You are not connected. Please login or register

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » Malware/Threat Removal » BDS.small.iuj

Goto page : Previous  1, 2, 3  Next

View previous topic View next topic Go down  Message [Page 2 of 3]

16 Re: BDS.small.iuj on Sat Mar 20, 2010 3:50 pm

DragonMaster Jay


Site Owner
Site Owner
Sorry. Here's the new download link: http://noahdfear.net/downloads/HelpAsst/HelpAsst_mebroot_fix.exe


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

17 Re: BDS.small.iuj on Sun Mar 21, 2010 4:46 am

rinmueru


Member
Member
here's the log of your last instruction.. with the helpasst_mebroot_fix

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Very Happy

View user profile

18 Re: BDS.small.iuj on Sun Mar 21, 2010 4:32 pm

DragonMaster Jay


Site Owner
Site Owner
Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

19 Re: BDS.small.iuj on Mon Mar 22, 2010 8:09 am

rinmueru


Member
Member
sir Jay,

Here's the malwarebytes log as you requested..

Malwarebytes' Anti-Malware 1.44
Database version: 3898
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/22/2010 7:59:40 PM
mbam-log-2010-03-22 (19-59-40).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|)
Objects scanned: 204559
Time elapsed: 1 hour(s), 21 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\msnsc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{01CB568E-AA82-4FB8-B5DE-E4C6FD49C92D}\RP145\A0166904.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MARIGZA\My Documents\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

View user profile

20 Re: BDS.small.iuj on Mon Mar 22, 2010 10:34 am

DragonMaster Jay


Site Owner
Site Owner
Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

21 Re: BDS.small.iuj on Mon Mar 22, 2010 11:34 am

rinmueru


Member
Member
hmmm... the log has too many characters to fit in one post. haha Laughing

Here's the OTS log

[code]
OTS logfile created on: 3/22/2010 11:13:09 PM - Run 1
OTS by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\MARIGZA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory | 60.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 16.46 Gb Free Space | 44.18% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 20.17 Gb Free Space | 54.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARIGZA
Current User Name: MARIGZA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\MARIGZA\Desktop\OTS.exe -> [2010/03/22 23:06:18 | 000,637,440 | ---- | M] (OldTimer Tools)
pmb.exe -> C:\Program Files\Pando Networks\Media Booster\PMB.exe -> [2010/02/08 16:25:34 | 002,937,528 | ---- | M] ()
btdna.exe -> C:\Program Files\DNA\btdna.exe -> [2009/11/13 19:49:14 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
gogear_vibe_devicemanager.exe -> C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -> [2009/03/13 17:06:42 | 001,611,152 | ---- | M] (Philips)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
ekrn.exe -> C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe -> [2007/12/21 08:21:16 | 000,468,224 | ---- | M] (ESET)
egui.exe -> C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe -> [2007/12/21 08:21:06 | 001,443,072 | ---- | M] (ESET)
nmbgmonitor.exe -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2006/12/24 01:05:20 | 000,143,360 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe -> [2006/12/24 01:04:42 | 000,905,216 | ---- | M] (Nero AG)

View user profile

22 Re: BDS.small.iuj on Mon Mar 22, 2010 11:35 am

rinmueru


Member
Member
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\MARIGZA\Desktop\OTS.exe -> [2010/03/22 23:06:18 | 000,637,440 | ---- | M] (OldTimer Tools)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2006/01/13 09:58:04 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2006/01/13 09:54:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll -> [2006/01/13 09:10:05 | 001,053,696 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(CLTNetCnService) Symantec Lic NetConnect service [Auto | Stopped] -> -> File not found
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\WINDOWS\System32\GameMon.des -> [2009/11/13 01:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(EhttpSrv) Eset HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2007/12/21 08:22:44 | 000,019,200 | ---- | M] (ESET)
(ekrn) Eset Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2007/12/21 08:21:16 | 000,468,224 | ---- | M] (ESET)

[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010/03/20 10:07:43 | 000,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(NCHSSVAD) SoundTap Recorder [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nchssvad.sys -> [2009/03/07 01:41:37 | 000,027,136 | ---- | M] (NCH Swift Sound)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/01/15 11:12:36 | 000,717,296 | ---- | M] ()
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2007/12/21 08:21:56 | 000,033,800 | ---- | M] ()
(easdrv) easdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\easdrv.sys -> [2007/12/21 08:20:14 | 000,030,216 | ---- | M] (ESET)
(eamon) eamon [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2007/12/21 08:19:54 | 000,039,944 | ---- | M] (ESET)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/09/12 19:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.)
(xfilt) VIA SATA IDE Hot-plug Driver [Kernel | Boot | Stopped] -> C:\WINDOWS\system32\DRIVERS\xfilt.sys -> [2006/02/23 11:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc)
(videX32) videX32 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\videX32.sys -> [2006/02/23 11:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2006/01/13 09:33:09 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2006/01/06 23:53:16 | 000,010,624 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2006/01/06 15:53:16 | 000,059,264 | ---- | M] (Microsoft Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2006/01/06 15:52:54 | 000,016,128 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2005/11/11 20:47:00 | 003,532,928 | ---- | M] (NVIDIA Corporation)
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\npptNT2.sys -> [2005/01/05 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2004/09/29 15:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2004/09/29 15:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2004/09/29 15:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.)
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\viaagp1.sys -> [2003/07/02 11:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.)

View user profile

23 Re: BDS.small.iuj on Mon Mar 22, 2010 11:36 am

rinmueru


Member
Member
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: URLSearchHooks\\"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}" [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: URLSearchHooks\\"{F4F10C1D-87C7-404A-B4B3-000000000000}" [HKLM] -> C:\Program Files\DAP\SBSearch.dll [SrchHook Class] -> [2008/08/11 00:35:48 | 000,032,768 | ---- | M] (SpeedBit Ltd.)
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\FireFox\Profiles\gur2u64u.default\prefs.js ->
browser.search.defaultenginename -> "Yahoo" ->
browser.search.defaulturl -> "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" ->
browser.search.order.1 -> "Fast Browser Search" ->
browser.search.param.yahoo-fr -> "moz2-ytff-" ->
browser.search.param.yahoo-fr-cjkt -> "moz2-ytff-" ->
browser.search.selectedEngine -> "Yahoo" ->
browser.startup.homepage -> "http://my.yahoo.com/" ->
extensions.enabledItems -> piclens@cooliris.com:1.11.6 ->
extensions.enabledItems -> {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> personas@christopher.beard:1.5.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 ->
extensions.enabledItems -> {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.88 ->
keyword.URL -> "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [C:\PROGRAM FILES\ARCSOFT\MEDIA CONVERTER FOR PHILIPS\INTERNET VIDEO DOWNLOADER\PLUGIN_FIREFOX] -> [2010/02/07 12:34:25 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/01/31 20:05:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/25 20:19:21 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Extensions -> [2008/08/10 20:10:25 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions -> [2010/03/22 19:58:18 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} -> [2010/03/01 20:35:06 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/08 16:20:00 | 000,000,000 | ---D | M]
FoxyTunes -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} -> [2010/01/24 12:39:04 | 000,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/02/18 00:09:16 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66} -> [2010/01/24 10:54:21 | 000,000,000 | ---D | M]
WOT -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/12/05 23:58:26 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} -> [2010/01/24 10:54:30 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{d596c130-b00a-11db-abbd-0800200c9a66} -> [2010/01/24 10:54:39 | 000,000,000 | ---D | M]
myFireFox -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} -> [2010/03/01 20:34:59 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} -> [2010/01/24 10:54:44 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\personas@christopher.beard -> [2010/01/19 07:41:14 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\piclens@cooliris.com -> [2010/01/19 07:41:04 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\piclens@cooliris.com-trash -> [2010/01/19 07:41:04 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\redshift_V2@shift-themes.com -> [2010/01/24 10:54:35 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\MARIGZA\Application Data\Mozilla\Firefox\Profiles\gur2u64u.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions -> [2010/03/01 20:34:59 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/22 16:56:11 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/03/20 12:13:26 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [IEPlugin Class] -> [2008/12/24 17:38:20 | 000,145,920 | ---- | M] (ArcSoft, Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{db9d7a78-a76c-4bf2-97c6-258925ee1542} [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/22 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar BHO] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}" [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/22 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
ShellBrowser\\"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}" [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
ShellBrowser\\"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}" [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/22 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
WebBrowser\\"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2009/10/10 13:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2007/12/21 08:21:06 | 001,443,072 | ---- | M] (ESET)
"LanguageShortcut" -> C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [2006/12/06 05:55:32 | 000,054,832 | ---- | M] ()
"NeroFilterCheck" -> C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2006/01/12 22:40:44 | 000,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2005/11/11 20:47:00 | 007,311,360 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> [2005/11/11 20:47:00 | 000,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2006/10/22 12:22:00 | 001,622,016 | ---- | M] ()
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 18:04:26 | 002,879,488 | R--- | M] (Realtek Semiconductor Corp.)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\system32\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> [2006/01/13 09:25:59 | 000,044,544 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"tscuninstall" -> C:\WINDOWS\system32\tscupgrd.exe [%systemroot%\system32\tscupgrd.exe] -> [2006/01/13 09:25:59 | 000,044,544 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2006/12/24 01:05:20 | 000,143,360 | ---- | M] (Nero AG)
"BitTorrent DNA" -> C:\Program Files\DNA\btdna.exe ["C:\Program Files\DNA\btdna.exe"] -> [2009/11/13 19:49:14 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2008/10/16 21:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
"Pando Media Booster" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe] -> [2010/02/08 16:25:34 | 002,937,528 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe -> [2009/03/13 17:06:42 | 001,611,152 | ---- | M] (Philips)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< MARIGZA Startup Folder > -> C:\Documents and Settings\MARIGZA\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408\\"Iexplore.exe" -> [1] -> File not found
\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408\\"BufferBreakingSize" -> [10485760] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer
\\"Windows Update Menu Text" -> [Microsoft Update] -> File not found
HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer
\\"Windows Update Menu Text" -> [Microsoft Update] -> File not found
HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\Software\Policies\Microsoft\Internet Explorer
\\"Windows Update Menu Text" -> [Microsoft Update] -> File not found
\\"Homepage" -> [0] -> File not found
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Main\Feature Control
\Main\Feature Control\\"IMAGING_EMF_USE_RCLFRAMESIZE_KB905299" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoRemoteRecursiveEvents" -> [1] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoInternetIcon" -> [0] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoInternetIcon" -> [0] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoLowDiskSpaceChecks" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Clean Traces -> C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [C:\Program Files\DAP\Privacy Package\dapcleanerie.htm] -> [2008/08/11 00:35:50 | 000,001,748 | ---- | M] ()
&Download with &DAP -> C:\Program Files\DAP\dapextie.htm [C:\Program Files\DAP\dapextie.htm] -> [2008/08/11 00:35:52 | 000,002,020 | ---- | M] ()
Download &all with DAP -> C:\Program Files\DAP\dapextie2.htm [C:\Program Files\DAP\dapextie2.htm] -> [2008/08/11 00:35:52 | 000,001,041 | ---- | M] ()
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Clean Traces -> C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [C:\Program Files\DAP\Privacy Package\dapcleanerie.htm] -> [2008/08/11 00:35:50 | 000,001,748 | ---- | M] ()
&Download with &DAP -> C:\Program Files\DAP\dapextie.htm [C:\Program Files\DAP\dapextie.htm] -> [2008/08/11 00:35:52 | 000,002,020 | ---- | M] ()
Download &all with DAP -> C:\Program Files\DAP\dapextie2.htm [C:\Program Files\DAP\dapextie2.htm] -> [2008/08/11 00:35:52 | 000,001,041 | ---- | M] ()
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Clean Traces -> C:\Program Files\DAP\Privacy Package\dapcleanerie.htm [C:\Program Files\DAP\Privacy Package\dapcleanerie.htm] -> [2008/08/11 00:35:50 | 000,001,748 | ---- | M] ()
&Download with &DAP -> C:\Program Files\DAP\dapextie.htm [C:\Program Files\DAP\dapextie.htm] -> [2008/08/11 00:35:52 | 000,002,020 | ---- | M] ()
Download &all with DAP -> C:\Program Files\DAP\dapextie2.htm [C:\Program Files\DAP\dapextie2.htm] -> [2008/08/11 00:35:52 | 000,001,041 | ---- | M] ()
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000] -> [2010/01/15 00:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Button: Yahoo! Messenger] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe [Menu: Yahoo! Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{A75C6120-9B36-11d4-A3F0-009027427750}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2008/10/16 21:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 124.104.135.74 58.69.254.104 58.69.254.7 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7A585080-129C-4001-B44D-06772723E394}\\DhcpNameServer -> 124.104.135.74 58.69.254.104 58.69.254.7 (VIA Rhine II Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [2009/04/09 03:37:48 | 000,637,232 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" -> C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe [C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module] -> [2009/04/25 23:59:07 | 001,384,448 | ---- | M] (Camshare LLC)
"C:\Program Files\DAP\DAP.exe" -> C:\Program Files\DAP\DAP.exe [C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)] -> [2008/08/11 00:35:50 | 003,065,344 | ---- | M] (Speedbit Ltd.)
"C:\Program Files\DNA\btdna.exe" -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> [2009/11/13 19:49:14 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/03/27 16:30:54 | 000,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 22:16:44 | 001,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/02/08 16:25:34 | 002,937,528 | ---- | M] ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2008/10/16 21:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
"D:\Program Files\AeriaGames\GrandFantasia\GrandFantasia.exe" -> D:\Program Files\AeriaGames\GrandFantasia\GrandFantasia.exe [D:\Program Files\AeriaGames\GrandFantasia\GrandFantasia.exe:*:Enabled:GrandFantasia] -> [2010/02/25 11:15:59 | 003,149,824 | ---- | M] (EasyFun Entertaimment)
"D:\Program Files\AeriaGames\GrandFantasia\Launcher.exe" -> D:\Program Files\AeriaGames\GrandFantasia\Launcher.exe [D:\Program Files\AeriaGames\GrandFantasia\Launcher.exe:*:Enabled:Launcher] -> [2009/12/03 21:03:48 | 001,236,992 | ---- | M] (Easyfun Entertaimment)
"D:\Program Files\Garena\Garena.exe" -> D:\Program Files\Garena\Garena.exe [D:\Program Files\Garena\Garena.exe:*:Enabled:Garena] -> [2010/03/18 09:22:21 | 002,536,792 | ---- | M] (Garena Online PTE LTD)
"D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" -> D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [D:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade] -> [2006/09/17 04:15:16 | 003,110,488 | ---- | M] (THQ Canada Inc.)
"D:\Program Files\WarcraftIII\Warcraft III.exe" -> D:\Program Files\WarcraftIII\Warcraft III.exe [D:\Program Files\WarcraftIII\Warcraft III.exe:*:Enabled:Warcraft III] -> [2006/07/12 23:24:44 | 000,274,432 | ---- | M] (Blizzard Entertainment)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/08/08 03:23:23 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

View user profile

24 Re: BDS.small.iuj on Mon Mar 22, 2010 11:37 am

rinmueru


Member
Member
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\System32\iac25_32.ax [iac25_32.ax] -> [2006/01/13 09:24:14 | 000,192,000 | ---- | M] (Ligos Corporation)
"msacm.imc" -> C:\WINDOWS\System32\IMC32.acm [imc32.acm] -> [2006/01/13 09:15:22 | 000,098,304 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2006/01/13 09:12:50 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.l3codecp" -> C:\WINDOWS\System32\l3codecp.acm [l3codecp.acm] -> [2006/01/13 09:13:51 | 000,360,448 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\SIRENACM.DLL [sirenacm.dll] -> [2006/01/13 10:04:50 | 000,119,856 | ---- | M] (Microsoft Corp.)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2006/01/13 10:05:01 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2006/01/13 09:11:19 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2006/01/06 15:53:14 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2006/01/13 09:29:25 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.ffds" -> [-] -> File not found
"VIDC.i263" -> C:\WINDOWS\System32\I263_32.drv [i263_32.drv] -> [2006/01/13 09:44:46 | 000,391,680 | ---- | M] (Intel Corporation)
"vidc.iv31" -> C:\WINDOWS\System32\Ir32_32.dll [Ir32_32.dll] -> [2006/01/13 09:53:16 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\Ir32_32.dll [Ir32_32.dll] -> [2006/01/13 09:53:16 | 000,199,168 | ---- | M] ()
"VIDC.IV40" -> C:\WINDOWS\System32\Ir41_32.ax [Ir41_32.ax] -> [2006/01/13 09:58:45 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv41" -> C:\WINDOWS\System32\Ir41_32.ax [Ir41_32.ax] -> [2006/01/13 09:58:45 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\Ir50_32.dll [ir50_32.dll] -> [2006/01/13 09:37:17 | 000,746,496 | ---- | M] (Ligos Corporation)
"vidc.MP42" -> [Mpg4c32.dll] -> File not found
"vidc.MP43" -> [Mpg4c32.dll] -> File not found
"vidc.MPG4" -> [Mpg4c32.dll] -> File not found
"VIDC.VP60" -> C:\WINDOWS\system32\vp6vfw.dll [C:\WINDOWS\system32\vp6vfw.dll] -> [2004/08/18 11:14:36 | 000,442,368 | R--- | M] (On2.com)
"VIDC.VP61" -> C:\WINDOWS\system32\vp6vfw.dll [C:\WINDOWS\system32\vp6vfw.dll] -> [2004/08/18 11:14:36 | 000,442,368 | R--- | M] (On2.com)
"VIDC.wmv3" -> C:\WINDOWS\System32\WMV9VCM.dll [wmv9vcm.dll] -> [2006/01/13 09:41:58 | 001,415,680 | ---- | M] (Microsoft Corporation)
"VIDC.XFR1" -> C:\WINDOWS\System32\xfcodec.dll [xfcodec.dll] -> [2008/12/12 04:37:44 | 000,042,320 | ---- | M] ()
"vidc.XVID" -> C:\WINDOWS\System32\xvidvfw.dll [xvidvfw.dll] -> [2006/01/13 10:02:21 | 000,180,224 | ---- | M] ()
"wave2" -> C:\WINDOWS\System32\serwvdrv.dll [serwvdrv.dll] -> [2006/01/13 09:58:04 | 000,014,848 | ---- | M] (Microsoft Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime Alternative\QTSystem\QTPlugin.ocx [QuickTime Object] -> [2005/11/11 05:48:10 | 000,409,600 | ---- | M] (Apple Computer, Inc.)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/27 02:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2010/01/18 15:24:44 | 000,213,272 | ---- | M] (Adobe Systems, Inc.)
{21C4E4B2-40F7-4E77-BF19-8BED7187BB55} [HKLM] -> C:\Program Files\BitTorrent\BitTorrentIE.2.dll [BitTorrent Control] -> [2008/09/04 08:11:24 | 000,300,552 | ---- | M] (BitTorrent, Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2010/01/18 15:24:44 | 000,213,272 | ---- | M] (Adobe Systems, Inc.)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2009/12/17 17:14:04 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M] (Microsoft Corporation)
{68979310-D979-4CCA-AB57-83BEFB03E0D3} [HKLM] -> C:\Program Files\Pando Networks\PandoShared\npPandoWebInst.dll [PandoWebInstCtrl Class] -> [2010/02/08 16:24:17 | 000,238,776 | ---- | M] (Pando Networks)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 17:14:02 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{9E385F0A-0BA2-430C-96AA-4399C5E40F6C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{a3c6dafc-e193-42fc-adca-5316b5d6d653} [HKLM] -> C:\Program Files\DNA\plugins\npbtdna.dll [BitTorrentDNA Class] -> [2009/11/13 19:49:32 | 000,054,592 | ---- | M] (BitTorrent, Inc.)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2009/12/21 18:15:14 | 000,660,912 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 17:14:02 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 17:14:02 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2009/12/17 17:14:02 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2009/12/17 17:14:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/27 02:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\FlDbg10b.ocx [Shockwave Flash Object] -> [2009/02/03 10:11:20 | 004,690,336 | R--- | M] (Adobe Systems, Inc.)
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll [MessengerChecker Class] -> [2008/10/16 21:57:54 | 000,103,664 | ---- | M] (Yahoo! Inc.)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M] ()
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar Settings] -> File not found
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar BHO] -> File not found
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> File not found
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{0468C085-CA5B-11D0-AF08-00609797F0E0} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL [Outlook Today's Data-binding control] -> [2009/08/17 22:54:46 | 000,136,520 | ---- | M] ()
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/12/21 18:27:50 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{11222041-111B-46E3-BD29-EFB2449479B1} [HKLM] -> C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll [IEPlugin Class] -> [2008/12/24 17:38:20 | 000,145,920 | ---- | M] (ArcSoft, Inc.)
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{32099AAC-C132-4136-9E9A-4E364A424E17} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{32C3FEAE-0877-4767-8C20-62A5829A0945} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{71576546-354D-41C9-AAE8-31F2EC22BF0D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8736C681-37A0-40C6-A0F0-4C083409151C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/08/11 00:36:13 | 002,403,392 | R--- | M] (Google Inc.)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C98FE784-B96E-41e1-8399-1337AE3E539F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D09C464F-07DE-4C04-ABB4-88C30329C02D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\FlDbg10b.ocx [Shockwave Flash Object] -> [2009/02/03 10:11:20 | 004,690,336 | R--- | M] (Adobe Systems, Inc.)
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll [MessengerChecker Class] -> [2008/10/16 21:57:54 | 000,103,664 | ---- | M] (Yahoo! Inc.)
{DB9D7A78-A76C-4BF2-97C6-258925EE1542} [HKLM] -> C:\Program Files\Reganam\tbRega.dll [Reganam Toolbar] -> [2008/04/03 10:40:42 | 001,523,736 | ---- | M] (Conduit Ltd.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2008/10/16 21:57:52 | 004,347,120 | ---- | M] (Yahoo! Inc.)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/22 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/22 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/05/16 03:40:40 | 000,817,936 | ---- | M] (Yahoo! Inc.)
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar BHO] -> File not found
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> File not found
{F6406B2D-39A7-4566-A174-E19DDD818A95} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FDBA56A8-8FA7-41A3-97F4-A094019C4178} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = Opera.HTML] -> Reg Error: Key error. -> File not found
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Classes\\ ->
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/16 11:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2008/08/08 04:01:32 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008/10/25 09:27:54 | 000,044,408 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 20:45:02 | 000,873,216 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> C:\Program Files\MSN Messenger\msgrapp.dll[Reg Error: Value error.] -> [2005/12/07 01:01:16 | 000,087,088 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
\Monitoring\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Monitoring\SymantecAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [1] -> File not found
\\"DoNotAllowExceptions" -> [0] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} -> Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
{01501EBA-EC35-4F9F-8889-3BE346E5DA13} -> MSXML4 Parser
{08E16CBF-7029-4881-83DF-D0B3A63030B4} -> WOT for Internet Explorer
{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} -> DVD Suite
{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
{20D4A895-748C-4D88-871C-FDB1695B0169} -> Platform
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{26A24AE4-039D-4CA4-87B4-2F83216012FF} -> Java(TM) 6 Update 18
{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64} -> EPSON Scan Assistant
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{40C03514-89C3-41BA-0090-3B440256DB87} -> The Sims 2
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D} -> ESET NOD32 Antivirus
{63A6E9A9-A190-46D4-9430-2DB28654AFD8} -> Norton 360
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} -> Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7CCEBC24-62DB-4280-A8EC-BFA49F167920} -> Software Update for Web Folders
{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32} -> EPSON Web-To-Page
{89C89156-A70F-4C6D-9CAE-2EA71F1396FE} -> Garena
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{AAB93551-3FFE-42B2-8315-96252BBC1033} -> Nero 7 Essentials
{AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.1
{AC76BA86-7AD7-5464-3428-900000000004} -> Spelling Dictionaries Support For Adobe Reader 9
{B7A0CE06-068E-11D6-97FD-0050BACBF861} -> PowerProducer
{B90450DF-E781-46FD-B1F1-0C86DA40E443} -> PIF DESIGNER
{BA801B94-C28D-46EE-B806-E1E021A3D519} -> Company of Heroes
{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312} -> EPSON Easy Photo Print
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6} -> GoGear VIBE Device Manager
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer
{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE} -> Media Converter for Philips
{E86BC406-944E-41F6-ADE6-2C136734C96B} -> EPSON File Manager
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{FF39FC01-819B-42E4-AE49-1968AF12DDD4} -> Dawn of War - Dark Crusade
{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
AskSBar Uninstall -> Ask Toolbar
Avira AntiVir Desktop -> Avira AntiVir Personal - Free Antivirus
Camfrog 5.2 -> Camfrog Video Chat 5.2
CrossFire -> CrossFire(Remove only)
Download Accelerator Plus (DAP) -> Download Accelerator Plus (DAP)
ENTERPRISE -> Microsoft Office Enterprise 2007
EPSON Printer and Utilities -> EPSON Printer Software
ESC58_59 User's Guide -> ESC58_59 User's Guide
F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM -> F.A. Davis's Nursing Care Plan, ed. 6, on CD-ROM
FoxyTunesForFirefox -> FoxyTunes for Firefox
Game Booster_is1 -> Game Booster
ie7 -> Windows Internet Explorer 7
InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} -> VIA Platform Device Manager
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Mozilla Firefox (3.6) -> Mozilla Firefox (3.6)
NOD32 v3.x FiX 1.1 by TemDono_is1 -> NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
NVIDIA Drivers -> NVIDIA Drivers
OpenAL -> OpenAL
QuicktimeAlt_is1 -> QuickTime Alternative 1.67
Reganam Toolbar -> Reganam Toolbar
RF OnlineVrsion 1.1 -> RF Online
Runic Games Torchlight -> Torchlight
VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter
WIC -> Windows Imaging Component
WinRAR archiver -> WinRAR archiver
Yahoo! Companion -> Yahoo! Toolbar
Yahoo! Messenger -> Yahoo! Messenger
< Uninstall List [HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
BitTorrent -> BitTorrent
BitTorrent DNA -> DNA
Facebook Plug-In -> Facebook Plug-In
Yahoo! BrowserPlus -> Yahoo! BrowserPlus
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/23/2010 9:37:17 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application acdaemon.exe, version 1.1.0.45, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.
Application [ Error ] 3/14/2010 6:31:11 AM Computer Name = MARIGZA | Source = Microsoft Office 12 | ID = 5000 -> Description = EventType officelifeboathang, P1 ois.exe, P2 12.0.6413.1000, P3 ntdll.dll, P4 5.1.2600.3520, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 3/15/2010 11:25:50 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting module unknown, version 0.0.0.0, fault address 0x0362eab8.
Application [ Error ] 3/20/2010 12:15:03 PM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03b9eab8.
Application [ Error ] 3/21/2010 5:54:36 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x043beab8.
Application [ Error ] 3/21/2010 6:18:52 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100ceab8.
Application [ Error ] 3/21/2010 7:22:57 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application lunaclient.exe, version 1.0.0.1, faulting module lunaclient.exe, version 1.0.0.1, fault address 0x001c9331.
Application [ Error ] 3/21/2010 7:57:44 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02dfeab8.
Application [ Error ] 3/21/2010 11:31:01 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100ceab8.
Application [ Error ] 3/21/2010 11:31:23 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Application [ Error ] 2/23/2010 9:37:17 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application acdaemon.exe, version 1.1.0.45, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.
Application [ Error ] 3/14/2010 6:31:11 AM Computer Name = MARIGZA | Source = Microsoft Office 12 | ID = 5000 -> Description = EventType officelifeboathang, P1 ois.exe, P2 12.0.6413.1000, P3 ntdll.dll, P4 5.1.2600.3520, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 3/15/2010 11:25:50 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting module unknown, version 0.0.0.0, fault address 0x0362eab8.
Application [ Error ] 3/20/2010 12:15:03 PM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03b9eab8.
Application [ Error ] 3/21/2010 5:54:36 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x043beab8.
Application [ Error ] 3/21/2010 6:18:52 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100ceab8.
Application [ Error ] 3/21/2010 7:22:57 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application lunaclient.exe, version 1.0.0.1, faulting module lunaclient.exe, version 1.0.0.1, fault address 0x001c9331.
Application [ Error ] 3/21/2010 7:57:44 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02dfeab8.
Application [ Error ] 3/21/2010 11:31:01 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x100ceab8.
Application [ Error ] 3/21/2010 11:31:23 AM Computer Name = MARIGZA | Source = Application Error | ID = 1000 -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
System [ Error ] 3/20/2010 12:11:44 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7023 -> Description = The Network Image service terminated with the following error: %%126
System [ Error ] 3/21/2010 4:05:30 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
System [ Error ] 3/21/2010 4:05:32 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
System [ Error ] 3/21/2010 4:05:32 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7000 -> Description = The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053
System [ Error ] 3/21/2010 4:32:19 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7011 -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
System [ Error ] 3/22/2010 4:39:00 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the NMIndexingService service to connect.
System [ Error ] 3/22/2010 4:39:00 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7000 -> Description = The NMIndexingService service failed to start due to the following error: %%1053
System [ Error ] 3/22/2010 4:39:00 AM Computer Name = MARIGZA | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1053" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
System [ Error ] 3/22/2010 8:03:00 AM Computer Name = MARIGZA | Source = sr | ID = 1 -> Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
System [ Error ] 3/22/2010 8:03:33 AM Computer Name = MARIGZA | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde xfilt

View user profile

25 Re: BDS.small.iuj on Mon Mar 22, 2010 11:38 am

rinmueru


Member
Member
[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\MARIGZA\Desktop\OTS.exe -> [2010/03/22 23:05:49 | 000,637,440 | ---- | C] (OldTimer Tools)
Malwarebytes -> C:\Documents and Settings\MARIGZA\Application Data\Malwarebytes -> [2010/03/22 16:59:50 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/22 16:59:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/03/22 16:59:37 | 000,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/22 16:59:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/03/22 16:59:34 | 000,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\MARIGZA\Desktop\mbam-setup.exe -> [2010/03/22 16:49:43 | 005,115,824 | ---- | C] (Malwarebytes Corporation )
Identities -> C:\Documents and Settings\MARIGZA\Application Data\Identities -> [2010/03/21 19:54:30 | 000,000,000 | ---D | C]
Recent -> C:\Documents and Settings\MARIGZA\Recent -> [2010/03/21 16:35:24 | 000,000,000 | RH-D | C]
RECYCLER -> C:\RECYCLER -> [2010/03/20 22:53:13 | 000,000,000 | -HSD | C]
temp -> C:\WINDOWS\temp -> [2010/03/20 12:10:04 | 000,000,000 | ---D | C]
PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2010/03/20 10:21:37 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/03/20 09:32:08 | 000,000,000 | RHSD | C]
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/03/20 09:28:09 | 000,031,232 | ---- | C] (NirSoft)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/03/20 09:28:08 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/03/20 09:28:08 | 000,136,704 | ---- | C] (SteelWerX)
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/03/20 09:28:07 | 000,212,480 | ---- | C] (SteelWerX)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/03/20 09:27:57 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/20 09:25:52 | 000,000,000 | ---D | C]
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/03/20 00:19:51 | 000,096,104 | ---- | C] (Avira GmbH)
avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/03/20 00:19:51 | 000,022,360 | ---- | C] (Avira GmbH)
avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/03/20 00:19:50 | 000,045,416 | ---- | C] (Avira GmbH)
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/03/20 00:19:48 | 000,028,520 | ---- | C] (Avira GmbH)
Avira -> C:\Program Files\Avira -> [2010/03/20 00:19:38 | 000,000,000 | ---D | C]
Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2010/03/20 00:19:38 | 000,000,000 | ---D | C]
_OTL -> C:\_OTL -> [2010/03/19 23:11:45 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2010/03/19 11:37:56 | 000,000,000 | ---D | M]
explorer.exe -> C:\WINDOWS\explorer.exe -> [2010/03/19 02:49:54 | 001,033,728 | ---- | C] (Microsoft Corporation)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/03/18 21:41:47 | 000,056,816 | ---- | C] (Avira GmbH)
Config.Msi -> C:\Config.Msi -> [2010/03/18 21:38:07 | 000,000,000 | ---D | C]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/12 09:51:44 | 000,000,000 | ---D | C]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/03/12 09:47:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/03/12 09:47:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2010/03/12 09:47:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
WMTools Downloaded Files -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\WMTools Downloaded Files -> [2010/03/11 20:01:29 | 000,000,000 | ---D | C]
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 12:27:50 | 003,555,328 | ---- | C] (Microsoft Corporation)
ptpusb.dll -> C:\WINDOWS\System32\ptpusb.dll -> [2010/02/20 11:25:10 | 000,005,632 | ---- | C] (Microsoft Corporation)
ptpusd.dll -> C:\WINDOWS\System32\ptpusd.dll -> [2010/02/20 11:25:09 | 000,159,232 | ---- | C] (Microsoft Corporation)
Facebook -> C:\Documents and Settings\MARIGZA\Application Data\Facebook -> [2010/02/09 20:56:17 | 000,000,000 | ---D | C]
PMB Files -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\PMB Files -> [2010/02/08 16:25:56 | 000,000,000 | ---D | C]
PMB Files -> C:\Documents and Settings\All Users\Application Data\PMB Files -> [2010/02/08 16:25:45 | 000,000,000 | ---D | C]
Pando Networks -> C:\Program Files\Pando Networks -> [2010/02/08 16:22:28 | 000,000,000 | ---D | C]
Media Converter for Philips -> C:\Documents and Settings\MARIGZA\My Documents\Media Converter for Philips -> [2010/02/07 12:38:59 | 000,000,000 | ---D | C]
ArcSoft -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\ArcSoft -> [2010/02/07 12:34:51 | 000,000,000 | ---D | C]
ArcSoft -> C:\Documents and Settings\MARIGZA\Application Data\ArcSoft -> [2010/02/07 12:34:42 | 000,000,000 | ---D | C]
ArcSoft -> C:\Documents and Settings\All Users\Application Data\ArcSoft -> [2010/02/07 12:34:30 | 000,000,000 | ---D | C]
unicows.dll -> C:\WINDOWS\System32\unicows.dll -> [2010/02/07 12:34:01 | 000,245,408 | ---- | C] (Microsoft Corporation)
ArcSoft -> C:\Program Files\ArcSoft -> [2010/02/07 12:34:01 | 000,000,000 | ---D | C]
ArcSoft -> C:\Program Files\Common Files\ArcSoft -> [2010/02/07 12:34:00 | 000,000,000 | ---D | C]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [2010/02/07 12:32:26 | 000,000,000 | ---D | C]
Philips -> C:\Program Files\Philips -> [2010/02/07 12:31:03 | 000,000,000 | ---D | C]
IsUninst.exe -> C:\WINDOWS\IsUninst.exe -> [2010/02/01 22:24:35 | 000,306,688 | ---- | C] (InstallShield Software Corporation)
NCP6 -> C:\Program Files\NCP6 -> [2010/02/01 22:21:48 | 000,000,000 | ---D | C]
CFLog -> C:\CFLog -> [2010/01/24 15:51:22 | 000,000,000 | ---D | C]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2010/01/24 15:21:41 | 000,000,000 | ---D | C]
Adobe -> C:\WINDOWS\System32\Adobe -> [2010/01/24 13:44:18 | 000,000,000 | ---D | C]
Cross Fire -> C:\Documents and Settings\MARIGZA\My Documents\Cross Fire -> [2010/01/20 22:00:09 | 000,000,000 | ---D | C]
aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/14 09:31:04 | 000,470,528 | ---- | C] (Microsoft Corporation)
XAudio2_5.dll -> C:\WINDOWS\System32\XAudio2_5.dll -> [2010/01/12 22:42:47 | 000,515,416 | ---- | C] (Microsoft Corporation)
xactengine3_5.dll -> C:\WINDOWS\System32\xactengine3_5.dll -> [2010/01/12 22:42:42 | 000,238,936 | ---- | C] (Microsoft Corporation)
D3DCompiler_42.dll -> C:\WINDOWS\System32\D3DCompiler_42.dll -> [2010/01/12 22:42:36 | 001,974,616 | ---- | C] (Microsoft Corporation)
d3dcsx_42.dll -> C:\WINDOWS\System32\d3dcsx_42.dll -> [2010/01/12 22:42:30 | 005,501,792 | ---- | C] (Microsoft Corporation)
d3dx11_42.dll -> C:\WINDOWS\System32\d3dx11_42.dll -> [2010/01/12 22:42:24 | 000,235,344 | ---- | C] (Microsoft Corporation)
d3dx10_42.dll -> C:\WINDOWS\System32\d3dx10_42.dll -> [2010/01/12 22:42:19 | 000,453,456 | ---- | C] (Microsoft Corporation)
D3DX9_42.dll -> C:\WINDOWS\System32\D3DX9_42.dll -> [2010/01/12 22:42:13 | 001,892,184 | ---- | C] (Microsoft Corporation)
D3DCompiler_41.dll -> C:\WINDOWS\System32\D3DCompiler_41.dll -> [2010/01/12 22:42:07 | 001,846,632 | ---- | C] (Microsoft Corporation)
d3dx10_41.dll -> C:\WINDOWS\System32\d3dx10_41.dll -> [2010/01/12 22:42:07 | 000,453,456 | ---- | C] (Microsoft Corporation)
D3DX9_41.dll -> C:\WINDOWS\System32\D3DX9_41.dll -> [2010/01/12 22:42:01 | 004,178,264 | ---- | C] (Microsoft Corporation)
XAudio2_4.dll -> C:\WINDOWS\System32\XAudio2_4.dll -> [2010/01/12 22:41:55 | 000,517,448 | ---- | C] (Microsoft Corporation)
XAPOFX1_3.dll -> C:\WINDOWS\System32\XAPOFX1_3.dll -> [2010/01/12 22:41:55 | 000,069,464 | ---- | C] (Microsoft Corporation)
xactengine3_4.dll -> C:\WINDOWS\System32\xactengine3_4.dll -> [2010/01/12 22:41:49 | 000,235,352 | ---- | C] (Microsoft Corporation)
X3DAudio1_6.dll -> C:\WINDOWS\System32\X3DAudio1_6.dll -> [2010/01/12 22:41:43 | 000,022,360 | ---- | C] (Microsoft Corporation)
D3DCompiler_40.dll -> C:\WINDOWS\System32\D3DCompiler_40.dll -> [2010/01/12 22:41:37 | 002,036,576 | ---- | C] (Microsoft Corporation)
d3dx10_40.dll -> C:\WINDOWS\System32\d3dx10_40.dll -> [2010/01/12 22:41:37 | 000,452,440 | ---- | C] (Microsoft Corporation)
D3DX9_40.dll -> C:\WINDOWS\System32\D3DX9_40.dll -> [2010/01/12 22:41:31 | 004,379,984 | ---- | C] (Microsoft Corporation)
XAudio2_3.dll -> C:\WINDOWS\System32\XAudio2_3.dll -> [2010/01/12 22:41:25 | 000,514,384 | ---- | C] (Microsoft Corporation)
XAPOFX1_2.dll -> C:\WINDOWS\System32\XAPOFX1_2.dll -> [2010/01/12 22:41:25 | 000,070,992 | ---- | C] (Microsoft Corporation)
xactengine3_3.dll -> C:\WINDOWS\System32\xactengine3_3.dll -> [2010/01/12 22:41:19 | 000,235,856 | ---- | C] (Microsoft Corporation)
X3DAudio1_5.dll -> C:\WINDOWS\System32\X3DAudio1_5.dll -> [2010/01/12 22:41:13 | 000,023,376 | ---- | C] (Microsoft Corporation)
XAudio2_2.dll -> C:\WINDOWS\System32\XAudio2_2.dll -> [2010/01/12 22:41:07 | 000,509,448 | ---- | C] (Microsoft Corporation)
XAPOFX1_1.dll -> C:\WINDOWS\System32\XAPOFX1_1.dll -> [2010/01/12 22:41:07 | 000,068,616 | ---- | C] (Microsoft Corporation)
xactengine3_2.dll -> C:\WINDOWS\System32\xactengine3_2.dll -> [2010/01/12 22:41:01 | 000,238,088 | ---- | C] (Microsoft Corporation)
D3DCompiler_39.dll -> C:\WINDOWS\System32\D3DCompiler_39.dll -> [2010/01/12 22:40:55 | 001,493,528 | ---- | C] (Microsoft Corporation)
d3dx10_39.dll -> C:\WINDOWS\System32\d3dx10_39.dll -> [2010/01/12 22:40:55 | 000,467,984 | ---- | C] (Microsoft Corporation)
D3DX9_39.dll -> C:\WINDOWS\System32\D3DX9_39.dll -> [2010/01/12 22:40:49 | 003,851,784 | ---- | C] (Microsoft Corporation)
XAudio2_1.dll -> C:\WINDOWS\System32\XAudio2_1.dll -> [2010/01/12 22:40:43 | 000,507,400 | ---- | C] (Microsoft Corporation)
XAPOFX1_0.dll -> C:\WINDOWS\System32\XAPOFX1_0.dll -> [2010/01/12 22:40:43 | 000,065,032 | ---- | C] (Microsoft Corporation)
xactengine3_1.dll -> C:\WINDOWS\System32\xactengine3_1.dll -> [2010/01/12 22:40:37 | 000,238,088 | ---- | C] (Microsoft Corporation)
X3DAudio1_4.dll -> C:\WINDOWS\System32\X3DAudio1_4.dll -> [2010/01/12 22:40:31 | 000,025,608 | ---- | C] (Microsoft Corporation)
D3DCompiler_38.dll -> C:\WINDOWS\System32\D3DCompiler_38.dll -> [2010/01/12 22:40:24 | 001,491,992 | ---- | C] (Microsoft Corporation)
d3dx10_38.dll -> C:\WINDOWS\System32\d3dx10_38.dll -> [2010/01/12 22:40:24 | 000,467,984 | ---- | C] (Microsoft Corporation)
D3DX9_38.dll -> C:\WINDOWS\System32\D3DX9_38.dll -> [2010/01/12 22:40:08 | 003,850,760 | ---- | C] (Microsoft Corporation)
Logs -> C:\WINDOWS\Logs -> [2010/01/12 22:30:38 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2010/01/12 13:39:00 | 000,000,000 | ---D | M]
Temp -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\Temp -> [2010/01/12 13:34:58 | 000,000,000 | ---D | C]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2010/01/12 13:34:57 | 000,000,000 | ---D | M]
runic games -> C:\Documents and Settings\MARIGZA\Application Data\runic games -> [2010/01/08 23:21:09 | 000,000,000 | ---D | C]
wrap_oal.dll -> C:\WINDOWS\System32\wrap_oal.dll -> [2010/01/08 23:20:06 | 000,444,952 | ---- | C] (Creative Labs)
OpenAL32.dll -> C:\WINDOWS\System32\OpenAL32.dll -> [2010/01/08 23:20:06 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
OpenAL -> C:\Program Files\OpenAL -> [2010/01/08 23:20:06 | 000,000,000 | ---D | C]
ESET -> C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET -> [2009/06/21 19:23:09 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/05/21 10:16:13 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/05/21 10:14:16 | 000,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/05/21 10:14:16 | 000,000,000 | --SD | M]
Xfire -> C:\Documents and Settings\NetworkService\Application Data\Xfire -> [2009/01/15 12:16:07 | 000,000,000 | ---D | M]
1 C:\Documents and Settings\MARIGZA\*.tmp files -> C:\Documents and Settings\MARIGZA\*.tmp ->

View user profile

26 Re: BDS.small.iuj on Mon Mar 22, 2010 11:39 am

rinmueru


Member
Member
[Files/Folders - Modified Within 90 Days]
NTUSER.DAT -> C:\Documents and Settings\MARIGZA\NTUSER.DAT -> [2010/03/22 23:06:36 | 006,553,600 | -H-- | M] ()
OTS.exe -> C:\Documents and Settings\MARIGZA\Desktop\OTS.exe -> [2010/03/22 23:06:18 | 000,637,440 | ---- | M] (OldTimer Tools)
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/03/22 20:02:56 | 000,000,000 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/22 20:02:52 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/22 20:02:49 | 000,002,048 | --S- | M] ()
ntuser.ini -> C:\Documents and Settings\MARIGZA\ntuser.ini -> [2010/03/22 20:01:41 | 000,000,178 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/22 16:59:46 | 000,000,696 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\MARIGZA\Desktop\mbam-setup.exe -> [2010/03/22 16:52:04 | 005,115,824 | ---- | M] (Malwarebytes Corporation )
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/03/22 16:36:55 | 000,002,206 | ---- | M] ()
mbr.exe -> C:\Documents and Settings\MARIGZA\Desktop\mbr.exe -> [2010/03/21 16:40:12 | 000,077,312 | ---- | M] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\MARIGZA\Desktop\HelpAsst_mebroot_fix.exe -> [2010/03/21 16:14:45 | 000,488,240 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/03/20 12:14:27 | 000,000,246 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/03/20 12:13:26 | 000,000,027 | ---- | M] ()
popcinfot.dat -> C:\WINDOWS\popcinfot.dat -> [2010/03/20 10:38:52 | 000,000,025 | ---- | M] ()
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/03/20 10:07:43 | 000,056,816 | ---- | M] (Avira GmbH)
boot.ini -> C:\boot.ini -> [2010/03/20 09:32:19 | 000,000,281 | RHS- | M] ()
ComboFix.exe -> C:\Documents and Settings\MARIGZA\Desktop\ComboFix.exe -> [2010/03/20 09:11:22 | 003,895,220 | R--- | M] ()
IconCache.db -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\IconCache.db -> [2010/03/19 21:05:45 | 005,370,524 | -H-- | M] ()
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2010/03/15 20:14:24 | 000,054,156 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\MARIGZA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/14 18:23:38 | 000,035,328 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/03/12 18:02:38 | 000,261,632 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010/03/11 22:07:05 | 000,000,069 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2010/03/10 12:15:23 | 000,000,727 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/02/24 21:07:43 | 000,001,374 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/02/24 19:03:44 | 000,001,729 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/20 22:19:49 | 000,000,664 | ---- | M] ()
HsInfo.dat -> C:\WINDOWS\System32\HsInfo.dat -> [2010/02/14 22:53:23 | 000,000,096 | -H-- | M] ()
QTFont.for -> C:\WINDOWS\QTFont.for -> [2010/02/07 12:39:00 | 000,001,409 | ---- | M] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2010/02/07 12:31:03 | 000,000,835 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/01/24 15:21:47 | 000,001,602 | ---- | M] ()
wrap_oal.dll -> C:\WINDOWS\System32\wrap_oal.dll -> [2010/01/08 23:20:06 | 000,444,952 | ---- | M] (Creative Labs)
OpenAL32.dll -> C:\WINDOWS\System32\OpenAL32.dll -> [2010/01/08 23:20:06 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/01/05 18:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation)
urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/01/05 18:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/01/05 18:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/01/05 18:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/01/05 18:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\url.dll -> [2010/01/05 18:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/01/05 18:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/01/05 18:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/01/05 18:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/01/05 18:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/01/05 18:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/01/05 18:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/01/05 18:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/01/05 18:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/01/05 18:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/01/05 18:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/01/05 18:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/01/05 18:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/01/05 18:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/01/05 18:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/01/05 18:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/01/05 18:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/01/05 18:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/01/05 18:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/01/05 18:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/01/05 18:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/01/05 18:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/01/05 18:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/01/05 18:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/01/05 18:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/01/05 18:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/01/05 18:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/01/05 18:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/01/05 18:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/01/05 18:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/01/05 18:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/01/05 18:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/01/05 18:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/01/05 18:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/01/05 18:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/01/05 18:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/01/05 18:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/01/05 18:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/01/05 18:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/01/05 18:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/01/05 18:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/01/05 18:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
html.iec -> C:\WINDOWS\System32\html.iec -> [2009/12/31 23:33:27 | 000,389,120 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/31 23:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/31 23:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2009/12/31 23:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2009/12/31 23:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 23:06:53 | 000,352,640 | ---- | M] (Microsoft Corporation)
1 C:\Documents and Settings\MARIGZA\*.tmp files -> C:\Documents and Settings\MARIGZA\*.tmp ->

[Files - No Company Name]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/22 16:59:46 | 000,000,696 | ---- | C] ()
mbr.exe -> C:\Documents and Settings\MARIGZA\Desktop\mbr.exe -> [2010/03/21 16:40:08 | 000,077,312 | ---- | C] ()
HelpAsst_mebroot_fix.exe -> C:\Documents and Settings\MARIGZA\Desktop\HelpAsst_mebroot_fix.exe -> [2010/03/21 16:14:20 | 000,488,240 | ---- | C] ()
popcinfot.dat -> C:\WINDOWS\popcinfot.dat -> [2010/03/20 10:38:51 | 000,000,025 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/03/20 09:32:18 | 000,000,211 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/03/20 09:32:13 | 000,260,272 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/03/20 09:28:09 | 000,077,312 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/03/20 09:28:08 | 000,261,632 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/03/20 09:28:08 | 000,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/03/20 09:28:08 | 000,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/03/20 09:28:08 | 000,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\MARIGZA\Desktop\ComboFix.exe -> [2010/03/20 09:09:33 | 003,895,220 | R--- | C] ()
HsInfo.dat -> C:\WINDOWS\System32\HsInfo.dat -> [2010/02/14 12:29:13 | 000,000,096 | -H-- | C] ()
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [2010/02/07 12:39:00 | 000,054,156 | -H-- | C] ()
QTFont.for -> C:\WINDOWS\QTFont.for -> [2010/02/07 12:39:00 | 000,001,409 | ---- | C] ()
Philips GoGear VIBE Device Manager.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk -> [2010/02/07 12:31:03 | 000,000,835 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2010/01/24 15:21:47 | 000,001,602 | ---- | C] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/19 09:56:22 | 000,001,729 | ---- | C] ()
CmdLineExt03.dll -> C:\WINDOWS\System32\CmdLineExt03.dll -> [2009/10/12 21:47:22 | 000,043,520 | ---- | C] ()
SIntfNT.dll -> C:\WINDOWS\System32\SIntfNT.dll -> [2009/10/11 14:33:52 | 000,021,840 | ---- | C] ()
SIntf32.dll -> C:\WINDOWS\System32\SIntf32.dll -> [2009/10/11 14:33:52 | 000,017,212 | ---- | C] ()
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [2009/10/11 14:02:06 | 000,034,308 | ---- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/01/15 11:12:32 | 000,717,296 | ---- | C] ()
xfcodec.dll -> C:\WINDOWS\System32\xfcodec.dll -> [2008/12/12 04:37:44 | 000,042,320 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/08/29 22:15:28 | 000,000,069 | ---- | C] ()
Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2008/08/10 17:53:07 | 000,004,711 | ---- | C] ()
PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2008/08/10 09:59:51 | 000,000,097 | ---- | C] ()
CDE C59Asia.ini -> C:\WINDOWS\CDE C59Asia.ini -> [2008/08/10 09:55:45 | 000,000,025 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2008/08/08 04:14:12 | 001,662,976 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2008/08/08 04:14:12 | 001,470,464 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2008/08/08 04:14:12 | 001,019,904 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2008/08/08 04:14:12 | 000,466,944 | ---- | C] ()
vuins32.dll -> C:\WINDOWS\System32\vuins32.dll -> [2008/08/08 04:09:48 | 000,061,440 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/08/08 03:29:35 | 000,000,376 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2008/08/07 20:47:13 | 000,286,720 | ---- | C] ()
nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2008/08/07 20:47:07 | 000,086,016 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2008/08/07 20:47:06 | 000,573,440 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2008/08/07 20:39:57 | 000,143,360 | R--- | C] ()
ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2008/08/07 20:34:17 | 000,010,288 | ---- | C] ()
epfwtdir.sys -> C:\WINDOWS\System32\drivers\epfwtdir.sys -> [2007/12/21 08:21:56 | 000,033,800 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2006/01/13 10:02:21 | 000,180,224 | ---- | C] ()
ogg.dll -> C:\WINDOWS\System32\ogg.dll -> [2006/01/13 09:55:02 | 000,061,440 | ---- | C] ()
CopyToSendTo.dll -> C:\WINDOWS\System32\CopyToSendTo.dll -> [2006/01/13 09:52:59 | 000,061,440 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2006/01/13 09:52:17 | 000,745,472 | ---- | C] ()
vorbis.dll -> C:\WINDOWS\System32\vorbis.dll -> [2006/01/13 09:40:44 | 001,163,264 | ---- | C] ()
vorbisenc.dll -> C:\WINDOWS\System32\vorbisenc.dll -> [2006/01/13 09:40:28 | 001,040,384 | ---- | C] ()
vorbisfile.dll -> C:\WINDOWS\System32\vorbisfile.dll -> [2006/01/13 09:39:33 | 000,077,824 | ---- | C] ()
HMTCD.dll -> C:\WINDOWS\System32\HMTCD.dll -> [2006/01/13 09:38:40 | 000,394,240 | ---- | C] ()
OggDS.dll -> C:\WINDOWS\System32\OggDS.dll -> [2006/01/13 09:33:47 | 000,237,568 | ---- | C] ()
OEMinfo.ini -> C:\WINDOWS\System32\OEMinfo.ini -> [2006/01/13 09:33:47 | 000,000,609 | ---- | C] ()

[File - Lop Check]
Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 -> [2009/05/21 10:16:28 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/01/15 11:31:40 | 000,000,000 | ---D | M]
ESET -> C:\Documents and Settings\All Users\Application Data\ESET -> [2009/06/21 19:03:52 | 000,000,000 | ---D | M]
NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2009/03/07 01:43:36 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2008/08/10 18:28:30 | 000,000,000 | ---D | M]
PMB Files -> C:\Documents and Settings\All Users\Application Data\PMB Files -> [2010/02/14 09:22:33 | 000,000,000 | ---D | M]
PopCap Games -> C:\Documents and Settings\All Users\Application Data\PopCap Games -> [2010/03/20 10:21:37 | 000,000,000 | ---D | M]
SpeedBit -> C:\Documents and Settings\All Users\Application Data\SpeedBit -> [2008/08/11 00:36:01 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2010/03/22 23:12:05 | 000,000,000 | ---D | M]
UDL -> C:\Documents and Settings\All Users\Application Data\UDL -> [2008/08/10 10:02:18 | 000,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2010/03/01 20:33:07 | 000,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\MARIGZA\Application Data\BitTorrent -> [2010/01/21 15:54:30 | 000,000,000 | ---D | M]
Camfrog -> C:\Documents and Settings\MARIGZA\Application Data\Camfrog -> [2009/04/26 00:10:34 | 000,000,000 | ---D | M]
Command & Conquer 3 Tiberium Wars -> C:\Documents and Settings\MARIGZA\Application Data\Command & Conquer 3 Tiberium Wars -> [2009/06/05 21:52:53 | 000,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\MARIGZA\Application Data\DAEMON Tools -> [2009/01/15 11:33:13 | 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Documents and Settings\MARIGZA\Application Data\DAEMON Tools Lite -> [2009/01/15 11:34:09 | 000,000,000 | ---D | M]
DAEMON Tools Pro -> C:\Documents and Settings\MARIGZA\Application Data\DAEMON Tools Pro -> [2009/01/15 11:33:13 | 000,000,000 | ---D | M]
DNA -> C:\Documents and Settings\MARIGZA\Application Data\DNA -> [2010/03/22 23:13:19 | 000,000,000 | ---D | M]
EPSON -> C:\Documents and Settings\MARIGZA\Application Data\EPSON -> [2008/08/10 10:06:22 | 000,000,000 | ---D | M]
Facebook -> C:\Documents and Settings\MARIGZA\Application Data\Facebook -> [2010/03/18 13:34:54 | 000,000,000 | ---D | M]
Focus Mp3 Recorder -> C:\Documents and Settings\MARIGZA\Application Data\Focus Mp3 Recorder -> [2009/03/07 02:17:12 | 000,000,000 | ---D | M]
LimeWire -> C:\Documents and Settings\MARIGZA\Application Data\LimeWire -> [2010/03/07 07:58:33 | 000,000,000 | ---D | M]
My Games -> C:\Documents and Settings\MARIGZA\Application Data\My Games -> [2009/02/21 23:51:31 | 000,000,000 | ---D | M]
NCH Swift Sound -> C:\Documents and Settings\MARIGZA\Application Data\NCH Swift Sound -> [2009/03/07 02:08:26 | 000,000,000 | ---D | M]
Opera -> C:\Documents and Settings\MARIGZA\Application Data\Opera -> [2009/02/15 10:31:29 | 000,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\MARIGZA\Application Data\PlayFirst -> [2008/08/10 18:28:30 | 000,000,000 | ---D | M]
runic games -> C:\Documents and Settings\MARIGZA\Application Data\runic games -> [2010/01/08 23:21:09 | 000,000,000 | ---D | M]
SPORE -> C:\Documents and Settings\MARIGZA\Application Data\SPORE -> [2008/10/18 13:37:37 | 000,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\MARIGZA\Application Data\Uniblue -> [2008/08/10 20:53:34 | 000,000,000 | ---D | M]

[File - Purity Scan]


[Alternate Data Streams]
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
[/code]

phew! Shocked

View user profile

27 Re: BDS.small.iuj on Mon Mar 22, 2010 7:26 pm

DragonMaster Jay


Site Owner
Site Owner
Let's redo this.

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

28 Re: BDS.small.iuj on Tue Mar 23, 2010 4:52 am

rinmueru


Member
Member
Sir Jay,

I have successfully downloaded DDS as you told me, and two log popped out after the scan and it said that u should attach the one of the logs as a zip file.

The problem is i don't know exactly how to zip a file and attach it in a forum post. I only know how to extract zip files. Can you teach me how? Sorry if asked you such a noobish question...

View user profile

29 Re: BDS.small.iuj on Tue Mar 23, 2010 1:08 pm

DragonMaster Jay


Site Owner
Site Owner
You don't have to attach. Not possible. Just post the contents of both of them.


..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here
View user profile

30 Re: BDS.small.iuj on Tue Mar 23, 2010 1:16 pm

rinmueru


Member
Member
Haha ok then.. Here are the logs..


DDS (Ver_10-03-17.01) - NTFSx86
Run by MARIGZA at 16:37:52.85 on Tue 03/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.148 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\MARIGZA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: SrchHook Class: {f4f10c1d-87c7-404a-b4b3-000000000000} - c:\progra~1\dap\SBSearch.dll
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SkyTel] SkyTel.EXE
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marigza\applic~1\mozilla\firefox\profiles\gur2u64u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\marigza\application data\mozilla\firefox\profiles\gur2u64u.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\marigza\application data\mozilla\firefox\profiles\gur2u64u.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\marigza\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\marigza\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\marigza\application data\mozilla\firefox\profiles\gur2u64u.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\marigza\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\marigza\local settings\application data\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-8-7 11264]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-20 11608]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-18 56816]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
S2 cyzwe;Boot Network;c:\windows\system32\svchost.exe -k netsvcs [2006-1-13 14336]
S2 jiggqys;Boot Time;c:\windows\system32\svchost.exe -k netsvcs [2006-1-13 14336]
S2 khvlat;Network Image;c:\windows\system32\svchost.exe -k netsvcs [2006-1-13 14336]
S2 kpeoehigv;Driver Server;c:\windows\system32\svchost.exe -k netsvcs [2006-1-13 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\d:\program files\rohan bot\rohanbotph1.0.4c\ntprocdrv.sys --> d:\program files\rohan bot\rohanbotph1.0.4c\NtProcDrv.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\xdva326.sys --> c:\windows\system32\XDva326.sys [?]
S3 XDva332;XDva332;\??\c:\windows\system32\xdva332.sys --> c:\windows\system32\XDva332.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]

=============== Created Last 30 ================

2010-03-22 08:59:50 0 d-----w- c:\docume~1\marigza\applic~1\Malwarebytes
2010-03-22 08:59:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 08:59:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-22 08:59:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 08:59:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 02:38:51 25 ----a-w- c:\windows\popcinfot.dat
2010-03-20 02:21:37 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-03-20 01:32:08 0 d-sha-r- C:\cmdcons
2010-03-20 01:28:09 77312 ----a-w- c:\windows\MBR.exe
2010-03-20 01:28:08 98816 ----a-w- c:\windows\sed.exe
2010-03-20 01:28:08 261632 ----a-w- c:\windows\PEV.exe
2010-03-20 01:28:08 161792 ----a-w- c:\windows\SWREG.exe
2010-03-19 16:19:38 0 d-----w- c:\program files\Avira
2010-03-19 16:19:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-03-19 15:11:45 0 d-----w- C:\_OTL
2010-03-18 18:49:54 1033728 ----a-w- c:\windows\explorer.exe
2010-03-18 13:41:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-10 04:27:50 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-01-08 15:20:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-08 15:20:06 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-31 15:06:53 352640 ------w- c:\windows\system32\dllcache\srv.sys

============= FINISH: 16:38:27.95 ===============

View user profile

View previous topic View next topic Back to top  Message [Page 2 of 3]

Goto page : Previous  1, 2, 3  Next

Cheetah-Fast Antivirus Forum (formerly The Ultimate Geek TaskForce!) » Malware/Threat Removal » BDS.small.iuj

Permissions in this forum:
You cannot reply to topics in this forum