program files\Java
2009-09-09 06:35 . 2009-01-31 17:53 -------- d-----w- c:\program files\Gateway
2009-09-09 03:22 . 2009-09-09 03:22 132 ----a-w- C:\httpdwl.dat
2009-09-09 02:10 . 2009-06-30 05:30 -------- d-----w- c:\program files\Hard Disk Sentinel
2009-09-08 03:45 . 2009-09-08 03:39 -------- d-----w- c:\program files\Microsoft DirectX SDK (March 2009)
2009-09-08 03:39 . 2009-03-03 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 03:38 . 2009-09-08 03:38 118104 ----a-w- c:\windows\dxsdkuninst.exe
2009-09-08 03:29 . 2009-01-31 11:32 76128 ----a-w- c:\documents and settings\Kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 19:10 . 2009-09-07 19:10 -------- d-----w- c:\program files\Microsoft Games
2009-09-03 05:50 . 2009-09-03 05:50 -------- d-----w- c:\documents and settings\Kev\Application Data\Foxit Software
2009-09-01 18:07 . 2009-06-04 02:30 7028 --sha-w- c:\windows\system32\sys_drv.dat.bd.ren
2009-09-01 18:07 . 2009-06-04 02:30 6024 --sha-w- c:\windows\system32\sys_drv_2.dat.bd.ren
2009-08-30 19:19 . 2009-06-04 02:30 990 --sha-w- c:\documents and settings\Kev\Application Data\systemfl.$dk.bd.ren
2009-08-29 03:36 . 2009-08-29 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-28 05:51 . 2009-01-31 18:19 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-24 22:16 . 2009-07-18 02:50 -------- d-----w- c:\program files\NeoTracePro
2009-08-24 20:35 . 2009-08-24 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-08-24 20:20 . 2009-08-24 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-24 03:47 . 2009-08-24 03:40 -------- d-----w- c:\program files\Intel
2009-08-23 19:28 . 2009-05-27 21:55 -------- d-----w- c:\program files\Top Password
2009-08-18 22:32 . 2009-08-18 22:32 -------- d-----w- c:\program files\SiSoftware
2009-08-16 15:08 . 2009-10-06 06:44 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-05 09:11 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 00:40 . 2009-04-17 03:26 256536 ----a-w- c:\windows\system32\Prounstl.exe
2009-07-31 19:23 . 2009-03-10 20:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 06:35 . 2009-10-06 06:44 2378752 ----a-w- c:\windows\system32\x264vfw.dll
2009-07-29 04:53 . 2001-08-30 10:30 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-24 16:26 . 2009-07-24 16:26 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-22 15:46 . 2009-09-18 02:51 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_16.21.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-16 01:55 . 2009-10-16 01:55 16384 c:\windows\Temp\Perflib_Perfdata_508.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-09-22 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-09-22 1114536]
"US4Service"="c:\program files\Universal Shield 4.3\US4Service.exe" [2009-07-09 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck !?Q??>??\0autocheck \0autocheck autocheck K\0autocheck >?>?>?>rigg\0autocheck autocheck ?>?>??>?>?>?>?>?>?>?>?>?>\0autocheck ?>+Û?>?>??>'>a?>?>O?>?>U?>?>?>

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cisvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\RpcAgentSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 DevLdr32exe;Environmental Sound Controller;c:\windows\System32\srvany.exe [1998-11-22 8464]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-09-22 183880]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2009-09-22 29584]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-04-01 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-10-09 152328]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-22 110856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Kev\Application Data\Mozilla\Firefox\Profiles\2zxzthrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 21:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
.
**************************************************************************
.
Completion time: 2009-10-16 22:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 02:01
ComboFix2.txt 2009-10-14 16:25

Pre-Run: 18,183,720,960 bytes free
Post-Run: 18,099,449,856 bytes free

386

extremeboy · 10-16-2009, 02:11 PM

Quote:

The cisvc.exe, lbd.sys, WinFLdrv.sys, and Partizan.sys files seemed suspicious to me. I was glad that you included them to be ComboFixed.

Not everything I include in the Combofix script was necessarily "bad" but was optional to remove or best if it was removed. Some of those were "orphaned" entries so I scripted those out.

Quote:

I'll let you know if the same symptoms come back up again. Websites like Yahoo, YouTube, and scrolling up and down this text message box are still slow and choppy. But maybe that's due to my IE 7 or the fact that I have never uninstalled previous Java/Adobe Flash before I updated them with newer versions?

Yes, you can update and uninstall any older versions if you have them still installed. You have Java 6 Update 16 installed so that's the latest version already.

Run an online scan..

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

Double-click ATF-Cleaner.exe to run the program.
Under Main Select Files to Delete choose: Select All.
Click the Empty Selected button.

If you use Firefox browser also...

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser also...

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy

Kevin350 · 10-18-2009, 09:53 AM

Extremeboy,

The ESET Online Scan found no infected files. I exited out of the tabs quickly and forgot to do the last two steps in your previous post for the ESET online scan. So I went into the ESET folder in my Program Files folder and got the log there and I attached it with the "Attach.txt" log.

While browsing Facebook (which also lags and goes slow like YouTube and Yahoo), I received an error that said: "Out of memory at line 140." It only comes up when I'm on IE 7 and on Facebook.

Also, I'm still having the same problems in my previous posts. If you think it's necessary, I'll try more cleaning programs/solutions. If my computer appears to be clean, then I'll uninstall any prevoius Java/Adobe Flash programs if I found any older versions left on my computer and re-install them fresh. I just want to make sure that there isn't any viruses/malware/trojans making my computer/IE 7 the way it is now.

Here is my DDS log:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Kev at 3:31:35.84 on Sun 10/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [US4Service] c:\program files\universal shield 4.3\US4Service.exe
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: RestrictCpl = 0 (0x0)
uPolicies-explorer: DisallowCpl = 0 (0x0)
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
uPolicies-explorer: NoCustomizeWebView = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
uPolicies-explorer: NoWebView = 0 (0x0)
uPolicies-explorer: DontShowSuperHidden = 0 (0x0)
uPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
uPolicies-explorer: NoPublishingWizard = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoHelp = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoDisconnect = 0 (0x0)
uPolicies-explorer: NoNtSecurity = 0 (0x0)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoSMBalloonTips = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: NoTaskGrouping = 0 (0x0)
uPolicies-explorer: NoWebServices = 0 (0x0)
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoThumbnailCache = 0 (0x0)
uPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
uPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
dPolicies-explorer: NoThemesTab = 0 (0x0)
dPolicies-explorer: NoChangeAnimation = 0 (0x0)
dPolicies-explorer: RestrictCpl = 0 (0x0)
dPolicies-explorer: DisallowCpl = 0 (0x0)
dPolicies-explorer: RestrictRun = 0 (0x0)
dPolicies-explorer: DisallowRun = 0 (0x0)
dPolicies-explorer: NoRecycleFiles = 0 (0x0)
dPolicies-explorer: ForceRecycleBinSize = 0 (0x0)
dPolicies-explorer: NoCustomizeWebView = 0 (0x0)
dPolicies-explorer: NoFileAssociate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoInstrumentation = 0 (0x0)
dPolicies-explorer: NoCustomizeThisFolder = 0 (0x0)
dPolicies-explorer: NoWebView = 0 (0x0)
dPolicies-explorer: DontShowSuperHidden = 0 (0x0)
dPolicies-explorer: NoOnlinePrintsWizard = 0 (0x0)
dPolicies-explorer: NoPublishingWizard = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
dPolicies-explorer: NoSMMyPictures = 0 (0x0)
dPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
dPolicies-explorer: NoHelp = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
dPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
dPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-explorer: NoDisconnect = 0 (0x0)
dPolicies-explorer: NoNtSecurity = 0 (0x0)
dPolicies-explorer: GreyMSIAds = 0 (0x0)
dPolicies-explorer: ForceMaxRecentDocs = 0 (0x0)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoSMBalloonTips = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: HideSCAVolume = 0 (0x0)
dPolicies-explorer: HideSCANetwork = 0 (0x0)
dPolicies-explorer: HideSCAPower = 0 (0x0)
dPolicies-explorer: NoTaskGrouping = 0 (0x0)
dPolicies-explorer: NoWebServices = 0 (0x0)
dPolicies-explorer: NoFileUrl = 0 (0x0)
dPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
dPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
dPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoThumbnailCache = 0 (0x0)
dPolicies-explorer: ForceCopyAclwithFile = 0 (0x0)
dPolicies-explorer: StartRunNoHOMEPATH = 0 (0x0)
dPolicies-system: NoVisualStyleChoice = 0 (0x0)
dPolicies-system: NoColorChoice = 0 (0x0)
dPolicies-system: NoSizeChoice = 0 (0x0)
dPolicies-system: HideLogonScripts = 0 (0x0)
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253515827197
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kev\applic~1\mozilla\firefox\profiles\2zxzthrc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-10-16 23:09 <DIR> --d----- c:\program files\ESET
2009-10-14 11:57 <DIR> a-dshr-- C:\cmdcons
2009-10-14 11:56 236,544 a------- c:\windows\PEV.exe
2009-10-14 11:56 161,792 a------- c:\windows\SWREG.exe
2009-10-14 11:56 98,816 a------- c:\windows\sed.exe
2009-10-06 02:44 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-10-05 08:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 08:54 <DIR> --d----- c:\docume~1\kev\applic~1\SUPERAntiSpyware.com
2009-10-05 08:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-01 02:31 <DIR> --d----- c:\program files\StreamingStar
2009-09-23 05:13 <DIR> --d----- c:\program files\IrfanView
2009-09-23 05:04 <DIR> --d----- c:\windows\system32\Adobe
2009-09-23 03:06 <DIR> --d----- c:\program files\Universal Shield 4.3
2009-09-23 02:51 73,392 a------- c:\windows\system32\fsproflt.exe
2009-09-22 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 17:47 <DIR> --d----- c:\program files\FinalUninstaller
2009-09-22 03:44 <DIR> --d----- c:\docume~1\kev\applic~1\Windows Search
2009-09-22 02:21 <DIR> --d----- c:\docume~1\kev\applic~1\EMCO
2009-09-22 00:27 <DIR> --d----- c:\windows\RestoreSafeDeleted
2009-09-22 00:21 29,584 a------- c:\windows\system32\drivers\regguard.sys
2009-09-22 00:21 2 a--shrot c:\windows\winstart.bat
2009-09-22 00:18 <DIR> --d----- c:\program files\Greatis
2009-09-21 21:31 1,871,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-09-21 07:30 <DIR> --d----- c:\program files\MSXML 4.0
2009-09-21 07:10 <DIR> --d----- c:\program files\Windows Desktop Search
2009-09-21 07:10 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-09-21 07:09 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-09-21 07:09 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-09-21 06:48 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-09-21 06:48 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-09-21 06:48 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-09-21 06:30 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-21 06:28 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-09-21 06:24 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-09-21 06:23 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-09-21 06:23 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-09-21 06:21 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-09-21 06:17 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-09-21 06:17 116,736 -------- c:\windows\system32\aaclient.dll
2009-09-21 06:17 36,352 -------- c:\windows\system32\tsgqec.dll
2009-09-18 23:34 <DIR> --d----- c:\windows\network diagnostic
2009-09-18 23:34 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-09-18 23:34 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-09-18 23:34 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-09-18 23:34 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-18 23:34 380,928 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-09-18 23:34 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-09-18 23:34 2,452,872 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-09-18 23:34 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-09-18 23:34 6,067,200 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-09-18 23:33 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-09-18 04:36 0 a------- c:\windows\system32\ab_bl.sig
2009-09-18 03:34 0 a------- c:\windows\system32\wsbl.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_white.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_summ.dat
2009-09-18 03:34 0 a------- c:\windows\system32\ph_spoof.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ph_fuzzy.sig
2009-09-18 03:34 0 a------- c:\windows\system32\ph_black.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords2.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pcwords.dat
2009-09-18 03:34 0 a------- c:\windows\system32\pc_sign.slf
2009-09-18 03:34 0 a------- c:\windows\system32\ab_sbl.sig

==================== Find3M ====================

2009-10-09 07:17 152,328 a------- c:\windows\system32\drivers\bdfm.sys
2009-09-28 14:00 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-09-22 12:17 110,856 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-09-22 11:46 105,736 a------- c:\windows\system32\drivers\bdhv.sys
2009-09-17 22:22 81,984 a------- c:\windows\system32\bdod.bin
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:44 1,101,696 a------- c:\windows\system32\drivers\BCMSM.sys
2009-09-10 13:44 147,456 a------- c:\windows\BCMSMU.exe
2009-09-10 13:44 122,880 a------- c:\windows\BCMSMMSG.exe
2009-09-10 13:44 118,784 a------- c:\windows\system32\BCMSMI32.dll
2009-09-10 13:44 57,344 a------- c:\windows\BCMSMD2K.exe
2009-09-10 13:44 34,304 a------- c:\windows\system32\BCMSM168.dll
2009-09-08 23:22 132 a------- C:\httpdwl.dat
2009-09-07 23:38 118,104 a------- c:\windows\dxsdkuninst.exe
2009-09-01 14:07 7,028 a--sh--- c:\windows\system32\sys_drv.dat.bd.ren
2009-09-01 14:07 6,024 a--sh--- c:\windows\system32\sys_drv_2.dat.bd.ren
2009-08-30 15:19 990 a--sh--- c:\docume~1\kev\applic~1\systemfl.$dk.bd.ren
2009-08-16 11:08 178,176 a------- c:\windows\system32\unrar.dll
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-31 20:40 256,536 a------- c:\windows\system32\Prounstl.exe
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-29 02:35 2,378,752 a------- c:\windows\system32\x264vfw.dll
2009-07-29 00:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-09 00:55 0 a------- c:\docume~1\kev\applic~1\wklnhst.dat

============= FINISH: 3:32:36.48 ===============

extremeboy · 10-18-2009, 11:39 AM

Hello.

That error you received seems to be a memory issue. "Out of Memory" error message appears when you have a large number of programs running or just programs that take too much resources.

Slowness may be due to another problem here. Not always malware related.

I want you to run a scan with OTL...

Download and run OTL

Download OTL by OldTimer and save it to your desktop.
Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator
Click the "Scan All Users" checkbox.
Push the button.
It will now begin to scan, please be paitent while it scans.
Two reports will open once it's done.
Please copy and paste them in your next reply:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

Kevin350 · 10-18-2009, 12:47 PM

Extremeboy,

Just to let you know -- one thing I noticed in the "OTL.text" log is that my "Autocheck" is not found. It says the files are missing.

Also, while typing these words and pasting these logs right now, this message box is moving super slow. However, everything else is running normal so far. The more text that gets pasted in the box -- the slower is gets.

I was over the character limit, so I made two separate posts.

OTL log:

OTL logfile created on: 10/18/2009 2:20:18 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Kev\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 52.87% Memory free
2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.01 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 162.79 Gb Free Space | 34.95% Space Free | Partition Type: NTFS

Computer Name: KEV-1HK3K3TA8TG
Current User Name: Kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/18 14:20:03 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kev\Desktop\OTL.exe
PRC - [2009/10/15 12:04:39 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/30 12:58:17 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/22 11:46:37 | 01,114,536 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2009/09/22 11:46:32 | 01,086,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2009/09/22 11:46:30 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 18:26:56 | 00,032,768 | ---- | M] () -- C:\Program Files\Universal Shield 4.3\US4Service.exe
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/17 14:17:40 | 01,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 03:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/15 12:04:39 | 00,320,424 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV - [2009/09/30 12:58:17 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2009/09/22 11:46:31 | 00,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
SRV - [2009/09/22 11:46:30 | 01,595,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV [Auto | Running])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/17 13:01:44 | 00,099,176 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv [On_Demand | Stopped])
SRV - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/13 20:28:18 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/04/17 14:17:40 | 01,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/04 03:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2000/06/29 04:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Disabled | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [1998/11/22 08:09:18 | 00,008,464 | ---- | M] () -- C:\WINDOWS\System32\srvany.exe -- (DevLdr32exe [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2009/10/09 07:17:08 | 00,152,328 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
DRV - [2009/09/22 17:19:51 | 00,029,584 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Drivers\regguard.sys -- (RegGuard [On_Demand | Stopped])
DRV - [2009/09/22 12:17:45 | 00,110,856 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV - [2009/09/22 11:46:43 | 00,014,720 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
DRV - [2009/09/22 11:46:40 | 00,118,536 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV - [2009/09/15 11:42:48 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/09/15 11:42:46 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/15 11:42:44 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/09/10 13:44:25 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2009/08/07 23:46:56 | 00,023,112 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\WNt500x86\Sandra.sys -- (SANDRA [On_Demand | Stopped])
DRV - [2009/07/26 22:43:18 | 00,058,908 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2009/07/24 12:26:08 | 00,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [Boot | Running])
DRV - [2009/06/20 20:24:53 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/05/07 04:22:06 | 00,039,808 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
DRV - [2009/04/16 23:26:07 | 00,045,184 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\intelsmb.sys -- (smbusp [On_Demand | Running])
DRV - [2009/04/01 11:25:42 | 00,082,696 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK [Auto | Running])
DRV - [2009/03/20 20:51:02 | 00,071,168 | ---- | M] (© Everstrike Software) -- C:\WINDOWS\System32\Drivers\US30XP.sys -- (US30Sys [System | Running])
DRV - [2009/01/12 12:27:58 | 00,008,832 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
DRV - [2008/08/20 13:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/16 17:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/11/02 00:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 01:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2004/08/04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004/07/14 12:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2001/08/31 13:37:58 | 00,036,992 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfman.sys -- (sfman [On_Demand | Running])
DRV - [2001/08/30 06:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 08:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4.sys -- (nv4 [On_Demand | Stopped])
DRV - [2001/08/17 08:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
DRV - [2001/08/17 08:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [2001/08/14 15:17:52 | 00,775,296 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1f.sys -- (emu10k [On_Demand | Running])
DRV - [2001/07/11 11:34:52 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlface.sys -- (emu10k1 [On_Demand | Running])
DRV - [2000/02/03 15:53:12 | 00,024,608 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running])
DRV - [1999/12/17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.1
FF - prefs.js..network.proxy.http: " 127.0.0.1"
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,regnow.com"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 7070

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 16:57:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2009/09/17 22:45:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/06 02:44:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/06 02:44:49 | 00,000,000 | ---D | M]

[2009/01/31 10:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\mozilla\Extensions
[2009/01/31 10:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/04 06:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\mozilla\Firefox\Profiles\2zxzthrc.default\extensions
[2009/08/04 11:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kev\Application Data\mozilla\Firefox\Profiles\2zxzthrc.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/10/04 06:20:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/10 16:57:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/07/29 01:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/09 22:11:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/04 06:19:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/04 06:19:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/22 11:46:37 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/10/04 06:19:36 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/28 14:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/22 23:21:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/22 23:21:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/22 23:21:13 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/22 23:21:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/22 23:21:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/22 23:21:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/22 23:21:14 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/28 14:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/10/04 06:19:42 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/04 06:19:42 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/04 06:19:42 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/04 06:19:42 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/04 06:19:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/04 06:19:42 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/04 06:19:42 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [US4Service] C:\Program Files\Universal Shield 4.3\US4Service.exe ()
O4 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = msfmon.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = avgtray.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aawtray.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = qttask.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newadmin.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = msfmon.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = avgtray.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aawtray.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = qttask.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newadmin.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMFUprogramsList = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = [binary data]
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = msfmon.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = avgtray.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aawtray.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = qttask.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = newadmin.exe
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Feed Discovery present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Feeds present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1292428093-1078145449-839522115-1004_Classes\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1253515827197 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:AutorunsDisabled () -
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/31 05:19:48 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (!?Q??>??) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (K) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (>?>?>?>rigg) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (?>?>??>?>?>?>?>?>?>?>?>?>) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (?>+Û?>?>??>'>a?>?>O?>?>U?>?>?>) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/22 23:24:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/05 08:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/22 02:21:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\EMCO
[2009/10/08 15:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\Real
[2009/10/05 08:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\SUPERAntiSpyware.com
[2009/09/22 03:44:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Application Data\Windows Search
[2009/10/12 10:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kev\Local Settings\Application Data\Deployment
[2009/10/05 08:54:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/16 23:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/22 17:47:58 | 00,000,000 | ---D | C] -- C:\Program Files\FinalUninstaller
[2009/09/22 00:18:49 | 00,000,000 | ---D | C] -- C:\Program Files\Greatis
[2009/09/23 05:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/10/06 02:44:23 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/09/21 07:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/01 02:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\StreamingStar
[2009/10/05 08:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/23 03

41 | 00,000,000 | ---D | C] -- C:\Program Files\Universal Shield 4.3
[2009/09/21 07:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/18 14:19:59 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kev\Desktop\OTL.exe
[2009/10/16 22:23:07 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/14 11:57:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/14 11:56:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/14 11:56:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/14 11:56:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/14 11:56:08 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/14 11:55:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/14 11:54:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/06 02:44:43 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/10/06 02:44:43 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/10/06 02:44:43 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/10/06 02:44:43 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/10/06 02:44:37 | 01,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2009/10/06 02:44:36 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/10/06 02:44:36 | 00,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2009/10/06 02:44:36 | 00,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2009/10/06 02:44:35 | 00,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/10/06 02:44:35 | 00,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv
[2009/10/06 02:44:35 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/10/06 02:44:35 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/10/06 02:44:35 | 00,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2009/10/06 02:44:34 | 00,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009/10/06 02:44:32 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/10/06 02:44:32 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/09/23 05:04:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/09/23 02:51:49 | 00,073,392 | ---- | C] (FSPro Labs) -- C:\WINDOWS\System32\fsproflt.exe
[2009/09/22 00:27:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\RestoreSafeDeleted
[2009/09/22 00:21:50 | 00,029,584 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/09/21 21:31:30 | 01,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/09/21 07:10:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/09/21 07:09:46 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/09/21 07:09:46 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/09/21 06:48:32 | 00,128,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2009/09/21 06:48:32 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2009/09/21 06:48:32 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2009/09/21 06:30:52 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/21 06:30:24 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/09/21 06:28:51 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/09/21 06:25:40 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/09/21 06:25:40 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/09/21 06:25:39 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/09/21 06:25:39 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/09/21 06:25:38 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/09/21 06:25:38 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/09/21 06:25:37 | 00,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/09/21 06:25:37 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/09/21 06:25:36 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/09/21 06:25:35 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/09/21 06:25:34 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/09/21 06:25:32 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/09/21 06:25:31 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/09/21 06:25:21 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/09/21 06:24:26 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/09/21 06:23:48 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/09/21 06:23:35 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/09/21 06:21:56 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/09/21 06:17:13 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/09/21 06:17:13 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/09/21 06:17:13 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/09/18 23:53:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/09/18 23:50:35 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/09/18 23:49:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/09/18 23:48:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/09/18 23:35:11 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/18 23:34:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/09/18 23:34:14 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/09/18 23:34:14 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/09/18 23:34:12 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009/09/18 23:34:12 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/09/18 23:34:11 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009/09/18 23:34:11 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/09/18 23:34:09 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009/09/18 23:34:09 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009/09/18 23:34:06 | 06,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/09/18 23:33:54 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/09/18 23:33:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/01/31 13:59:28 | 00,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/10/18 14:20:03 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kev\Desktop\OTL.exe
[2009/10/18 11:45:10 | 00,002,983 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\ESETScan.zip
[2009/10/15 21:56:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/15 21:55:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/15 21:54:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 21:54:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 21:19:15 | 03,339,559 | R--- | M] () -- C:\Documents and Settings\Kev\Desktop\ComboFix.exe
[2009/10/15 12:57:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 12:54:58 | 00,000,134 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\Look.bat
[2009/10/14 17:14:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/14 13:23:28 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 11:58:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/09 07:17:08 | 00,152,328 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
[2009/10/08 13:46:01 | 00,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/10/05 17:34:04 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\gmer.zip
[2009/10/05 16:48:30 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\dds.scr
[2009/10/05 16:36:27 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/04 09:36:52 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Kev\Desktop\gmer.exe
[2009/09/28 14:00:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/09/28 14:00:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/09/28 14:00:00 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/28 14:00:00 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/09/28 14:00:00 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/09/28 14:00:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2009/09/22 22:47:11 | 00,403,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/22 22:47:11 | 00,063,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/22 17:19:51 | 00,029,584 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys
[2009/09/22 17:18:15 | 06,362,442 | -H-- | M] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\IconCache.db
[2009/09/22 12:17:45 | 00,110,856 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2009/09/22 11:46:43 | 00,105,736 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys
[2009/09/22 00:21:46 | 00,002,619 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/22 00:21:46 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/09/22 00:21:46 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/09/21 23:13:15 | 00,000,064 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2009/09/21 23:08:01 | 11,931,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/09/21 21:33:45 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/21 13:43:09 | 00,504,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/21 13:40:58 | 00,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 23:30:33 | 00,054,771 | ---- | M] () -- C:\Documents and Settings\Kev\My Documents\bookmark091809.htm

========== Files - No Company Name ==========
[2009/10/18 11:45:10 | 00,002,983 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\ESETScan.zip
[2009/10/15 12:57:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/15 12:54:58 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\Look.bat
[2009/10/14 11:58:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/14 11:57:58 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/14 11:56:08 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/14 11:56:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/14 11:56:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/14 11:56:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/14 11:48:50 | 03,339,559 | R--- | C] () -- C:\Documents and Settings\Kev\Desktop\ComboFix.exe
[2009/10/06 02:44:41 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/06 02:44:39 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/06 02:44:36 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/10/06 02:44:35 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/10/06 02:44:34 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/06 02:44:33 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/06 02:44:33 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/06 02:44:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/06 02:44:27 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/05 17:34:17 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\gmer.exe
[2009/10/05 17:34:02 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\gmer.zip
[2009/10/05 16:48:30 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Kev\Desktop\dds.scr
[2009/09/22 00:21:46 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/09/21 21:37:47 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2009/09/18 23:30:29 | 00,054,771 | ---- | C] () -- C:\Documents and Settings\Kev\My Documents\bookmark091809.htm
[2009/09/09 07:56:22 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/08/18 18:32:19 | 11,931,648 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/07/09 02:55:41 | 00,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/07/09 00:55:48 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Kev\Application Data\wklnhst.dat
[2009/06/20 20:24:53 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/06/03 22:30:18 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys.bd.ren
[2009/06/03 22:30:18 | 00,000,990 | -HS- | C] () -- C:\Documents and Settings\Kev\Application Data\systemfl.$dk.bd.ren
[2009/05/28 19:11:57 | 00,000,070 | ---- | C] () -- C:\WINDOWS\RP121032.ini
[2009/05/28 19:10:10 | 00,000,085 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/05/28 19:10:07 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/05/28 19:10:07 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/05/27 17:55:39 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\_system.ini
[2009/03/26 22:02:58 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/03/20 15:14:42 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\Msddatafile24.dll
[2009/03/20 15:14:42 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2009/03/20 15:14:42 | 00,000,979 | ---- | C] () -- C:\WINDOWS\CA2RP32.ini
[2009/03/20 15:14:42 | 00,000,934 | ---- | C] () -- C:\WINDOWS\ccarp32.ini
[2009/03/20 15:14:42 | 00,000,508 | ---- | C] () -- C:\WINDOWS\caiprp32.ini
[2009/03/20 15:14:42 | 00,000,464 | ---- | C] () -- C:\WINDOWS\rfsrp32.ini
[2009/02/12 11:51:54 | 00,088,576 | ---- | C] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/04 17:30:53 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/02/04 17:30:52 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/02/04 17:30:52 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/02/04 17:30:52 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/01/31 14:01:32 | 00,000,103 | ---- | C] () -- C:\WINDOWS\CTDiskID.INI
[2009/01/31 13:58:47 | 00,000,231 | ---- | C] () -- C:\WINDOWS\Ac3api.ini
[2009/01/31 13:58:46 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/01/31 13:53:59 | 00,000,204 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/01/31 13:53:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2009/01/31 07:32:00 | 00,076,128 | ---- | C] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/31 07:10:27 | 06,362,442 | -H-- | C] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\IconCache.db
[2009/01/31 05:56:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kev\Application Data\desktop.ini
[2009/01/30 18:28:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/01/15 13:45:34 | 00,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/02/05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Kev\Local Settings\Application Data\setup.txt
[2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/04/13 14:02:30 | 00,000,123 | ---- | C] () -- C:\WINDOWS\System32\fsbx.ini
[2001/08/30 06:30:00 | 00,000,608 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/30 06:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 264 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0258CAE
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D17708E
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14CE49B7
< End of report >

Kevin350 · 10-18-2009, 12:49 PM

Extras log:

OTL Extras logfile created on: 10/18/2009 2:20:18 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Kev\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 52.87% Memory free
2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): c:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.01 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 162.79 Gb Free Space | 34.95% Space Free | Partition Type: NTFS

Computer Name: KEV-1HK3K3TA8TG
Current User Name: Kev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CF54269-B462-4D2A-84F6-A71A7F3A358C}" = BitDefender Total Security 2010
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{24248703-1A7F-48E7-9C3D-056AA26705AE}" = Advanced Windows Mail Recovery
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 4.x for Office 2007
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{555E63EF-4EB5-43E5-BEEF-9E2CD7BCEFA2}" = Intel(R) Network Connections 14.4.0.0
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FE}" = Universal Shield
"{62DC441E-0FD3-4606-9D9B-90FE325B29E5}" = Foxit Reader
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C595E7-5E6E-4906-BE4A-268BCAC6C98B}" = Diskeeper 2009 Pro Premier
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Home 2009.SP4
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E0CBBB2C-57FE-40BF-8816-44E3AC6BD2D6}" = ResumeMaker Professional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Mythology 1.0" = Age of Mythology
"AIM_6" = AIM 6
"a-squared Free_is1" = a-squared Free 4.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CombiMovie (Freeware)_is1" = CombiMovie Version 1.31
"CopyTrans Suite" = CopyTrans Suite (remove only)
"Creative Surround Mixer" = Creative Surround Mixer
"DMX5_is1" = DriverMax 5
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Error Repair Professional_is1" = Error Repair Professional version 4.0.5
"ESET Online Scanner" = ESET Online Scanner v3
"Final Uninstaller_is1" = Final Uninstaller
"Foxit PDF Editor" = Foxit PDF Editor
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.6 BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"mIRC" = mIRC
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Password Recovery Bundle_is1" = Password Recovery Bundle 2007
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"Recover My Files_is1" = Recover My Files
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ReNamer_is1" = ReNamer
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-1078145449-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2009 10:47:54 PM | Computer Name = KEV-1HK3K3TA8TG | Source = MsiInstaller | ID = 11406
Description = Product: BitDefender Total Security 2010 -- Error 1406. Could not
write value Device1 to key \.DEFAULT\Software\SetID\Internal. System error . Verify
that you have sufficient access to that key, or contact your support personnel.

Error - 9/21/2009 7:12:20 AM | Computer Name = KEV-1HK3K3TA8TG | Source = Windows Search Service | ID = 3024
Description =

Error - 9/22/2009 3:15:42 AM | Computer Name = KEV-1HK3K3TA8TG | Source = Windows Search Service | ID = 3038
Description =

Error - 9/22/2009 3:15:49 AM | Computer Name = KEV-1HK3K3TA8TG | Source = Windows Search Service | ID = 3028
Description =

Error - 9/22/2009 3:15:49 AM | Computer Name = KEV-1HK3K3TA8TG | Source = Windows Search Service | ID = 3058
Description =

Error - 9/22/2009 3:44:47 AM | Computer Name = KEV-1HK3K3TA8TG | Source = Windows Search Service | ID = 3024
Description =

Error - 10/14/2009 11:59:39 AM | Computer Name = KEV-1HK3K3TA8TG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...throotseq.txt>
with error: The server name or address could not be resolved

Error - 10/14/2009 12:11:33 PM | Computer Name = KEV-1HK3K3TA8TG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...throotseq.txt>
with error: The server name or address could not be resolved

Error - 10/15/2009 9:25:10 PM | Computer Name = KEV-1HK3K3TA8TG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...throotseq.txt>
with error: The server name or address could not be resolved

Error - 10/15/2009 9:42:02 PM | Computer Name = KEV-1HK3K3TA8TG | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.co...throotseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

Error - 10/18/2009 2:11:52 PM | Computer Name = KEV-1HK3K3TA8TG | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: -Embedding

< End of report >

extremeboy · 10-19-2009, 02:05 PM

Hello again.

Quote:

Also, while typing these words and pasting these logs right now, this message box is moving super slow. However, everything else is running normal so far. The more text that gets pasted in the box -- the slower is gets.

I had this same problem with another computer that's pretty old and doesn't have a lot of memory packed with it. It's not a malware related issue but more of the system itself.

Quote:

one thing I noticed in the "OTL.text" log is that my "Autocheck" is not found. It says the files are missing.

It's possibly that it's just a bug with the tool. If it's really not there you would probably recieve some sort of error message at startup. I wouldn't worry about it.

The logs look good so if you don't have anything else to add or say we can wrap up next post. You seem to be free of malware now.

With Regards,
Extremeboy

Kevin350 · 10-19-2009, 02:23 PM

Extremeboy,

I really appreciate your help and time for the past two weeks.

Thank you very much,

-Kev

extremeboy · 10-20-2009, 02:29 PM

You're welcome.

Let's wrap up then.

Let's cleanup our mess and remove the tools we have used.

Please follow/read the steps below to remove the tools we used and for some more information. :)

Uninstall ComboFix

Remove Combofix now that we're done with it.

Click on your Start Menu, then Run....
Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
When shown the disclaimer, Select "2"

This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

Download OTC by OldTimer and save it to your desktop.
Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Being Cleanup Process". Please select Yes.
Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in this thread (PC running slow...?)

Congratulations! You now appear clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!

Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
Update ALL Critical updates and any other Windows updates for services/programs that you use.
If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
Note that it will download them for you, but you still have to actually click install.

Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and thank you for choosing TechSupportForum as you malware removal source.
Don't forget to tell your friends about us and Good luck

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

extremeboy · 10-26-2009, 02:21 PM

Hello.

Since this issue appears resolved, this topic will now be archived.
If you need continued support, please begin a new thread, and provide a link to this topic if needed.

This applies only to the original topic starter only.

Everyone else please begin a New Topic in the Virus/Trojan/Spyware Help by following the steps outlined over here

Good luck!

With Regards,
Extremeboy

10-12-2009, 04:44 PM	#2 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Hello and welcome to TSF. I Apologize for the late response. If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

10-13-2009, 02:39 PM	#4 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Thanks for the description. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so. Please include the C:\ComboFix.txt in your next reply for further review. __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

10-14-2009, 10:36 AM	#5 (permalink)
Kevin350 Registered User Join Date: Aug 2009 Posts: 17 OS: Windows XP Home Edition	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Extremeboy, Here is my ComboFix log: ComboFix 09-10-13.04 - Kev 10/14/2009 12:01.1.1 - NTFSx86 Running from: c:\documents and settings\Kev\Desktop\ComboFix.exe AV: BitDefender Antivirus On-access scanning disabled (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall disabled {4055920F-2E99-48A8-A270-4243D2B8F242} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kev\Application Data\.# C:\HCT11D.tmp C:\HCT11E.tmp C:\HCT13.tmp C:\HCT14.tmp c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx c:\program files\FlashGet Network c:\windows\Installer\147edd49.msi c:\windows\Installer\165f1d5.msi c:\windows\Installer\165f1db.msi c:\windows\Installer\18f4f6b9.msi c:\windows\Installer\1d3c64f6.msi c:\windows\Installer\1e9e355.msi c:\windows\Installer\21ea5457.msi c:\windows\Installer\320f3f71.msi c:\windows\Installer\323c9d.msi c:\windows\Installer\323ca3.msi c:\windows\Installer\323cad.msi c:\windows\Installer\323cb2.msi c:\windows\Installer\33ce7569.msi c:\windows\Installer\460dcf03.msi c:\windows\Installer\494bb.msi c:\windows\Installer\54080.msi c:\windows\Installer\5622fb1.msi c:\windows\Installer\5d6906b.msi c:\windows\Installer\5d69071.msi c:\windows\Installer\73b7b.msi c:\windows\Installer\b61a7c0.msp c:\windows\Installer\be3fb95.msi c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\logs c:\windows\system32\o4Patch.exe c:\windows\system32\PARTIZAL.EXE c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))))) . 2009-10-12 14:55 . 2009-10-12 14:56 -------- d-----w- c:\documents and settings\Kev\Local Settings\Application Data\Deployment 2009-10-05 12:55 . 2009-10-05 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-05 12:54 . 2009-10-05 12:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\documents and settings\Kev\Application Data\SUPERAntiSpyware.com 2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-01 06:31 . 2009-10-01 06:31 -------- d-----w- c:\program files\StreamingStar 2009-09-23 09:13 . 2009-09-23 09:13 -------- d-----w- c:\program files\IrfanView 2009-09-23 09:04 . 2009-09-23 09:06 -------- d-----w- c:\windows\system32\Adobe 2009-09-23 07:06 . 2009-10-05 20:27 -------- d-----w- c:\program files\Universal Shield 4.3 2009-09-23 06:51 . 2009-05-03 16:22 73392 ----a-w- c:\windows\system32\fsproflt.exe 2009-09-23 03:24 . 2009-09-23 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 21:47 . 2009-09-22 21:48 -------- d-----w- c:\program files\FinalUninstaller 2009-09-22 07:44 . 2009-09-22 07:44 -------- d-----w- c:\documents and settings\Kev\Application Data\Windows Search 2009-09-22 06:21 . 2009-09-22 06:21 -------- d-----w- c:\documents and settings\Kev\Application Data\EMCO 2009-09-22 04:27 . 2009-09-22 04:27 -------- d-----w- c:\windows\RestoreSafeDeleted 2009-09-22 04:21 . 2009-09-22 21:19 29584 ----a-w- c:\windows\system32\drivers\regguard.sys 2009-09-22 04:21 . 2009-09-22 04:21 2 --shatr- c:\windows\winstart.bat 2009-09-22 04:18 . 2009-09-22 04:18 -------- d-----w- c:\program files\Greatis 2009-09-22 01:31 . 2009-06-09 15:06 1871872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-09-21 11:44 . 2009-09-21 11:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-09-21 11:30 . 2009-09-21 11:30 -------- d-----w- c:\program files\MSXML 4.0 2009-09-21 11:10 . 2009-09-23 02:48 -------- d-----w- c:\program files\Windows Desktop Search 2009-09-21 11:10 . 2009-09-21 11:10 -------- d-----w- c:\windows\system32\GroupPolicy 2009-09-21 11:09 . 2008-03-07 16:56 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2009-09-21 11:09 . 2008-03-07 16:56 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2009-09-21 10:48 . 2006-08-21 12:21 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll 2009-09-21 10:48 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe 2009-09-21 10:48 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys 2009-09-21 10:30 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-21 10:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-09-21 10:23 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-09-21 10:23 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-09-21 10:21 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-09-21 10:17 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll 2009-09-21 10:17 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll 2009-09-21 10:17 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll 2009-09-19 03:34 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-19 03:34 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-19 03:34 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-19 03:34 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-09-19 03:34 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-09-19 03:34 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-09-19 03:34 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-09-19 03:34 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-19 03:33 . 2007-08-13 22:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\wsbl.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_white.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_summ.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_black.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords2.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords.dat 2009-09-18 02:53 . 2009-10-08 17:46 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2009-09-18 02:45 . 2009-09-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-09-18 02:38 . 2009-09-18 02:38 -------- d-----w- c:\documents and settings\Kev\Application Data\BitDefender 2009-09-16 02:13 . 2009-09-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 05:59 . 2009-01-31 22:52 -------- d-----w- c:\documents and settings\Kev\Application Data\mIRC 2009-10-14 02:44 . 2009-01-31 22:52 -------- d-----w- c:\program files\mIRC 2009-10-09 11:17 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys 2009-10-08 20:01 . 2009-08-23 07:16 -------- d-----w- c:\program files\a-squared Free 2009-10-06 06:46 . 2009-10-06 06:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-06 06:37 . 2009-04-03 17:09 -------- d-----w- c:\documents and settings\Kev\Application Data\DMCache 2009-10-05 20:30 . 2009-09-08 06:02 -------- d-----w- c:\program files\RapidBIT 2009-10-05 20:26 . 2009-02-04 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-28 18:00 . 2009-10-06 06:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-25 08:32 . 2009-08-16 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-23 07:22 . 2009-01-31 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-23 07:22 . 2009-03-27 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-09-23 03:32 . 2009-06-19 02:25 -------- d-----w- c:\documents and settings\Kev\Application Data\Apple Computer 2009-09-23 03:28 . 2009-06-19 02:10 -------- d-----w- c:\program files\iTunes 2009-09-23 03:24 . 2009-06-19 02:00 -------- d-----w- c:\program files\iPod 2009-09-23 03:20 . 2009-06-19 02:23 -------- d-----w- c:\program files\QuickTime 2009-09-23 03:17 . 2009-01-31 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-23 03:15 . 2009-05-20 20:33 -------- d-----w- c:\program files\Common Files\Apple 2009-09-23 02:40 . 2009-07-01 19:59 -------- d-----w- c:\program files\Audio Edit Magic 2009-09-22 21:32 . 2009-07-01 22:28 -------- d-----w- c:\program files\Common Files\Acronis 2009-09-22 21:29 . 2009-04-30 03:05 -------- d-----w- c:\program files\Tweak-XP Pro 4 2009-09-22 21:28 . 2009-09-10 17:39 -------- d-----w- c:\program files\Driver Checker 2009-09-22 21:28 . 2009-07-12 05:21 -------- d-----w- c:\program files\DriverGenius 2009-09-22 16:17 . 2009-08-06 20:34 110856 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2009-09-22 15:46 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys 2009-09-22 01:38 . 2009-09-22 01:38 0 ----a-w- c:\documents and settings\All Users\Application Data\xml34.tmp 2009-09-22 01:38 . 2009-08-18 22:33 2095 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp 2009-09-22 01:38 . 2009-08-18 22:33 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlBC.tmp 2009-09-22 01:38 . 2009-08-18 22:33 8051 ----a-w- c:\documents and settings\All Users\Application Data\xmlBB.tmp 2009-09-20 06:29 . 2009-06-23 06:44 -------- d-----w- c:\program files\EasyDownloader 2009-09-20 06:28 . 2009-06-23 06:45 -------- d--h--w- c:\program files\InstallJammer Registry 2009-09-18 02:45 . 2009-09-09 02:17 -------- d-----w- c:\program files\BitDefender 2009-09-18 02:45 . 2009-09-09 02:14 -------- d-----w- c:\program files\Common Files\BitDefender 2009-09-18 02:22 . 2009-09-09 03:22 81984 ----a-w- c:\windows\system32\bdod.bin 2009-09-18 02:10 . 2009-07-05 21:35 -------- d-----w- c:\program files\Error Repair Professional 2009-09-16 02:11 . 2009-04-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-09-15 04:18 . 2009-06-22 04:43 -------- d-----w- c:\program files\Foxit Software 2009-09-11 00:33 . 2009-04-29 23:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-10 18:54 . 2009-08-16 14:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-08-16 14:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 17:44 . 2009-09-10 17:44 57344 ----a-w- c:\windows\BCMSMD2K.exe 2009-09-10 17:44 . 2009-09-10 17:44 34304 ----a-w- c:\windows\system32\BCMSM168.dll 2009-09-10 17:44 . 2009-09-10 17:44 147456 ----a-w- c:\windows\BCMSMU.exe 2009-09-10 17:44 . 2009-09-10 17:44 122880 ----a-w- c:\windows\BCMSMMSG.exe 2009-09-10 17:44 . 2009-09-10 17:44 118784 ----a-w- c:\windows\system32\BCMSMI32.dll 2009-09-10 17:44 . 2009-09-10 17:44 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys 2009-09-10 06:05 . 2009-09-10 06:01 -------- d-----w- c:\program files\ReNamer 2009-09-10 05:12 . 2009-09-10 05:12 -------- d-----w- c:\program files\RenameTool 2009-09-10 02:33 . 2009-09-10 02:32 -------- d-----w- c:\documents and settings\Kev\Application Data\GameRanger 2009-09-10 02:10 . 2009-03-10 20:57 -------- d-----w- c:\program files\Java 2009-09-09 06:35 . 2009-01-31 17:53 -------- d-----w- c:\program files\Gateway 2009-09-09 03:22 . 2009-09-09 03:22 132 ----a-w- C:\httpdwl.dat 2009-09-09 02:10 . 2009-06-30 05:30 -------- d-----w- c:\program files\Hard Disk Sentinel 2009-09-08 03:45 . 2009-09-08 03:39 -------- d-----w- c:\program files\Microsoft DirectX SDK (March 2009) 2009-09-08 03:39 . 2009-03-03 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-08 03:38 . 2009-09-08 03:38 118104 ----a-w- c:\windows\dxsdkuninst.exe 2009-09-08 03:29 . 2009-01-31 11:32 76128 ----a-w- c:\documents and settings\Kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-07 19:10 . 2009-09-07 19:10 -------- d-----w- c:\program files\Microsoft Games 2009-09-03 05:50 . 2009-09-03 05:50 -------- d-----w- c:\documents and settings\Kev\Application Data\Foxit Software 2009-09-01 18:07 . 2009-06-04 02:30 7028 --sha-w- c:\windows\system32\sys_drv.dat.bd.ren 2009-09-01 18:07 . 2009-06-04 02:30 6024 --sha-w- c:\windows\system32\sys_drv_2.dat.bd.ren 2009-08-30 19:19 . 2009-06-04 02:30 990 --sha-w- c:\documents and settings\Kev\Application Data\systemfl.$dk.bd.ren 2009-08-29 03:36 . 2009-08-29 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-28 05:51 . 2009-01-31 18:19 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-24 22:16 . 2009-07-18 02:50 -------- d-----w- c:\program files\NeoTracePro 2009-08-24 20:35 . 2009-08-24 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions 2009-08-24 20:20 . 2009-08-24 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-08-24 03:47 . 2009-08-24 03:40 -------- d-----w- c:\program files\Intel 2009-08-23 19:28 . 2009-05-27 21:55 -------- d-----w- c:\program files\Top Password 2009-08-18 22:32 . 2009-08-18 22:32 -------- d-----w- c:\program files\SiSoftware 2009-08-16 15:08 . 2009-10-06 06:44 178176 ----a-w- c:\windows\system32\unrar.dll 2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\documents and settings\Kev\Application Data\Malwarebytes 2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2009-08-16 14:01 . 2009-08-16 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-05 09:11 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 00:40 . 2009-04-17 03:26 256536 ----a-w- c:\windows\system32\Prounstl.exe 2009-07-31 19:23 . 2009-03-10 20:57 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-29 06:35 . 2009-10-06 06:44 2378752 ----a-w- c:\windows\system32\x264vfw.dll 2009-07-29 04:53 . 2001-08-30 10:30 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:53 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-07-24 16:26 . 2009-07-24 16:26 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2009-07-17 18:55 . 2001-08-30 10:30 58880 ----a-w- c:\windows\system32\atl.dll 2009-09-22 15:46 . 2009-09-18 02:51 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-09-22 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-09-22 1114536] "US4Service"="c:\program files\Universal Shield 4.3\US4Service.exe" [2009-07-09 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"= 0 (0x0) "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ !?Q??>??\0autocheck \0autocheck autocheck K\0autocheck >?>?>?>rigg\0autocheck autocheck ?>?>??>?>?>?>?>?>?>?>?>?>\0autocheck ?>+Û?>?>??>'>a?>?>O?>?>U?>?>?> HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hard Disk Sentinel HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cisvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\RpcAgentSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [x] R2 DevLdr32exe;Environmental Sound Controller;c:\windows\System32\srvany.exe [1998-11-22 8464] R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [x] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-09-22 183880] R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2009-09-22 29584] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176] R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-04-01 82696] S2 CANNT;CANNT; [x] S2 CATLNKNT;CATLNKNT; [x] S2 DLADRVNT;DLADRVNT; [x] S2 DLASIPNT;DLASIPNT; [x] S2 J1708NT;J1708NT; [x] S2 J1939NT;J1939NT; [x] S2 PARCAII;PARCAII; [x] S2 PCSMHNT;PCSMHNT; [x] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-10-09 152328] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-22 110856] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-09-10 19160] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408] --- Other Services/Drivers In Memory --- Deregistered - pwaorkob [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Kev\Application Data\Mozilla\Firefox\Profiles\2zxzthrc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) Notify-WgaLogon - (no file) SafeBoot-US30Sys.sys MSConfigStartUp-TrueImageMonitor - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 12:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />" "Device"="yM29zbvPzMnLvrm+x8fPzce+zro=" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1076) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2009-10-14 12:25 ComboFix-quarantined-files.txt 2009-10-14 16:25 Pre-Run: 18,388,504,576 bytes free Post-Run: 18,394,451,968 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 425

10-15-2009, 04:21 PM	#8 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Hello. Run ComboFix with CFScript We will run ComboFix again. This time, the instructions are slightly different. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how. Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it: Code: RegLock:: [HKEY_USERS\.Default\Software\SetID\Internal] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] Registry:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager] "BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\ 00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00 File:: c:\windows\system32\drivers\SBREdrv.sys c:\windows\system32\DRIVERS\Lbd.sys c:\windows\system32\drivers\Partizan.sys c:\program files\RapidBIT\cisvc.exe c:\windows\system32\WinFLdrv.sys Driver:: CANNT CATLNKNT DLADRVNT DLASIPNT J1708NT J1939NT PARCAII PCSMHNT SBRE Lbd Partizan FlexService WinFLdrv Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.) Refering to the picture above, drag CFScript into ComboFix.exe. When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log. Do not mouseclick ComboFix's window while it's running. That may cause it to stall Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Thanks. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

10-15-2009, 08:28 PM	#9 (permalink)
Kevin350 Registered User Join Date: Aug 2009 Posts: 17 OS: Windows XP Home Edition	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Extremeboy, Thank you very much for your time and effort! I'll let you know if the same symptoms come back up again. Websites like Yahoo, YouTube, and scrolling up and down this text message box are still slow and choppy. But maybe that's due to my IE 7 or the fact that I have never uninstalled previous Java/Adobe Flash before I updated them with newer versions? The cisvc.exe, lbd.sys, WinFLdrv.sys, and Partizan.sys files seemed suspicious to me. I was glad that you included them to be ComboFixed. Here is my ComboFix log: ComboFix 09-10-15.03 - Kev 10/15/2009 21:27.2.1 - NTFSx86 Running from: c:\documents and settings\Kev\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kev\Desktop\CFScript.txt AV: BitDefender Antivirus On-access scanning disabled (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall disabled {4055920F-2E99-48A8-A270-4243D2B8F242} * Created a new restore point FILE :: "c:\program files\RapidBIT\cisvc.exe" "c:\windows\system32\DRIVERS\Lbd.sys" "c:\windows\system32\drivers\Partizan.sys" "c:\windows\system32\drivers\SBREdrv.sys" "c:\windows\system32\WinFLdrv.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CANNT -------\Legacy_CATLNKNT -------\Legacy_DLADRVNT -------\Legacy_DLASIPNT -------\Legacy_FLEXSERVICE -------\Legacy_J1708NT -------\Legacy_J1939NT -------\Legacy_LBD -------\Legacy_PARCAII -------\Legacy_PARTIZAN -------\Legacy_PCSMHNT -------\Legacy_SBRE -------\Legacy_WINFLDRV -------\Service_CANNT -------\Service_CATLNKNT -------\Service_DLADRVNT -------\Service_DLASIPNT -------\Service_FlexService -------\Service_J1708NT -------\Service_J1939NT -------\Service_Lbd -------\Service_PARCAII -------\Service_Partizan -------\Service_PCSMHNT -------\Service_SBRE -------\Service_WinFLdrv ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 ))))))))))))))))))))))))))))))) . 2009-10-12 14:55 . 2009-10-12 14:56 -------- d-----w- c:\documents and settings\Kev\Local Settings\Application Data\Deployment 2009-10-05 12:55 . 2009-10-05 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-10-05 12:54 . 2009-10-05 12:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\documents and settings\Kev\Application Data\SUPERAntiSpyware.com 2009-10-05 12:54 . 2009-10-05 12:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-01 06:31 . 2009-10-01 06:31 -------- d-----w- c:\program files\StreamingStar 2009-09-23 09:13 . 2009-09-23 09:13 -------- d-----w- c:\program files\IrfanView 2009-09-23 09:04 . 2009-09-23 09:06 -------- d-----w- c:\windows\system32\Adobe 2009-09-23 07:06 . 2009-10-05 20:27 -------- d-----w- c:\program files\Universal Shield 4.3 2009-09-23 06:51 . 2009-05-03 16:22 73392 ----a-w- c:\windows\system32\fsproflt.exe 2009-09-23 03:24 . 2009-09-23 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 21:47 . 2009-09-22 21:48 -------- d-----w- c:\program files\FinalUninstaller 2009-09-22 07:44 . 2009-09-22 07:44 -------- d-----w- c:\documents and settings\Kev\Application Data\Windows Search 2009-09-22 06:21 . 2009-09-22 06:21 -------- d-----w- c:\documents and settings\Kev\Application Data\EMCO 2009-09-22 04:27 . 2009-09-22 04:27 -------- d-----w- c:\windows\RestoreSafeDeleted 2009-09-22 04:21 . 2009-09-22 21:19 29584 ----a-w- c:\windows\system32\drivers\regguard.sys 2009-09-22 04:21 . 2009-09-22 04:21 2 --shatr- c:\windows\winstart.bat 2009-09-22 04:18 . 2009-09-22 04:18 -------- d-----w- c:\program files\Greatis 2009-09-22 01:31 . 2009-06-09 15:06 1871872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-09-21 11:44 . 2009-09-21 11:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2009-09-21 11:30 . 2009-09-21 11:30 -------- d-----w- c:\program files\MSXML 4.0 2009-09-21 11:10 . 2009-09-23 02:48 -------- d-----w- c:\program files\Windows Desktop Search 2009-09-21 11:10 . 2009-09-21 11:10 -------- d-----w- c:\windows\system32\GroupPolicy 2009-09-21 11:09 . 2008-03-07 16:56 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2009-09-21 11:09 . 2008-03-07 16:56 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2009-09-21 10:48 . 2006-08-21 12:21 16896 -c----w- c:\windows\system32\dllcache\fltlib.dll 2009-09-21 10:48 . 2006-08-21 09:14 23040 -c----w- c:\windows\system32\dllcache\fltmc.exe 2009-09-21 10:48 . 2006-08-21 09:14 128896 -c----w- c:\windows\system32\dllcache\fltmgr.sys 2009-09-21 10:30 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-21 10:24 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-09-21 10:23 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll 2009-09-21 10:23 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-09-21 10:21 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-09-21 10:17 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll 2009-09-21 10:17 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll 2009-09-21 10:17 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll 2009-09-19 03:34 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-19 03:34 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-19 03:34 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-19 03:34 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-09-19 03:34 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-09-19 03:34 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-09-19 03:34 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-09-19 03:34 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-19 03:33 . 2007-08-13 22:54 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\wsbl.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_white.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_summ.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\ph_black.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords2.dat 2009-09-18 07:34 . 2009-09-18 07:34 0 ----a-w- c:\windows\system32\pcwords.dat 2009-09-18 02:53 . 2009-10-08 17:46 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2009-09-18 02:45 . 2009-09-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-09-18 02:38 . 2009-09-18 02:38 -------- d-----w- c:\documents and settings\Kev\Application Data\BitDefender 2009-09-16 02:13 . 2009-09-16 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 16:57 . 2009-08-16 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-15 03:42 . 2009-01-31 22:52 -------- d-----w- c:\documents and settings\Kev\Application Data\mIRC 2009-10-14 20:32 . 2009-01-31 22:52 -------- d-----w- c:\program files\mIRC 2009-10-09 11:17 . 2009-06-29 18:12 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys 2009-10-08 20:01 . 2009-08-23 07:16 -------- d-----w- c:\program files\a-squared Free 2009-10-06 06:46 . 2009-10-06 06:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-06 06:37 . 2009-04-03 17:09 -------- d-----w- c:\documents and settings\Kev\Application Data\DMCache 2009-10-05 20:30 . 2009-09-08 06:02 -------- d-----w- c:\program files\RapidBIT 2009-10-05 20:26 . 2009-02-04 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-28 18:00 . 2009-10-06 06:44 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-23 07:22 . 2009-01-31 20:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-23 07:22 . 2009-03-27 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-09-23 03:32 . 2009-06-19 02:25 -------- d-----w- c:\documents and settings\Kev\Application Data\Apple Computer 2009-09-23 03:28 . 2009-06-19 02:10 -------- d-----w- c:\program files\iTunes 2009-09-23 03:24 . 2009-06-19 02:00 -------- d-----w- c:\program files\iPod 2009-09-23 03:20 . 2009-06-19 02:23 -------- d-----w- c:\program files\QuickTime 2009-09-23 03:17 . 2009-01-31 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-23 03:15 . 2009-05-20 20:33 -------- d-----w- c:\program files\Common Files\Apple 2009-09-23 02:40 . 2009-07-01 19:59 -------- d-----w- c:\program files\Audio Edit Magic 2009-09-22 21:32 . 2009-07-01 22:28 -------- d-----w- c:\program files\Common Files\Acronis 2009-09-22 21:29 . 2009-04-30 03:05 -------- d-----w- c:\program files\Tweak-XP Pro 4 2009-09-22 21:28 . 2009-09-10 17:39 -------- d-----w- c:\program files\Driver Checker 2009-09-22 21:28 . 2009-07-12 05:21 -------- d-----w- c:\program files\DriverGenius 2009-09-22 16:17 . 2009-08-06 20:34 110856 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2009-09-22 15:46 . 2009-06-29 18:12 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys 2009-09-22 01:38 . 2009-09-22 01:38 0 ----a-w- c:\documents and settings\All Users\Application Data\xml34.tmp 2009-09-22 01:38 . 2009-08-18 22:33 2095 ----a-w- c:\documents and settings\All Users\Application Data\xmlBD.tmp 2009-09-22 01:38 . 2009-08-18 22:33 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlBC.tmp 2009-09-22 01:38 . 2009-08-18 22:33 8051 ----a-w- c:\documents and settings\All Users\Application Data\xmlBB.tmp 2009-09-20 06:29 . 2009-06-23 06:44 -------- d-----w- c:\program files\EasyDownloader 2009-09-20 06:28 . 2009-06-23 06:45 -------- d--h--w- c:\program files\InstallJammer Registry 2009-09-18 02:45 . 2009-09-09 02:17 -------- d-----w- c:\program files\BitDefender 2009-09-18 02:45 . 2009-09-09 02:14 -------- d-----w- c:\program files\Common Files\BitDefender 2009-09-18 02:22 . 2009-09-09 03:22 81984 ----a-w- c:\windows\system32\bdod.bin 2009-09-18 02:10 . 2009-07-05 21:35 -------- d-----w- c:\program files\Error Repair Professional 2009-09-16 02:11 . 2009-04-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-09-15 04:18 . 2009-06-22 04:43 -------- d-----w- c:\program files\Foxit Software 2009-09-11 00:33 . 2009-04-29 23:28 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-10 18:54 . 2009-08-16 14:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-08-16 14:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 17:44 . 2009-09-10 17:44 57344 ----a-w- c:\windows\BCMSMD2K.exe 2009-09-10 17:44 . 2009-09-10 17:44 34304 ----a-w- c:\windows\system32\BCMSM168.dll 2009-09-10 17:44 . 2009-09-10 17:44 147456 ----a-w- c:\windows\BCMSMU.exe 2009-09-10 17:44 . 2009-09-10 17:44 122880 ----a-w- c:\windows\BCMSMMSG.exe 2009-09-10 17:44 . 2009-09-10 17:44 118784 ----a-w- c:\windows\system32\BCMSMI32.dll 2009-09-10 17:44 . 2009-09-10 17:44 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys 2009-09-10 06:05 . 2009-09-10 06:01 -------- d-----w- c:\program files\ReNamer 2009-09-10 05:12 . 2009-09-10 05:12 -------- d-----w- c:\program files\RenameTool 2009-09-10 02:33 . 2009-09-10 02:32 -------- d-----w- c:\documents and settings\Kev\Application Data\GameRanger 2009-09-10 02:10 . 2009-03-10 20:57 -------- d-----w- c:\program files\Java 2009-09-09 06:35 . 2009-01-31 17:53 -------- d-----w- c:\program files\Gateway 2009-09-09 03:22 . 2009-09-09 03:22 132 ----a-w- C:\httpdwl.dat 2009-09-09 02:10 . 2009-06-30 05:30 -------- d-----w- c:\program files\Hard Disk Sentinel 2009-09-08 03:45 . 2009-09-08 03:39 -------- d-----w- c:\program files\Microsoft DirectX SDK (March 2009) 2009-09-08 03:39 . 2009-03-03 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-08 03:38 . 2009-09-08 03:38 118104 ----a-w- c:\windows\dxsdkuninst.exe 2009-09-08 03:29 . 2009-01-31 11:32 76128 ----a-w- c:\documents and settings\Kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-07 19:10 . 2009-09-07 19:10 -------- d-----w- c:\program files\Microsoft Games 2009-09-03 05:50 . 2009-09-03 05:50 -------- d-----w- c:\documents and settings\Kev\Application Data\Foxit Software 2009-09-01 18:07 . 2009-06-04 02:30 7028 --sha-w- c:\windows\system32\sys_drv.dat.bd.ren 2009-09-01 18:07 . 2009-06-04 02:30 6024 --sha-w- c:\windows\system32\sys_drv_2.dat.bd.ren 2009-08-30 19:19 . 2009-06-04 02:30 990 --sha-w- c:\documents and settings\Kev\Application Data\systemfl.$dk.bd.ren 2009-08-29 03:36 . 2009-08-29 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-28 05:51 . 2009-01-31 18:19 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-24 22:16 . 2009-07-18 02:50 -------- d-----w- c:\program files\NeoTracePro 2009-08-24 20:35 . 2009-08-24 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions 2009-08-24 20:20 . 2009-08-24 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-08-24 03:47 . 2009-08-24 03:40 -------- d-----w- c:\program files\Intel 2009-08-23 19:28 . 2009-05-27 21:55 -------- d-----w- c:\program files\Top Password 2009-08-18 22:32 . 2009-08-18 22:32 -------- d-----w- c:\program files\SiSoftware 2009-08-16 15:08 . 2009-10-06 06:44 178176 ----a-w- c:\windows\system32\unrar.dll 2009-08-05 09:11 . 2001-08-30 10:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 00:40 . 2009-04-17 03:26 256536 ----a-w- c:\windows\system32\Prounstl.exe 2009-07-31 19:23 . 2009-03-10 20:57 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-29 06:35 . 2009-10-06 06:44 2378752 ----a-w- c:\windows\system32\x264vfw.dll 2009-07-29 04:53 . 2001-08-30 10:30 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:53 . 2001-08-30 10:30 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-07-24 16:26 . 2009-07-24 16:26 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2009-09-22 15:46 . 2009-09-18 02:51 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-14_16.21.30 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-16 01:55 . 2009-10-16 01:55 16384 c:\windows\Temp\Perflib_Perfdata_508.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-09-22 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-09-22 1114536] "US4Service"="c:\program files\Universal Shield 4.3\US4Service.exe" [2009-07-09 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoVisualStyleChoice"= 0 (0x0) "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "ForceRecycleBinSize"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoFileAssociate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck !?Q??>??\0autocheck \0autocheck autocheck K\0autocheck >?>?>?>rigg\0autocheck autocheck ?>?>??>?>?>?>?>?>?>?>?>?>\0autocheck ?>+Û?>?>??>'>a?>?>O?>?>U?>?>?> [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cisvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\RpcAgentSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP4\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 DevLdr32exe;Environmental Sound Controller;c:\windows\System32\srvany.exe [1998-11-22 8464] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-09-22 183880] R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2009-09-22 29584] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-04-01 82696] S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-10-09 152328] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-09-22 110856] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Kev\Application Data\Mozilla\Firefox\Profiles\2zxzthrc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-15 21:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2010\vsserv.exe c:\program files\a-squared Free\a2service.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\BitDefender\BitDefender 2010\seccenter.exe . ************************************************************************ . Completion time: 2009-10-16 22:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-16 02:01 ComboFix2.txt 2009-10-14 16:25 Pre-Run: 18,183,720,960 bytes free Post-Run: 18,099,449,856 bytes free 386 Last edited by Kevin350; 10-15-2009 at 08:30 PM.

10-18-2009, 11:39 AM	#12 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Hello. That error you received seems to be a memory issue. "Out of Memory" error message appears when you have a large number of programs running or just programs that take too much resources. Slowness may be due to another problem here. Not always malware related. I want you to run a scan with OTL... Download and run OTL Download OTL by OldTimer and save it to your desktop. Double click on the icon on your desktop. If you are using Vista, please right-click and select run as administrator Click the "Scan All Users" checkbox. Push the button. It will now begin to scan, please be paitent while it scans. Two reports will open once it's done. Please copy and paste them in your next reply: OTL.txt <-- Will be opened Extras.txt <-- Will be minimized __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

10-19-2009, 02:23 PM	#16 (permalink)
Kevin350 Registered User Join Date: Aug 2009 Posts: 17 OS: Windows XP Home Edition	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Extremeboy, I really appreciate your help and time for the past two weeks. Thank you very much, -Kev

10-20-2009, 02:29 PM	#17 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle You're welcome. Let's wrap up then. Let's cleanup our mess and remove the tools we have used. Please follow/read the steps below to remove the tools we used and for some more information. :) Uninstall ComboFix Remove Combofix now that we're done with it. Click on your Start Menu, then Run.... Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/". When shown the disclaimer, Select "2" This will remove files/folders assoicated with combofix and uninstall it. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Being Cleanup Process". Please select Yes. Restart your computer when prompted. System A bit Slow? Try StartupLight You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If that does not work, you can try the steps mentioned in this thread (PC running slow...?) Congratulations! You now appear clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Preventing Infections in the Future Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection: So How did I get infected? Miekies' prevention suggestions Hardening Windows Security - Part 1 & Part 2. Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Vist the WindowsUpdate Site Regularly I recommend you regularly visit the Windows Update Site! Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating. Update ALL Critical updates and any other Windows updates for services/programs that you use. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates. Note that it will download them for you, but you still have to actually click install. Update Non-Microsoft Programs It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet Glad I was able to help and thank you for choosing TechSupportForum as you malware removal source. Don't forget to tell your friends about us and Good luck If you have no more questions, comments or problems please tell us, so we can close off the topic. Thanks :) With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

10-26-2009, 02:21 PM	#18 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 554 OS: N/A	Re: Windows XP Home -- Computer Slow At Times; Computer Randomly Loads In Idle Hello. Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic if needed. This applies only to the original topic starter only. Everyone else please begin a New Topic in the Virus/Trojan/Spyware Help by following the steps outlined over here Good luck! With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.