ComboFix 10-10-05.01 - sey administrator 10/05/2010 20:40:49.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.95 [GMT -4:00]
Running from: c:\documents and settings\sey administrator\Desktop\Commy.exe
Command switches used :: c:\documents and settings\sey administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sey administrator\Application Data\Lumy
c:\documents and settings\sey administrator\Application Data\Lumy\yssy.oqs
c:\documents and settings\sey administrator\Application Data\Lumy\yssy.tmp
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\ExplorerSrv.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.
2010-10-06 02:06 . 2010-10-06 02:06 41984 ----a-w- c:\windows\system32\rundll32Srv.exe
2010-10-02 15:15 . 2010-10-05 21:43 -------- d-----w- c:\documents and settings\sey administrator\Application Data\skypePM
2010-10-02 04:07 . 2010-10-02 04:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-10-02 04:06 . 2010-10-02 04:07 -------- d-----w- c:\documents and settings\Freddex\Application Data\skypePM
2010-10-02 04:04 . 2010-10-02 04:04 -------- d-----w- c:\program files\Common Files\Skype
2010-10-02 04:04 . 2010-10-02 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-01 01:52 . 2010-10-01 02:23 -------- d-----w- C:\Commy10898C
2010-09-29 22:11 . 2010-09-29 22:11 388096 ----a-r- c:\documents and settings\sey administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 04:28 . 2010-09-29 05:01 -------- d-----w- C:\Commy2756C
2010-09-29 04:26 . 2010-09-29 04:54 229376 ----a-w- c:\documents and settings\sey administrator\Application Data\Fako\anuq.exe
2010-09-29 04:26 . 2010-09-29 04:26 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Fako
2010-09-29 04:26 . 2010-10-03 16:06 -------- d-----w- c:\program files\temp
2010-09-29 02:20 . 2010-09-29 02:20 -------- d--h--w- c:\windows\PIF
2010-09-27 02:42 . 2010-09-27 03:23 -------- d-----w- C:\Commy9393C
2010-09-26 00:31 . 2010-09-26 00:32 -------- d-----w- c:\program files\7-Zip
2010-09-25 23:54 . 2010-09-26 00:09 -------- d-----w- C:\RootRepeal
2010-09-25 22:36 . 2010-09-25 23:32 -------- d-----w- C:\Commy18057C
2010-09-25 16:09 . 2010-09-25 16:09 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Ashampoo
2010-09-25 16:07 . 2010-09-25 16:07 -------- d-----w- c:\documents and settings\sey administrator\Local Settings\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07 -------- d-----w- c:\program files\Ashampoo
2010-09-21 04:26 . 2010-09-21 05:11 -------- d-----w- C:\Commy
2010-09-18 06:16 . 2010-09-18 06:16 -------- d-----w- c:\documents and settings\sey administrator\Application Data\AVG9
2010-09-16 17:03 . 2010-09-16 17:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-16 05:52 . 2010-09-16 05:52 -------- d-----w- c:\program files\Trend Micro
2010-09-16 04:44 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 18:04 . 2010-09-15 18:04 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Malwarebytes
2010-09-15 18:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:03 . 2010-09-15 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 18:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 18:02 . 2010-09-15 18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 04:49 . 2010-09-15 04:49 -------- d-----w- c:\documents and settings\Freddex\Application Data\PCToolsFirewallPlus
2010-09-14 16:25 . 2010-09-20 20:40 95744 ----a-w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 16:25 . 2010-09-20 20:40 161280 ----a-w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 16:24 . 2010-09-14 16:24 -------- d-----w- c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com
2010-09-14 16:20 . 2010-09-14 16:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-14 15:58 . 2010-09-14 15:58 -------- d-----w- c:\program files\CCleaner
2010-09-14 15:45 . 2010-09-14 15:46 -------- d-----w- c:\documents and settings\sey administrator\Application Data\PCToolsFirewallPlus
2010-09-14 15:41 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-14 15:41 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-14 15:41 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-14 15:40 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-14 15:40 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-09-14 15:40 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-14 15:40 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-09-14 15:40 . 2010-09-23 01:11 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-09-11 21:36 . 2010-09-11 21:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-11 21:22 . 2010-09-21 02:45 120 ----a-w- c:\windows\Qwavifetahefozu.dat
2010-09-11 21:16 . 2010-09-13 17:46 -------- d-----w- c:\documents and settings\Freddex\Application Data\C48C287A5F27A887A3E6CDBB287BDE57
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 02:09 . 2010-05-29 21:46 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Skype
2010-10-06 02:07 . 2010-01-05 23:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-06 00:53 . 2010-01-01 16:11 -------- d-----w- c:\program files\Microsoft
2010-10-06 00:40 . 2010-02-21 18:58 -------- d-----w- c:\program files\QuickTime
2010-10-06 00:40 . 2001-09-19 06:51 -------- d-----w- c:\program files\Microsoft Works
2010-10-06 00:21 . 2010-02-20 17:18 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Ziikuh
2010-10-05 21:47 . 2010-01-01 16:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-02 04:44 . 2010-04-18 15:57 -------- d-----w- c:\documents and settings\Freddex\Application Data\Skype
2010-10-02 04:05 . 2010-04-18 15:56 -------- d-----r- c:\program files\Skype
2010-10-01 02:27 . 2006-06-26 08:27 229376 ----a-w- c:\documents and settings\sey administrator\Application Data\Ysulne\emxy.exe
2010-10-01 02:14 . 2006-01-05 19:52 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Zyinl
2010-10-01 02:06 . 2008-08-28 05:11 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Zagy
2010-09-29 04:51 . 2006-02-01 21:03 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Ossiv
2010-09-27 22:48 . 2010-07-17 10:38 -------- d-----w- c:\documents and settings\Freddex\Application Data\Ihduy
2010-09-27 03:15 . 2005-08-30 02:56 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Mewao
2010-09-27 01:48 . 2008-04-21 16:55 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Hykapo
2010-09-25 22:29 . 2008-12-03 12:31 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Efpea
2010-09-24 00:22 . 2010-08-18 15:27 -------- d-----w- c:\documents and settings\Freddex\Application Data\Uwdie
2010-09-23 23:47 . 2009-11-10 22:50 -------- d-----w- c:\documents and settings\sey administrator\Application Data\Gymu
2010-09-20 20:40 . 2010-03-31 20:32 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll
2010-09-20 20:40 . 2010-05-28 16:56 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll
2010-09-20 20:39 . 2010-08-09 00:56 393216 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll
2010-09-20 20:30 . 2010-03-23 23:46 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll
2010-09-20 20:30 . 2010-05-25 23:18 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll
2010-09-20 20:29 . 2010-08-03 02:18 393216 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll
2010-09-16 16:29 . 2010-03-23 22:54 -------- d-----w- c:\program files\DivX
2010-09-16 16:29 . 2010-02-21 21:01 -------- d-----w- c:\program files\LimeWire Music
2010-09-16 05:54 . 2010-09-04 18:13 -------- d-----w- c:\program files\Filezilla 3.3.2.1
2010-09-16 04:44 . 2010-03-23 23:42 -------- d-----w- c:\program files\Java
2010-09-14 15:41 . 2010-01-05 23:15 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-14 15:04 . 2010-02-21 21:02 -------- d-----w- c:\program files\ToggleEN
2010-09-14 14:02 . 2010-09-13 15:55 112 ----a-w- c:\documents and settings\All Users\Application Data\r5NCJ5GrW.dat
2010-09-11 20:32 . 2010-04-14 21:49 -------- d-----w- c:\documents and settings\Freddex\Application Data\uTorrent
2010-09-11 16:49 . 2010-07-01 19:46 -------- d-----w- c:\documents and settings\Freddex\Application Data\LimeWire Music
2010-09-04 22:37 . 2010-09-04 18:14 -------- d-----w- c:\documents and settings\Freddex\Application Data\FileZilla
2010-08-31 02:30 . 2010-02-21 21:01 -------- d-----w- c:\program files\Download_Energy
2010-08-31 00:39 . 2010-08-31 00:39 -------- d-----w- c:\documents and settings\sey administrator\Application Data\IObit
2010-08-14 16:09 . 2010-03-23 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-11 13:18 . 2010-01-05 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-09 00:56 . 2010-08-09 00:56 503808 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcp71.dll
2010-08-09 00:56 . 2010-08-09 00:56 499712 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\jmc.dll
2010-08-09 00:56 . 2010-08-09 00:56 61440 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-sse.dll
2010-08-09 00:56 . 2010-08-09 00:56 12800 ----a-w- c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-d3d.dll
2010-08-03 02:18 . 2010-08-03 02:18 503808 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcp71.dll
2010-08-03 02:18 . 2010-08-03 02:18 499712 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\jmc.dll
2010-08-03 02:18 . 2010-08-03 02:18 61440 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-sse.dll
2010-08-03 02:18 . 2010-08-03 02:18 12800 ----a-w- c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-d3d.dll
2010-07-16 13:30 . 2010-01-05 23:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:30 . 2010-07-16 13:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:29 . 2010-01-05 23:49 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 13:28 . 2010-01-05 23:49 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
<pre>
c:\program files\Skype\Phone\Skype .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-09-21 03:45 2735200 ----a-w- c:\program files\Download_Energy\tbDow1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2010-09-20 176128]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE" [2002-12-25 75776]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Freddex\Start Menu\Programs\Startup\
idlato.exe [2010-10-5 230400]
pypa.exe [2010-9-30 229376]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
faopew.exe [2010-9-30 229376]
peyw.exe [2010-10-5 230400]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
fyfuk.exe [2010-10-5 230400]
maqa.exe [2010-9-30 229376]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-21 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire Music\\LimeWire Music.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/5/2010 7:49 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/5/2010 7:49 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 7:49 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 7:49 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2010 11:41 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/14/2010 11:41 AM 88040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/5/2010 7:49 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/5/2010 7:48 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 7:48 PM 26192]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/14/2010 11:40 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/14/2010 11:40 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/14/2010 11:40 AM 115216]
R3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\spixnew.sys [1/21/2010 6:10 PM 95528]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-10-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-14 18:11]
2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]
2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]
2004-09-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
2004-09-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00001f40
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"sllauncher.exe"=dword:00000000
"PresentationHost.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
@DACL=(02 0000)
"msfeedssync.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000004
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
@DACL=(02 0000)
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
@DACL=(02 0000)
"communicator.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
@DACL=(02 0000)
"iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{E2E03A56-F650-49AD-9458-84AC5A26824B}\00Tcpip\\Parameters\\Interfaces\\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}\00Tcpip\\Parameters\\Interfaces\\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}\00Tcpip\\Parameters\\Interfaces\\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}\00\00"
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:56,3a,e0,e2,50,f6,ad,49,94,58,84,ac,5a,26,82,4b,6b,83,1e,9d,
a1,dd,f1,48,82,5d,3b,e1,4b,2c,29,0c,4e,a5,15,92,aa,3e,c2,4d,8e,fe,47,31,c2,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AA05CFB-0DDF-48E4-ABE8-1E78BE894167}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ADA907D-9145-41B7-BD1B-0B8078EF8185}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22DC89FD-1B4F-4DDE-97E1-D2BF70D78AF0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2F865EAA-DF52-4F83-B627-C01FA56AB1B5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C6A114E-ACC8-482C-A644-165006071E4F}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4029ED28-634C-4F6D-91DD-90355FC3614B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D0EE19D-53FB-42ED-929E-2CAD8D4DA3A2}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{56A4F766-5440-49EE-96D3-D509BA7BE4E9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B98C0D8-F928-4D49-9882-4DFE65D95C61}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{865C35FD-C16A-4B32-B547-8928CE953669}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E76D28B-D819-435F-9D94-8F0EC4038520}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93DFA675-845C-4FB9-B057-A889D11F364B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"DhcpClassIdBin"=hex:
"RegisterAdapterName"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000003\00\00"
"DhcpClassIdBin"=hex:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CEF18169-172E-4CC6-A23C-81EEA649ABCA}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D42BF3B8-5D36-47B6-AA88-2A5C0A88AFF6}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E2E03A56-F650-49AD-9458-84AC5A26824B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E80F28B8-41F7-45E5-B224-BA02FA2B150E}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB685907-EFEF-49BC-836B-43B28D8A9E73}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2661AF6-B3C2-4CB3-BEF6-D0571C34617B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF2BE8C5-F6C8-4DEE-9C06-8F61850569D8}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\AVG\AVG9\avgfws9.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-10-05 22:15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 02:15
ComboFix2.txt 2010-10-01 02:23
ComboFix3.txt 2010-09-29 05:01
ComboFix4.txt 2010-09-27 03:23
ComboFix5.txt 2010-10-06 00:37
Pre-Run: 11,402,022,912 bytes free
Post-Run: 11,632,758,784 bytes free
- - End Of File - - 619F50C83D2A9F7C2B5AE1C7818831C3