Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2909.1975 [GMT 8:00]
Running from: c:\users\kambeng busuk\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\UNWISE.EXE
.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.
2010-09-19 03:34 . 2010-09-19 03:34 -------- d-----w- c:\users\kambeng busuk\AppData\Local\temp
2010-09-19 03:34 . 2010-09-19 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 09:43 . 2010-09-01 07:52 66112 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper_3004.dll
2010-09-18 09:43 . 2010-09-01 07:52 35136 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-18 09:43 . 2010-09-01 07:52 328080 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe
2010-09-18 09:43 . 2010-09-01 07:52 32032 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-17 22:54 . 2010-09-17 22:54 -------- d-----w- c:\program files\MSXML 4.0
2010-09-17 22:53 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\wsbl.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_white.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\ph_black.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-09-17 22:36 . 2010-09-17 22:36 0 ----a-w- c:\windows\system32\pcwords.dat
2010-09-13 08:11 . 2010-09-18 14:17 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\BitDefender
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- C:\Binaries
2010-09-13 00:06 . 2010-09-13 00:10 -------- d-----w- c:\programdata\BitDefender
2010-09-13 00:06 . 2010-09-13 00:06 -------- d-----w- c:\program files\BitDefender
2010-09-13 00:04 . 2010-09-13 00:04 -------- d-----w- c:\windows\system32\URTTEMP
2010-09-13 00:04 . 2010-09-13 00:06 -------- d-----w- c:\program files\Common Files\BitDefender
2010-09-12 14:49 . 2010-09-12 14:49 -------- d-----w- c:\users\kambeng busuk\AppData\Local\ElevatedDiagnostics
2010-09-12 14:44 . 2007-08-08 04:07 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-09-12 14:44 . 2007-08-08 04:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-09-12 14:43 . 2010-09-12 14:43 -------- d-----w- c:\program files\Huawei technologies
2010-09-12 14:43 . 2010-09-12 14:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-05 01:39 . 2010-09-05 01:40 1212416 ----a-w- c:\windows\system32\ActivaCOM.dll
2010-09-05 01:39 . 2008-04-27 20:06 192000 ----a-w- c:\windows\system32\Patch(symbianzone.co.cc).exe
2010-09-05 01:39 . 2007-08-26 12:23 1602456 ----a-w- c:\windows\system32\SWFScout.dll
2010-09-05 01:39 . 2007-03-08 14:39 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2010-09-04 09:16 . 2010-09-05 07:07 -------- d-----w- c:\program files\All-into-One Flash Mixer
2010-09-03 04:56 . 2010-09-03 04:56 -------- d-----w- c:\programdata\KONAMI
2010-09-03 04:56 . 2010-09-03 04:56 -------- d-----w- c:\program files\KONAMI
2010-09-02 07:12 . 2010-09-02 07:12 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-30 18:41 . 2010-08-30 18:41 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-30 18:41 . 2010-08-30 18:41 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-30 12:03 . 2010-08-30 12:03 -------- d-----w- c:\programdata\Apple Computer
2010-08-30 12:01 . 2010-08-30 12:01 -------- d-----w- c:\program files\Common Files\Apple
2010-08-30 11:42 . 2010-08-30 11:42 -------- d-----w- c:\users\kambeng busuk\AppData\Local\CAPCOM
2010-08-30 11:08 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-08-30 11:08 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-08-30 11:08 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-08-30 11:08 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-08-30 11:08 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-08-30 11:08 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-08-30 11:07 . 2010-08-30 11:08 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-08-30 11:07 . 2010-08-30 11:07 -------- d-----w- c:\windows\system32\xlive
2010-08-25 19:24 . 2010-08-25 19:38 30332270 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Xilisoft\Video Converter Ultimate 6\x-video-converter-ultimate6.exe
2010-08-25 19:18 . 2010-08-25 19:18 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Xilisoft
2010-08-25 18:57 . 2010-08-25 19:17 -------- d-----w- c:\program files\Xilisoft
2010-08-25 18:12 . 2010-08-25 18:12 -------- d-----w- c:\program files\Common Files\xing shared
2010-08-25 14:05 . 2010-08-25 14:05 10134 ----a-r- c:\users\kambeng busuk\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-08-25 14:05 . 2010-08-25 14:05 -------- d-----w- c:\program files\My Company Name
2010-08-25 14:05 . 2010-08-25 14:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-25 13:13 . 2010-08-25 16:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-25 13:10 . 2010-08-25 13:10 -------- d-----w- c:\program files\Adobe Media Player
2010-08-25 13:09 . 2010-08-25 13:09 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-25 13:09 . 2010-08-25 13:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 23:29 . 2010-08-23 23:29 -------- d-----w- c:\users\kambeng busuk\AppData\Local\Conduit
2010-08-23 23:28 . 2010-06-08 03:28 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-08-23 23:28 . 2010-06-08 03:28 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-08-23 22:54 . 2010-08-23 22:57 -------- d-----w- c:\programdata\AutoHideIP
2010-08-23 22:54 . 2010-08-23 22:54 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\AutoHideIP
2010-08-22 18:05 . 2010-08-18 09:11 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\FFExternalAlert.dll
2010-08-22 18:05 . 2010-08-18 09:11 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\components\RadioWMPCore.dll
2010-08-22 18:05 . 2010-08-18 09:09 52224 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
2010-08-22 18:05 . 2010-08-18 09:09 101376 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 03:22 . 2010-04-27 07:43 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\IDM
2010-09-19 03:04 . 2010-04-27 07:43 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\DMCache
2010-09-13 01:37 . 2010-04-27 04:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-12 23:59 . 2010-04-27 00:30 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-12 14:43 . 2010-06-22 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-07 11:53 . 2010-07-30 20:16 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\vlc
2010-09-04 05:41 . 2010-04-27 13:10 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-30 12:03 . 2010-04-27 10:21 -------- d-----w- c:\program files\QuickTime
2010-08-25 18:13 . 2010-04-27 03:49 -------- d-----w- c:\program files\Common Files\Real
2010-08-25 16:56 . 2010-04-27 02:32 109800 ----a-w- c:\users\kambeng busuk\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 13:09 . 2010-05-22 10:22 38784 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-24 11:42 . 2010-04-27 02:36 -------- d-----w- c:\programdata\Microsoft Help
2010-08-24 09:35 . 2010-04-27 09:21 -------- d-----w- c:\program files\Common Files\Stardock
2010-08-24 09:35 . 2010-06-07 00:28 -------- d-----w- c:\program files\7-Zip
2010-08-24 03:29 . 2010-06-29 12:12 -------- d-----w- c:\program files\CONEXANT
2010-08-24 03:27 . 2010-04-27 05:18 -------- d-----w- c:\program files\Folder Lock 6
2010-08-24 03:27 . 2010-08-09 00:51 -------- d-----w- c:\program files\Winamp
2010-08-24 03:27 . 2010-07-02 03:42 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-24 03:27 . 2010-06-10 23:12 -------- d-----w- c:\program files\JDownloader
2010-08-24 03:27 . 2010-08-09 21:16 -------- d-----w- c:\program files\Google
2010-08-21 18:50 . 2010-06-06 22:37 -------- d-----w- c:\program files\Minilyrics
2010-08-14 17:38 . 2010-04-27 04:24 -------- d-----w- c:\programdata\FLEXnet
2010-08-11 21:15 . 2010-05-30 09:45 -------- d-----w- c:\program files\Flash Movie Player
2010-08-09 00:57 . 2010-08-09 00:51 -------- d-----w- c:\users\kambeng busuk\AppData\Roaming\Winamp
2010-08-09 00:53 . 2010-08-09 00:53 -------- d-----w- c:\program files\Winamp Toolbar
2010-08-09 00:53 . 2010-08-09 00:53 -------- d-----w- c:\programdata\Winamp Toolbar
2010-07-31 20:16 . 2010-07-31 20:16 657217 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2010-07-31 19:48 . 2010-07-31 19:48 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2010-07-31 19:48 . 2010-07-31 19:48 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2010-07-31 19:48 . 2010-07-31 19:48 -------- d-----w- c:\program files\OpenAL
2010-07-31 11:24 . 2010-07-31 11:24 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-07-31 11:24 . 2010-07-31 11:24 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-07-31 11:24 . 2010-07-31 11:24 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-07-31 11:24 . 2010-07-31 11:24 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-07-31 11:24 . 2010-07-31 11:24 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-07-31 11:24 . 2010-07-31 11:24 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-07-31 11:24 . 2010-07-31 11:24 -------- d-----w- c:\programdata\NexonEU
2010-07-29 06:30 . 2010-08-11 11:06 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 11:06 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 15:36 . 2010-07-28 15:36 180224 ----a-w- c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
2010-07-06 04:31 . 2010-07-06 04:31 2944904 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-30 06:25 . 2010-08-11 11:06 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 00:37 . 2010-06-19 17:31 12212040 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-23 00:37 . 2010-06-19 17:31 13930312 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-23 00:37 . 2010-06-19 17:31 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-23 00:37 . 2010-06-19 17:31 61440 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-23 00:37 . 2010-06-19 17:31 58880 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-23 00:37 . 2010-06-19 17:31 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-22 02:47 . 2010-08-11 11:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 11:06 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 11:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-01 20:30 . 2010-06-01 20:06 615 ----a-w- c:\program files\New folder.lnk
2009-10-19 10:59 . 2010-09-13 00:10 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 09:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-31 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-31 169496]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-22 1118144]
c:\users\kambeng busuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-27 3450608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-24 2684256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 09:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-08-19 01:27 5137648 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2010-05-28 05:46 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 13:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\kambeng busuk\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 02:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-09 21:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-25 18:12 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-27 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2009-10-19 79368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2009-11-10 152456]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2405280
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\idmmbc.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/file ... vpnweb.cab
FF - ProfilePath - c:\users\kambeng busuk\AppData\Roaming\Mozilla\Firefox\Profiles\77sqaoqp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24052 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\kambeng busuk\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
Toolbar-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\Brothersoft\tbBro1.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - c:\program files\Brothersoft\tbBro1.dll
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-cAudioFilterAgent - c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
HKLM-Run-Camera Assistant Software - c:\program files\Camera Assistant Software for Toshiba\traybar.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-StormCodec_Helper - c:\program files\Ringz Studio\Storm Codec\StormSet.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-0B753AE04CCFC1E067940973C1BEDEEE62CADDC9 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-504244733D18C8F63FF584AEB290E3904E791693 - c:\progra~1\DIFX\B4723E9A0713E5B1\dpinst.exe
AddRemove-6CD143D10D52B656CB6E8E90D7932A476DA16F6A - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-7-Zip - c:\program files\7-Zip\Uninstall.exe
AddRemove-84BA15BD1DFEAA8A233F801B29BDC48DEE17B71F - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
AddRemove-9CD348AE9C64C4B939B624E8E24F3903EFDFC82B - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Brothersoft Toolbar - c:\progra~1\BROTHE~1\UNWISE.EXE
AddRemove-C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-cAudioFilterAgent - c:\program files\CONEXANT\cAudioFilterAgent\SETUP.EXE
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
AddRemove-SmartAudio - c:\program files\Conexant\SmartAudio\SETUP.EXE
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{052bfeb4-07c6-42dd-b556-44a4e6f4f0d2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000095
"Therad"=dword:00000022
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,68,65,b2,30,91,64,71,96,7a,c1,e8,64,a5,60,2c,06,dd,db,4f,80,65,4c,\
[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9c,41,ef,35,53,47,61,17,38,f7,3f,a6,9a,c9,fb,9e,e4,ad,b8,b0,f2,
60,dc,09,f1,48,c4,09,af,57,b2,00,e1,44,e2,d9,64,15,38,7a,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ce,4c,ed,83,29,c7,71,86,5c,0c,7f,c1,0f,78,50,5f,c3,08,a6,f0,ae,
d6,ac,ee,58,bc,da,b2,8e,03,a1,71,04,2e,aa,5a,b2,ea,a0,6c,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2301115776-1775670167-4112141697-1000_Classes\CLSID\{8ca23c4c-01b6-48f6-aac4-4fb991c2b741}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c7
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-19 11:36:45
ComboFix-quarantined-files.txt 2010-09-19 03:36
Pre-Run: 92,183,605,248 bytes free
Post-Run: 92,115,181,568 bytes free
- - End Of File - - BDC9475A98462DDF355FF4ED45377760