Jump to content

electr1cian

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by electr1cian

  1. electr1cian
    So took the machine out for spin and never saw the rootkit warning again. I did however receive a few outgoing attempt warnings. Awaitng your next instrtuction. Guess I never mentioned I went the avast antivirus.
  2. electr1cian
    04/15/2012 12:46 Scan of all local drives File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir is infected by Win32:Aluroot-B [Rtk], Moved to chest File C:\Qoobox\Quarantine\C\WINDOWS\system32\partmgr.dll.vir is infected by Win32:Sirefef-SM [Trj], Moved to chest File C:\Qoobox\Quarantine\C\WINDOWS\system32\SPFDRV.dll.vir is infected by Win32:Sirefef-SM [Trj], Moved to chest File C:\Qoobox\Quarantine\C\WINDOWS\system32\USB3Sw32.dll.vir is infected by Win32:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP89\change.log.2 is infected by Win32:Agent-ANSR [PUP], Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP89\change.log.3 is infected by Win32:Agent-ANSR [PUP], Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP91\change.log.2 is infected by Win32:Agent-ANSR [PUP], Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP91\change.log.3 is infected by Win32:Agent-ANSR [PUP], Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068815.sys is infected by Win32:Sirefef-PL [Rtk], Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068854.exe is infected by Win32:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068855.cl is infected by Unix:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068856.exe is infected by Win32:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068857.exe is infected by Win32:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068858.cl is infected by Unix:Malware-gen, Moved to chest File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068865.exe is infected by Win32:Agent-ANSR [PUP], Moved to chest Number of searched folders: 7651 Number of tested files: 76877 Number of infected files: 15 * * avast! Scan Report * This file is generated automatically * * Scan name: Full system scan * Started on: Sunday, April 15, 2012 2:53:42 PM * VPS: 120415-2, 04/15/2012 * C:\Qoobox\Quarantine\39C\WINDOWS\system32\Drivers\ipsec.sys.vir (L) Win32:Aluroot-B [Rtk] (0) C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068815.sys (L) Win32:Sirefef-PL [Rtk] (0) Infected files: 2 Total files: 96957 Total folders: 8336 Total size: 642.1 GB * * Scan stopped: Sunday, April 15, 2012 3:35:54 PM * Run-time was 42 minutes(s), 12 second(s) *
  3. electr1cian
    Alright got it installed. When you said full you meant with the new anti virus right?
  4. electr1cian
    Should I be doing a analyze this on all the categories? Which I would connect online?
  5. electr1cian
    Been working with this computer offline. Will continue to do so untill told other wise. Also sygate wouldn't start up on it earlier. Its service had been changed to manual but couldn't get it to ever start once I changed it just to auto so I reinstalled it in order to to update malwarebytes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:34:32 AM, on 4/15/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Snagit 10\SnagitBHO.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHG~1.7\jccatch.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\fgiebar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet v1.7\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet v1.7\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted IP range: http://127.0.0.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\raid\svc\mvraidsvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 5415 bytes
  6. electr1cian
    In all honesty I was never concerned. I've had my fair share of battles over the years. Also amassed an arsenal of PE enviroment and live CD's. Any inconvenience becomes a learning experience, just consumes alot time in some cases. Been a patron of blackvipers for years so I see tuning services as a necessity but times do occur when I wish I had some sort of dependency search. Uninstalled utorrent and also vnc. Ready to proceed with your direction. Thought I should mention that when I reboot I still get the 1 second glimpse that is described here for that combofix description.
  7. electr1cian
    Results of screen317's Security Check version 0.99.32 Windows XP Service Pack 3 x86 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Sygate Personal Firewall Pro WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy CCleaner Java™ 6 Update 29 Java version out of date! Adobe Flash Player 11.1.102.63 Mozilla Firefox (3.6.28) Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe ``````````End of Log````````````
  8. electr1cian
    Here ya go, that combofix I had to help along. Think it needed a service running that I have disabled or dependency disabled. Run a pretty tight startup count usually 19-21 services after xp boots and on this uninfected box even fewer maybe 16 running process after boot.. Anyway man if you look I have been dealing with this thing trashing my services panel. Adding all kinda junk/jiberish processes none of them are ever trying to start nor do they load any descriptioins so I been just going through and disabling them for about a week now some times 30-40 at a time. Gonna add my services config at the end. Gonna run that security check now Logfile of random's system information tool 1.09 (written by random/random) Run by noneya at 2012-04-15 02:45:58 Microsoft Windows XP Professional Service Pack 3 System drive C: has 5 GB (14%) free of 40 GB Total RAM: 3037 MB (87% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default prefs.js - "browser.startup.homepage" - "http://www.google.com/" prefs.js - "extensions.enabledItems" - "DeviceDetection@logitech.com:1.23.0.5, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, jqs@sun.com:1.0, yesscript@userstyles.org:1.9, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3, max@subfighter.com:1.0.3, {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4, go2appspot@gmail.com:1.0.2, jsonview@brh.numbera.com:0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28" prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z171&form=ZGAADF&install_date=20110922&q=" "jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] "Description"= "Path"=C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18] "Description"=Veetle TV Core "Path"=C:\Program Files\Veetle\plugins\npVeetle.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18] "Description"=Veetle TV Player "Path"=C:\Program Files\Veetle\Player\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ browser.xpt browserdirprovider.dll brwsrcmp.dll components.list compreg.dat FeedConverter.js FeedProcessor.js FeedWriter.js fuelApplication.js GPSDGeolocationProvider.js jsconsole-clhandler.js NetworkGeolocationProvider.js nsAddonRepository.js nsBadCertHandler.js nsBlocklistService.js nsBrowserContentHandler.js nsBrowserGlue.js nsContentDispatchChooser.js nsContentPrefService.js nsDefaultCLH.js nsDownloadManagerUI.js nsExtensionManager.js nsFormAutoComplete.js nsHandlerService.js nsHelperAppDlg.js nsINIProcessor.js nsLivemarkService.js nsLoginInfo.js nsLoginManager.js nsLoginManagerPrompter.js nsMicrosummaryService.js nsPlacesAutoComplete.js nsPlacesDBFlush.js nsPlacesTransactionsService.js nsPrivateBrowsingService.js nsProxyAutoConfig.js nsSafebrowsingApplication.js nsSearchService.js nsSearchSuggestions.js nsSessionStartup.js nsSessionStore.js nsSetDefaultBrowser.js nsSidebar.js nsTaggingService.js nsTryToClose.js nsUpdateService.js nsUpdateServiceStub.js nsUpdateTimerManager.js nsUrlClassifierLib.js nsUrlClassifierListManager.js nsURLFormatter.js nsWebHandlerApp.js pluginGlue.js storage-Legacy.js storage-mozStorage.js txEXSLTRegExFunctions.js WebContentConverter.js xpti.dat C:\Program Files\Mozilla Firefox\plugins\ npdeployJava1.dll npnul32.dll npvsharetvplg.dll C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml answers.xml creativecommons.xml eBay.xml google.xml wikipedia.xml yahoo.xml C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default\extensions\ DeviceDetection@logitech.com go2appspot@gmail.com jsonview@brh.numbera.com max@subfighter.com yesscript@userstyles.org {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} {b9db16a4-6edc-47ec-a1f4-b86292ed211d} {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default\searchplugins\ mywebsearch.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\Snagit 10\SnagitBHO.dll [2010-04-13 63304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}] IeCatch2 Class - C:\PROGRA~1\FLASHG~1.7\jccatch.dll [2002-01-16 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152] {E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FLASHG~1.7\fgiebar.dll [2005-06-07 86016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384] "EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2012-03-18 1726976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] Ati2evxx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2011-04-22 214016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft OneNote" "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Disabled:Microsoft SharePoint Workspace" "C:\Program Files\Bitcoin\bitcoin-qt.exe"="C:\Program Files\Bitcoin\bitcoin-qt.exe:*:Enabled:bitcoin-qt" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\namecoin\namecoind.exe"="C:\Program Files\namecoin\namecoind.exe:*:Enabled:namecoind" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux3"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "VIDC.FFDS"=ff_vfw.dll "msacm.ac3filter"=ac3filter.acm "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux4"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "aux5"=wdmaud.drv "wave7"=wdmaud.drv "midi7"=wdmaud.drv "mixer7"=wdmaud.drv "aux6"=wdmaud.drv "wave8"=wdmaud.drv "midi8"=wdmaud.drv "mixer8"=wdmaud.drv "aux7"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2012-04-15 02:37:05 ----D---- C:\Program Files\trend micro 2012-04-15 02:37:04 ----D---- C:\rsit 2012-04-15 02:36:17 ----SHD---- C:\RECYCLER 2012-04-15 02:18:09 ----D---- C:\Program Files\ERUNT 2012-04-15 01:46:49 ----D---- C:\WINDOWS\temp 2012-04-15 01:46:47 ----A---- C:\ComboFix.txt 2012-04-15 00:40:35 ----A---- C:\WINDOWS\system32\drivers\ipsec.sys 2012-04-15 00:30:09 ----A---- C:\Boot.bak 2012-04-15 00:30:07 ----RASHD---- C:\cmdcons 2012-04-15 00:25:57 ----A---- C:\WINDOWS\zip.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWXCACLS.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWSC.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWREG.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\sed.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\PEV.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\NIRCMD.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\MBR.exe 2012-04-15 00:25:57 ----A---- C:\WINDOWS\grep.exe 2012-04-15 00:25:54 ----D---- C:\WINDOWS\ERDNT 2012-04-15 00:25:51 ----D---- C:\Qoobox 2012-04-14 17:14:52 ----A---- C:\WINDOWS\wininit.ini 2012-04-14 13:32:43 ----A---- C:\WINDOWS\ntbtlog.txt 2012-04-12 00:35:02 ----D---- C:\Program Files\ImageShack Uploader 2012-04-11 16:17:13 ----A---- C:\WINDOWS\JascCmdFile.INI 2012-04-05 16:47:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-03-21 17:45:34 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT 2012-03-19 05:37:19 ----A---- C:\WINDOWS\mvraidver.dat 2012-03-19 05:22:23 ----D---- C:\Program Files\Marvell 2012-03-19 02:45:51 ----ASH---- C:\zpagefile.sys 2012-03-19 00:10:57 ----A---- C:\WINDOWS\system32\ipsec.sys 2012-03-18 22:25:06 ----D---- C:\Program Files\Defraggler 2012-03-18 19:51:36 ----A---- C:\services_conf_backup.vbs 2012-03-18 19:03:27 ----D---- C:\Program Files\CCleaner 2012-03-18 14:50:37 ----D---- C:\Program Files\Partition Magic 8 Pro By Jack Docherty 2012-03-18 10:38:13 ----D---- C:\Documents and Settings\noneya\Application Data\Malwarebytes 2012-03-18 10:34:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2012-03-18 10:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-03-18 10:34:19 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2012-03-18 08:48:39 ----A---- C:\WINDOWS\system32\itlsvc.dat 2012-03-18 08:48:39 ----A---- C:\WINDOWS\system32\itldvupd.dat 2012-03-17 23:42:54 ----D---- C:\Program Files\NTPDA 2012-03-17 23:42:20 ----A---- C:\WINDOWS\uninst.exe 2012-03-17 23:41:48 ----D---- C:\Temp 2012-03-17 23:05:08 ----D---- C:\Program Files\Reference Assemblies 2012-03-17 23:05:01 ----N---- C:\WINDOWS\system32\spmsg2.dll 2012-03-17 16:12:43 ----D---- C:\Downloads 2012-03-17 16:10:41 ----D---- C:\Program Files\FlashGet v1.7 2012-03-17 16:02:30 ----A---- C:\WINDOWS\system32\secushr.dat 2012-03-17 01:25:05 ----D---- C:\Documents and Settings\noneya\Application Data\Litecoin 2012-03-17 01:24:41 ----D---- C:\litecoin 2012-03-16 23:32:40 ----D---- C:\Documents and Settings\noneya\Application Data\Armory 2012-03-16 23:32:14 ----D---- C:\Program Files\Armory 2012-03-16 23:22:56 ----D---- C:\Documents and Settings\noneya\Application Data\Electrum ======List of files/folders modified in the last 1 month====== 2012-04-15 02:38:01 ----D---- C:\WINDOWS\system32 2012-04-15 02:38:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2012-04-15 02:37:05 ----RD---- C:\Program Files 2012-04-15 02:35:04 ----A---- C:\Documents and Settings\noneya\Application Data\AtomicAlarmClock.ini 2012-04-15 02:19:42 ----D---- C:\WINDOWS\system32\drivers 2012-04-15 01:46:49 ----D---- C:\WINDOWS 2012-04-15 01:46:09 ----SD---- C:\WINDOWS\Tasks 2012-04-15 01:45:49 ----D---- C:\WINDOWS\system32\CatRoot2 2012-04-15 01:44:18 ----A---- C:\WINDOWS\system.ini 2012-04-15 01:44:10 ----D---- C:\WINDOWS\system32\drivers\etc 2012-04-15 01:41:28 ----D---- C:\WINDOWS\system32\config 2012-04-15 01:40:22 ----D---- C:\WINDOWS\AppPatch 2012-04-15 01:40:21 ----D---- C:\Program Files\Common Files 2012-04-15 01:35:38 ----D---- C:\WINDOWS\SoftwareDistribution 2012-04-15 00:30:09 ----RASH---- C:\boot.ini 2012-04-15 00:17:59 ----D---- C:\WINDOWS\Logs 2012-04-14 17:20:21 ----D---- C:\WINDOWS\twain_32 2012-04-14 17:20:21 ----D---- C:\WINDOWS\Registration 2012-04-14 16:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Zoom Player 2012-04-13 02:37:52 ----D---- C:\Documents and Settings\noneya\Application Data\Bitcoin 2012-04-12 23:00:04 ----D---- C:\Program Files\Dragon's Tale 2012-04-12 04:17:43 ----D---- C:\WINDOWS\Minidump 2012-04-12 00:35:05 ----SHD---- C:\WINDOWS\Installer 2012-04-09 19:33:13 ----D---- C:\Documents and Settings\noneya\Application Data\uTorrent 2012-04-09 06:57:08 ----D---- C:\Documents and Settings\noneya\Application Data\vlc 2012-04-05 17:11:09 ----D---- C:\Program Files\Yahoo! 2012-04-05 17:10:52 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2012-04-05 16:56:24 ----D---- C:\Documents and Settings\noneya\Application Data\Yahoo! 2012-03-25 23:15:25 ----D---- C:\Program Files\SpeedFan 2012-03-21 23:05:26 ----A---- C:\WINDOWS\DUMP326a.tmp 2012-03-21 17:52:30 ----D---- C:\WINDOWS\PeerNet 2012-03-21 17:45:23 ----D---- C:\WINDOWS\SHELLNEW 2012-03-21 17:30:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2012-03-21 03:54:04 ----D---- C:\Documents and Settings\noneya\Application Data\Media Player Classic 2012-03-20 14:37:13 ----D---- C:\Documents and Settings\noneya\Application Data\foobar2000 2012-03-20 06:06:59 ----D---- C:\WINDOWS\inf 2012-03-19 05:37:02 ----A---- C:\WINDOWS\php.ini 2012-03-19 00:19:06 ----D---- C:\WINDOWS\pss 2012-03-19 00:12:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-03-19 00:00:48 ----D---- C:\Program Files\CGMiner 2012-03-19 00:00:48 ----D---- C:\Program Files\Atomic Alarm Clock 2012-03-18 23:34:55 ----D---- C:\Program Files\Miners 2012-03-18 23:31:58 ----D---- C:\Program Files\Hide My IP 2009 2012-03-18 23:31:50 ----D---- C:\Program Files\GUIMiner 2012-03-18 23:07:38 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2012-03-18 19:53:17 ----D---- C:\WINDOWS\Debug 2012-03-18 19:24:35 ----RSD---- C:\WINDOWS\assembly 2012-03-18 19:24:29 ----D---- C:\WINDOWS\WinSxS 2012-03-18 19:21:09 ----D---- C:\Program Files\MSBuild 2012-03-18 19:21:01 ----RSD---- C:\WINDOWS\Fonts 2012-03-18 19:21:01 ----D---- C:\WINDOWS\system32\en-US 2012-03-18 19:19:10 ----D---- C:\WINDOWS\Microsoft.NET 2012-03-18 19:19:09 ----D---- C:\Program Files\Microsoft.NET 2012-03-18 19:11:26 ----D---- C:\Program Files\FlashGet 2012-03-18 11:18:05 ----D---- C:\Program Files\Zoom Player 2012-03-18 09:09:11 ----D---- C:\WINDOWS\Acronis 2012-03-17 16:07:49 ----D---- C:\Documents and Settings\noneya\Application Data\BITS 2012-03-16 23:13:01 ----D---- C:\Program Files\Bitcoin ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248] R0 mv91xx;mv91xx; C:\WINDOWS\system32\DRIVERS\mv91xx.sys [2011-11-11 275760] R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-01-29 170080] R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240] R1 atitray;atitray; \??\C:\Program Files\ATI Tray Tools\atitray.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 ntiopnp;ntiopnp; C:\WINDOWS\system32\drivers\ntiopnp.sys [2010-11-11 21080] R1 ntiowp;ntiowp; C:\WINDOWS\system32\drivers\ntiowp.sys [2006-10-20 12352] R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\VCdRom.sys [] R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys [] R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2011-04-22 2016704] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2009-04-08 116224] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-05-06 4608] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136] S0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [] S1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [] S2 NTPDA;NTPDA; C:\WINDOWS\system32\drivers\NTPDA.sys [] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [] S3 atidgllk;atidgllk; \??\C:\Program Files\GIGABYTE\EasyBoost\AtiTool\atidgllk.sys [] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [] S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [] S3 cpuz134;cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [] S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [] S3 GPCIDrv;GPCIDrv; \??\C:\Program Files\GIGABYTE\EasyBoost\GPCIDrv.sys [] S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2008-08-14 2469888] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2011-09-02 30360] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 MSICDSetup;MSICDSetup; \??\E:\CDriver.sys [] S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 4\LU4\NTIOLib.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [] S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [] S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys [] S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys [] S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992] S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664] S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 lpds;Se59unic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 s217unic;Ipsraidn; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376] S3 Marvell RAID;Marvell RAID Event Agent; C:\Program Files\Marvell\raid\svc\mvraidsvc.exe [2010-03-07 235560] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] S3 OS Selector;Acronis OS Selector activator; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\smc.exe [2005-09-27 2635472] S4 A88xTuner;BrPar; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 adiusbaw;ZDCNDIS5; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 aolavupd;REVOSENS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ASNDIS5;BTSLBCSP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 atimpab;Alcaudsl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 avg7rsxp;S3savagemx; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 avgfwsrv;Eloggersvc6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 avgtdi;Sffdisk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 avp;Lyncusbserv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 awhost32;Fsssvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 bc_pat_f;Avgems; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Bcim;Nvstor64; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 bdfdll;TPwSav; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 btaudio;Slssvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 bwmservice;Pwkntmon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 caisafe;Ooclevercacheagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CAMCAUD;Zppinger; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ca-messagequeuing;Btwdndis; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 carboncopy32;Advantage; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ccdecode;Sskbfd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 cmpci;DELTA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 com4qlb;W22n51; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2011-12-01 743936] S4 crystaloutputfileserver;SNTIE; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CrystalSysInfo;Symantecantibotfilter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CTEAPSFX.DLL;Websensecpmcommunicationagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CTEXFIFX.DLL;Nabtsfec; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 cvspydr2;Ohci1394; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 cwafrmiregistry;Toshidpt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 CXAVXBAR;Ehstart; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 cxusb;Mfebopk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 DeviceScanner;Cvslock; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 d-link_st3402;Win32sl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 dns4meclient;ATKFUSService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 dphost;Pcnet; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 drvnddm;Oracle_load_balancer_60_server-forms6i; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 dsproct;Zebrmdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 dvd_2K;Pduip6000dmemcrdmgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 dvpapi;Avc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 enxpsvr;Moufiltr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 epsonbidirectionalservice;NetTcpPortSharing; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 fcprintservice;RAPIProtocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 freesshdservice;Wampmysqld; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 FTSER2K;CA561; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 G400DH;Msmframework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 genregistrar;Pnkbstra; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 GoProto;Vci; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 haspnt;Emu10k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 houdinilicenseserver;Rxfilter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 HssSrv;PID_PEPI; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 hwdatacard;DCamUSBMke2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 icollectservice;Enum1394; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 idisw2km;Aslm75; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 IFPUSB;Diskperf; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 IJPLMSVC;Z800obex; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 inort;Scdemu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ireike;UxTuneUp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 issvc;Fd16_700; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 k750mdm;License; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 KMW_SYS;Tbiosdrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192] S4 lilsgt;Lusbaudio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 liveupdate;Sandrathesrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 lmab_device;Fasttx2k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 LMIRfsClientNP;W700obex; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 lvckap;Sysmgmthp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 lxcf_device;SymIM; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 M2500;WUSB54Gv4SVC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 mail2ec;Dnetc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 merakcontrol;Pfc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 mod7700;Intelroam; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MRENDIS5;Lhidflt2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MRUWebService;MRU Web Service; C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635] S4 ms_mpu401;Pxfhmdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 MSCamSvc;Symmpi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NecUsb3;USB3 Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S4 nimdbgk;Mi-raysat_3dsmax8; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 nipsvc;Scsiaccess; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 nmservice;Oracleformsserver-forms60server-oraform; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 noipducservice;Atitool; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 nvmd;Uleadburninghelper; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 nvsmu;Nbservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 nwlnkspx;Tphdexlgsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 omniserv;Sunkfiltp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 omniusbl;Avg7rsxp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 oracle%oracle_home_service%clientcache80;SANDRA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 oracleorahomehttpserver;Veteboot; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 p1131vid;IOSLINK; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 PBADRV;Qcmerced; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 PCASp50;KR3NPXP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 PCISys;W700mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 PD0620VID;Licensemanagersocket; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pdfcreatormessages;Pxfhmdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pdiddcci;Avupdsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pdlndqll;W700mdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pid_0928;Ksthunk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pktfilter;PBADRV; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 pnkbstrk;Npkcrypt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 procdd;Acnusvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 PSSdk23;Kbstuff; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 QPSched;Emclisrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 rasirda;SE2Cbus; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 rdnaoflsvc;Fuj02b1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 remoterecord;Pnrouter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 RMSvc;Mpfp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 rnadiagreceiver;Se2Cunic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 s116bus;Ss_mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 s116mgmt;Ibmcicstransactiongateway; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 s116nd5;Astcc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 s716obex;Ftrtsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 SaiNtHid;Isdrv122; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 savrtpel;Viamraid; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 screadspool;NTIDrvr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 SE2Bmdm;Regdefend; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 se2Cunic;Arc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 se44mgmt;Protectionservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 SeaPort;Cacheserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 sis315;TryAndDecideService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 smapint;P3; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 sonypvu1;Pgpsdkservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 spcstb;MobilePreInstallerService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 SRTSPL;RushTopDevice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 sscdmdm;DellAMBrokerService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 ssoftservice;Mdvrmng; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 sstpsvc;Useraccess; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 starwindservice;Dtscsi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 StkScan;Usbscan; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 STV680;Bvrp_pci; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 tandpl;Cachemgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 telnet;ASUSVRC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 tfsnudf;Ssfs0509; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 tifm21;EpmPsd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 TMHIDSRV;Iwebcal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 tmtdi;KR10N; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 transarcafsdaemon;Pnmsrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 tsmapip;Digitizer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 USB_RNDIS_XP;Vpctcom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 usb_rndisx;Mfcom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 usbcm;SrvcEPECioctl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 USBVCD;Dlaopiom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 usbvideo;ELmou; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 UVCFTR;Arhidfltr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 UWProSys;Ageremodemaudio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 VAIOMediaPlatform-PhotoServer-UPnP;W800mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 VC6SecS;CADlink; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 vcommmgr;SQLAgent$LG_LP2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 viairda;Rsvchost; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 VIAPFD;Symantecantibotdriver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 VICESYS;PNRPSvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 vmnetdhcp;Nidomainservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 vpcnfltr;ZuneBusEnum; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 VRcore;Wmp54gv4svc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 vusbbus;Zpcache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 W8100PCI;Cdmservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-04-15 02:37:08 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe" AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe" Acronis Disk Director Suite 11.0216 Final-->C:\Program Files\Acronis Disk Director Suite\uninst.exe Acronis Disk Director Home-->MsiExec.exe /X{9CCC78EF-027E-40E0-9B61-39932C65E3FE} ActiveState ActivePython 2.7.2.5 (32-bit)-->MsiExec.exe /I{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_Plugin.exe -maintain plugin AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408} ATI Stream SDK v2 Developer-->MsiExec.exe /I{0ED98038-0885-F902-C419-669ADE471A46} Atomic Alarm Clock 5.91-->"C:\Program Files\Atomic Alarm Clock\unins000.exe" Bass Audio Decoder (remove only)-->"C:\Program Files\Bass Audio Decoder\uninstall.exe" Belarc Advisor 8.2-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG" BetOnline Poker 8.2-->C:\Program Files\BetOnline Poker\uninstall.exe BetOnline Poker-->C:\Program Files\BetOnline Poker\uninstall.exe BovadaPoker-->"C:\Program Files\Bovada\unins000.exe" BTC On Tilt Poker 1.8-->"C:\Documents and Settings\noneya\Local Settings\Application Data\BTC On Tilt Poker\unins000.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe" CPUCooL (remove only)-->"C:\Program Files\CPUCooL\CPUCooL-uninst.exe" CPUFSB (remove only)-->"C:\Program Files\CPUFSB\CPUFSB-uninst.exe" CPUID CPU-Z 1.59-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" CPUID HWMonitor Pro 1.12-->"C:\Program Files\CPUID\HWMonitorPro\unins000.exe" CSVed 2.2.1-->"C:\Program Files\CSVed\unins000.exe" DCoder Image Source (remove only)-->"C:\Program Files\DCoder Image Source\uninstall.exe" Defraggler-->"C:\Program Files\Defraggler\uninst.exe" DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe" Dragon's Tale-->"C:\WINDOWS\Dragon's Tale Uninstaller.exe" Driver Sweeper version 3.2.0-->"C:\Program Files\Driver Sweeper\unins000.exe" DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe" EasyBoost-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{41910260-4532-4734-8181-3E8AFDBB05D7} /l1033 eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ffdshow v1.1.3966 [2011-08-09]-->"C:\Program Files\ffdshow\unins000.exe" FFMPEG Core Files (remove only)-->"C:\Program Files\FFMPEG Core Files\uninstall.exe" FlashGet(JetCar)-->C:\PROGRA~1\FLASHG~1.7\UNWISE.EXE C:\PROGRA~1\FLASHG~1.7\INSTALL.LOG foobar2000 v0.9.5.2-->"C:\Program Files\foobar2000\uninstall.exe" Foxit Reader 5.1-->"C:\Program Files\Foxit Reader\unins000.exe" Gabest MPEG Splitter (remove only)-->"C:\Program Files\Gabest MPEG Splitter\uninstall.exe" GIGABYTE VGA @BIOS-->MsiExec.exe /I{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76} Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPU Caps Viewer 1.15.0-->"C:\Program Files\GPU_Caps_Viewer\unins000.exe" Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" HDD Regenerator-->MsiExec.exe /X{97A39919-9FEA-48B7-AB2B-4F99212D1E98} ImageShack Uploader 2.2.0-->MsiExec.exe /X{8BCD7AE7-F713-4D50-BAB9-7839B9386870} ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" Intel® Graphics Media Accelerator Driver-->C:\Program Files\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall Intel® Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328} Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF} LAV Filters (remove only)-->"C:\Program Files\LAV Filters\uninstall.exe" LinuxLive USB Creator-->C:\Program Files\LinuxLive USB Creator\Uninstall.exe Logitech SetPoint 6.32-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" marvell 91xx driver-->C:\Program Files\Marvell\mv91xx\uninst-91xx.exe Marvell MRU V4-->C:\Program Files\Marvell\raid\uninstmru.exe Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe" Moyea FLV Editor Pro Version: 3.1.13.0-->"C:\Program Files\FLV Editor Pro\unins000.exe" Mozilla Firefox (3.6.28)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP4 Cutter 1.0-->"C:\Program Files\MP4 Cutter\unins000.exe" MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Notepad++-->C:\Program Files\Notepad++\uninstall.exe NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall OpenSource AVI Splitter (remove only)-->"C:\Program Files\OpenSource AVI Splitter\uninstall.exe" OpenSource DTS/AC3/DD+ Source Filter (remove only)-->"C:\Program Files\OpenSource DTSAC3DD+ Source Filter\uninstall.exe" OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe" PC Wizard 2010.1.96-->"C:\Program Files\CPUID\PC Wizard 2010\unins000.exe" Python 2.7 Twisted-12.0.0-->MsiExec.exe /I{2E9D4ECD-62E1-4575-82A0-0002D6AB096A} Ray Adams ATI Tray Tools-->"C:\Program Files\ATI Tray Tools\uninstall.exe" RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe" REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly Realtek HDMI Audio Driver for ATI-->RtaUpd.exe -k -m -nrg2709 Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 RichFLV-->msiexec /qb /x {5D38959D-2B4D-8AB0-FD1B-27C324E78DB0} RichFLV-->MsiExec.exe /I{5D38959D-2B4D-8AB0-FD1B-27C324E78DB0} SBR Poker 1.0.0-->"C:\Program Files\SBR Poker\unins000.exe" SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe" Snagit 10-->MsiExec.exe /I{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85} SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" StreamTorrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe" Sygate Personal Firewall Pro-->MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E} System Requirements Lab for Intel-->MsiExec.exe /I{EFE3D683-903C-4B58-AB8F-C68C69F33758} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamViewer 7-->C:\Program Files\TeamViewer\Version7\uninstall.exe Veetle TV-->C:\Program Files\Veetle\UninstallVeetleTV.exe VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Enterprise Edition E4.4.0-->"C:\Program Files\VNC4\unins000.exe" VNC Mirror Driver 1.8.0-->"C:\Program Files\VNC4\Mirror Driver\unins000.exe" vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe WinRAR 4.11 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe XP Royale Theme-->C:\Temp\Resources\Themes\Uninstall_Royale_Theme.exe ZEN Entertainment-->C:\Program Files\ZEN Poker\uninstall.exe Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe" ======Security center information====== FW: Sygate Personal Firewall Pro (disabled) ======System event log====== Computer Name: NONEYA-BIDNESS Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 19834 Source Name: Service Control Manager Time Written: 20120303053008.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 19831 Source Name: Service Control Manager Time Written: 20120303052955.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 19827 Source Name: Service Control Manager Time Written: 20120303052942.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 19824 Source Name: Service Control Manager Time Written: 20120303052930.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 7023 Message: The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. Record Number: 19821 Source Name: Service Control Manager Time Written: 20120303052921.000000-360 Event Type: error User: =====Application event log===== Computer Name: NONEYA-BIDNESS Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 1221 Source Name: PerfNet Time Written: 20111226103053.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 1220 Source Name: PerfNet Time Written: 20111226102053.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 1219 Source Name: PerfNet Time Written: 20111226101053.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 1218 Source Name: PerfNet Time Written: 20111226100053.000000-360 Event Type: error User: Computer Name: NONEYA-BIDNESS Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 1217 Source Name: PerfNet Time Written: 20111226095054.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Stream\bin\x86;C:\Python27;C:\Python27\Scripts;C:\Program Files\AMD APP\bin\x86;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Acronis\SnapAPI "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.py;.pyw "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "AMDAPPSDKROOT"=C:\Program Files\AMD APP\ "ATISTREAMSDKROOT"=C:\Program Files\ATI Stream\ -----------------EOF----------------- ;Services Startup Configuration Backup 4/15/2012 2:09:55 AM [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A88xTuner] "DisplayName"="BrPar" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adiusbaw] "DisplayName"="ZDCNDIS5" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc] "DisplayName"="Adobe Flash Player Update Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter] "DisplayName"="Alerter" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG] "DisplayName"="Application Layer Gateway Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aolavupd] "DisplayName"="REVOSENS" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt] "DisplayName"="Application Management" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASNDIS5] "DisplayName"="BTSLBCSP" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atimpab] "DisplayName"="Alcaudsl" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv] "DisplayName"="Windows Audio" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avg7rsxp] "DisplayName"="S3savagemx" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgfwsrv] "DisplayName"="Eloggersvc6" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtdi] "DisplayName"="Sffdisk" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avp] "DisplayName"="Lyncusbserv" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awhost32] "DisplayName"="Fsssvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bcim] "DisplayName"="Nvstor64" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bc_pat_f] "DisplayName"="Avgems" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdfdll] "DisplayName"="TPwSav" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "DisplayName"="Background Intelligent Transfer Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser] "DisplayName"="Computer Browser" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btaudio] "DisplayName"="Slssvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bwmservice] "DisplayName"="Pwkntmon" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ca-messagequeuing] "DisplayName"="Btwdndis" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\caisafe] "DisplayName"="Ooclevercacheagent" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CAMCAUD] "DisplayName"="Zppinger" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\carboncopy32] "DisplayName"="Advantage" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccdecode] "DisplayName"="Sskbfd" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv] "DisplayName"="ClipBook" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmpci] "DisplayName"="DELTA" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\com4qlb] "DisplayName"="W22n51" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp] "DisplayName"="COM+ System Application" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CPUCooLServer] "DisplayName"="CPUCooLServer Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc] "DisplayName"="CryptSvc" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crystaloutputfileserver] "DisplayName"="SNTIE" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CrystalSysInfo] "DisplayName"="Symantecantibotfilter" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CTEAPSFX.DLL] "DisplayName"="Websensecpmcommunicationagent" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CTEXFIFX.DLL] "DisplayName"="Nabtsfec" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cvspydr2] "DisplayName"="Ohci1394" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cwafrmiregistry] "DisplayName"="Toshidpt" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CXAVXBAR] "DisplayName"="Ehstart" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cxusb] "DisplayName"="Mfebopk" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d-link_st3402] "DisplayName"="Win32sl" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch] "DisplayName"="DCOM Server Process Launcher" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeviceScanner] "DisplayName"="Cvslock" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp] "DisplayName"="DHCP Client" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin] "DisplayName"="Logical Disk Manager Administrative Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver] "DisplayName"="Logical Disk Manager" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns4meclient] "DisplayName"="ATKFUSService" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache] "DisplayName"="DNS Client" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc] "DisplayName"="Wired AutoConfig" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dphost] "DisplayName"="Pcnet" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drvnddm] "DisplayName"="Oracle_load_balancer_60_server-forms6i" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsproct] "DisplayName"="Zebrmdm" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvd_2K] "DisplayName"="Pduip6000dmemcrdmgr" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvpapi] "DisplayName"="Avc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost] "DisplayName"="Extensible Authentication Protocol Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\enxpsvr] "DisplayName"="Moufiltr" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epsonbidirectionalservice] "DisplayName"="NetTcpPortSharing" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc] "DisplayName"="Error Reporting Service" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog] "DisplayName"="Event Log" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem] "DisplayName"="COM+ Event System" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility] "DisplayName"="Fast User Switching Compatibility" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcprintservice] "DisplayName"="RAPIProtocol" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\freesshdservice] "DisplayName"="Wampmysqld" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FTSER2K] "DisplayName"="CA561" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\G400DH] "DisplayName"="Msmframework" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\genregistrar] "DisplayName"="Pnkbstra" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GoProto] "DisplayName"="Vci" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\haspnt] "DisplayName"="Emu10k" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc] "DisplayName"="Help and Support" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ] "DisplayName"="HID Input Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc] "DisplayName"="Health Key and Certificate Management Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\houdinilicenseserver] "DisplayName"="Rxfilter" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssSrv] "DisplayName"="PID_PEPI" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter] "DisplayName"="HTTP SSL" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwdatacard] "DisplayName"="DCamUSBMke2" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icollectservice] "DisplayName"="Enum1394" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idisw2km] "DisplayName"="Aslm75" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT] "DisplayName"="InstallDriver Table Manager" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IFPUSB] "DisplayName"="Diskperf" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IJPLMSVC] "DisplayName"="Z800obex" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService] "DisplayName"="IMAPI CD-Burning COM Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inort] "DisplayName"="Scdemu" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ireike] "DisplayName"="UxTuneUp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\issvc] "DisplayName"="Fd16_700" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService] "DisplayName"="Java Quick Starter" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\k750mdm] "DisplayName"="License" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KMW_SYS] "DisplayName"="Tbiosdrv" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer] "DisplayName"="Server" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation] "DisplayName"="Workstation" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LBTServ] "DisplayName"="Logitech Bluetooth Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lilsgt] "DisplayName"="Lusbaudio" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\liveupdate] "DisplayName"="Sandrathesrv" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmab_device] "DisplayName"="Fasttx2k" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts] "DisplayName"="TCP/IP NetBIOS Helper" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMIRfsClientNP] "DisplayName"="W700obex" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lpds] "DisplayName"="Se59unic" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lvckap] "DisplayName"="Sysmgmthp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lxcf_device] "DisplayName"="SymIM" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\M2500] "DisplayName"="WUSB54Gv4SVC" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mail2ec] "DisplayName"="Dnetc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Marvell RAID] "DisplayName"="Marvell RAID Event Agent" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\merakcontrol] "DisplayName"="Pfc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "DisplayName"="Messenger" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service] "DisplayName"="Microsoft SharePoint Workspace Audit Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mod7700] "DisplayName"="Intelroam" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRENDIS5] "DisplayName"="Lhidflt2" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRUWebService] "DisplayName"="MRU Web Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSCamSvc] "DisplayName"="Symmpi" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC] "DisplayName"="Distributed Transaction Coordinator" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer] "DisplayName"="Windows Installer" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ms_mpu401] "DisplayName"="Pxfhmdfl" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent] "DisplayName"="Network Access Protection Agent" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE] "DisplayName"="Network DDE" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm] "DisplayName"="Network DDE DSDM" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon] "DisplayName"="Net Logon" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nimdbgk] "DisplayName"="Mi-raysat_3dsmax8" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nipsvc] "DisplayName"="Scsiaccess" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla] "DisplayName"="Network Location Awareness (NLA)" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice] "DisplayName"="Oracleformsserver-forms60server-oraform" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noipducservice] "DisplayName"="Atitool" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp] "DisplayName"="NT LM Security Support Provider" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc] "DisplayName"="Removable Storage" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvmd] "DisplayName"="Uleadburninghelper" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvsmu] "DisplayName"="Nbservice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nwlnkspx] "DisplayName"="Tphdexlgsvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniserv] "DisplayName"="Sunkfiltp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniusbl] "DisplayName"="Avg7rsxp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oracle%oracle_home_service%clientcache80] "DisplayName"="SANDRA" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oracleorahomehttpserver] "DisplayName"="Veteboot" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OS Selector] "DisplayName"="Acronis OS Selector activator" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose] "DisplayName"="Office Source Engine" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\osppsvc] "DisplayName"="Office Software Protection Platform" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p1131vid] "DisplayName"="IOSLINK" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PBADRV] "DisplayName"="Qcmerced" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCASp50] "DisplayName"="KR3NPXP" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCISys] "DisplayName"="W700mdm" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PD0620VID] "DisplayName"="Licensemanagersocket" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdfcreatormessages] "DisplayName"="Pxfhmdm" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdiddcci] "DisplayName"="Avupdsvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdlndqll] "DisplayName"="W700mdfl" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pid_0928] "DisplayName"="Ksthunk" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pktfilter] "DisplayName"="PBADRV" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay] "DisplayName"="Plug and Play" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnkbstrk] "DisplayName"="Npkcrypt" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent] "DisplayName"="IPSEC Services" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\procdd] "DisplayName"="Acnusvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSSdk23] "DisplayName"="Kbstuff" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QPSched] "DisplayName"="Emclisrv" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto] "DisplayName"="Remote Access Auto Connection Manager" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rasirda] "DisplayName"="SE2Cbus" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan] "DisplayName"="Remote Access Connection Manager" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdnaoflsvc] "DisplayName"="Fuj02b1" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr] "DisplayName"="Remote Desktop Help Session Manager" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess] "DisplayName"="Routing and Remote Access" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\remoterecord] "DisplayName"="Pnrouter" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] "DisplayName"="Remote Registry" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RMSvc] "DisplayName"="Mpfp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rnadiagreceiver] "DisplayName"="Se2Cunic" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator] "DisplayName"="Remote Procedure Call (RPC) Locator" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs] "DisplayName"="Remote Procedure Call (RPC)" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP] "DisplayName"="QoS RSVP" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116bus] "DisplayName"="Ss_mdm" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116mgmt] "DisplayName"="Ibmcicstransactiongateway" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116nd5] "DisplayName"="Astcc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s217unic] "DisplayName"="Ipsraidn" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s716obex] "DisplayName"="Ftrtsvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaiNtHid] "DisplayName"="Isdrv122" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs] "DisplayName"="Security Accounts Manager" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savrtpel] "DisplayName"="Viamraid" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr] "DisplayName"="Smart Card" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule] "DisplayName"="Task Scheduler" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\screadspool] "DisplayName"="NTIDrvr" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SE2Bmdm] "DisplayName"="Regdefend" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se2Cunic] "DisplayName"="Arc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se44mgmt] "DisplayName"="Protectionservice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort] "DisplayName"="Cacheserver" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS] "DisplayName"="System Event Notification" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection] "DisplayName"="Shell Hardware Detection" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sis315] "DisplayName"="TryAndDecideService" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smapint] "DisplayName"="P3" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sonypvu1] "DisplayName"="Pgpsdkservice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spcstb] "DisplayName"="MobilePreInstallerService" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice] "DisplayName"="System Restore Service" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL] "DisplayName"="RushTopDevice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sscdmdm] "DisplayName"="DellAMBrokerService" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV] "DisplayName"="SSDP Discovery Service" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssoftservice] "DisplayName"="Mdvrmng" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sstpsvc] "DisplayName"="Useraccess" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\starwindservice] "DisplayName"="Dtscsi" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc] "DisplayName"="Windows Image Acquisition (WIA)" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StkScan] "DisplayName"="Usbscan" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STV680] "DisplayName"="Bvrp_pci" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv] "DisplayName"="MS Software Shadow Copy Provider" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog] "DisplayName"="Performance Logs and Alerts" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tandpl] "DisplayName"="Cachemgr" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv] "DisplayName"="Telephony" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\telnet] "DisplayName"="ASUSVRC" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService] "DisplayName"="Terminal Services" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tfsnudf] "DisplayName"="Ssfs0509" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes] "DisplayName"="Themes" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tifm21] "DisplayName"="EpmPsd" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] "DisplayName"="Telnet" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TMHIDSRV] "DisplayName"="Iwebcal" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmtdi] "DisplayName"="KR10N" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\transarcafsdaemon] "DisplayName"="Pnmsrv" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks] "DisplayName"="Distributed Link Tracking Client" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tsmapip] "DisplayName"="Digitizer" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost] "DisplayName"="Universal Plug and Play Device Host" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS] "DisplayName"="Uninterruptible Power Supply" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbcm] "DisplayName"="SrvcEPECioctl" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBVCD] "DisplayName"="Dlaopiom" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo] "DisplayName"="ELmou" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb_rndisx] "DisplayName"="Mfcom" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USB_RNDIS_XP] "DisplayName"="Vpctcom" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UVCFTR] "DisplayName"="Arhidfltr" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UWProSys] "DisplayName"="Ageremodemaudio" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VAIOMediaPlatform-PhotoServer-UPnP] "DisplayName"="W800mdm" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VC6SecS] "DisplayName"="CADlink" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vcommmgr] "DisplayName"="SQLAgent$LG_LP2" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viairda] "DisplayName"="Rsvchost" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VIAPFD] "DisplayName"="Symantecantibotdriver" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VICESYS] "DisplayName"="PNRPSvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmnetdhcp] "DisplayName"="Nidomainservice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpcnfltr] "DisplayName"="ZuneBusEnum" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VRcore] "DisplayName"="Wmp54gv4svc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS] "DisplayName"="Volume Shadow Copy" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vusbbus] "DisplayName"="Zpcache" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time] "DisplayName"="Windows Time" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W8100PCI] "DisplayName"="Cdmservice" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient] "DisplayName"="WebClient" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt] "DisplayName"="Windows Management Instrumentation" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wm] "DisplayName"="Qbposdbservices" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN] "DisplayName"="Portable Media Serial Number Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi] "DisplayName"="Windows Management Instrumentation Driver Extensions" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv] "DisplayName"="WMI Performance Adapter" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wstcodec] "DisplayName"="LVVI500A" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv] "DisplayName"="Automatic Updates" "Start"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC] "DisplayName"="Wireless Zero Configuration" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov] "DisplayName"="Network Provisioning Service" "Start"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\z525bus] "DisplayName"="MREMPR5" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\z525mdm] "DisplayName"="RR2Mjpeg" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zendcoreapache] "DisplayName"="Syntp" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zpmysql] "DisplayName"="Sk99202k" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zpsc] "DisplayName"="AtlsAud" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}] "DisplayName"="Ndassvc" "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}] "DisplayName"="Papyjoy" "Start"=dword:00000004
  9. electr1cian
    Combofix found Rootkit.zeroAccess.h then brought 2 windows asking about rebooting. I clicked OK on both windows. Is this normal for combofix to take an excessive amount of time to reboot? Especially with no other activity occuring?
  10. electr1cian
    so I opened task manager and the following service are running that normally are not however none of these are using CPU cycles CF25989.3XE ping.exe ping.exe ping.exe also an extra svchost.exe maybe two System idle is at 99 and all other services are still also no movement when sorted by CPU usage
  11. electr1cian
    Sorry man time out, I just started up combofix prior to seeing your post. My intent was to follow this post here http://forums.malwarebytes.org/index.php?showtopic=108601&view=findpost&p=542534 So far its killed the explorer.exe task and found the Rootkit.zeroaccess.h brought up 2 windows about rebooting, clicked ok on both but it still has not rebooted. Also it installed recovery console prior to running. I have system restore on this drive if that may help get us back on the same page. Seems like this thing would of rebooted by now especially after asking but instruction prior to running said to not do the reboot myself. Again I am sorry for this complication.
  12. electr1cian
    I have been having the redirects or other symptoms people have described in other threads. But I am getting the quarantine window stating Rootkit.0Access.H and also the blocked outgoing attempts. 2 compooters mbam-log says one is clean the other being the rootkit. I have ran RogueKiller and DDS on both. So I will post the RogueKiller and mbam-log logs for both now and maybe we can rule out the box I believe to be clean and confirm the dirty one. Will go ahead and post the DDS from infected. Went ahead and gathered the following: catchme.exe ComboFix.exe gmer.exe mbr.exe tdsskiller.exe Also I am aware of the Backdoor Infection My XP is Screwed Guarantee mentioned in other threads. Lets do this!!! That is if anyone is around still around and doesn't mind. Let me say ahead time that I appreciate your time. Thanks 1st box (believed to be unfilthy) Rougue and mbam-log RogueKiller V7.3.2 Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: myname [Admin rights] Mode: Scan -- Date: 04/14/2012 21:23:29 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 7 ¤¤¤ [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ] HKCU\[...]\Advanced : log4-14tart_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5592f8076f07eda90befeb8e6fe753f1 [bSP] 2691ba19d6185acf958677b3e659ee74 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39103 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 80084086 | Size: 151678 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt 1st the box (believed to be unfilthy) mbam-log 4/14/2012 5:14:19 PM mbam-log-2012-04-14 (17-14-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 336133 Time elapsed: 2 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 2nd Box Rootkit.0Access.H RogueKiller V7.3.2 Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: noneya [Admin rights] Mode: Scan -- Date: 04/14/2012 21:32:37 ¤¤¤ Bad processes: 1 ¤¤¤ [HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [RANDOMNAME] HKLM\[...]\RunOnce : SpybotDeletingA1683 (command.com /c del "C:\WINDOWS\system32\PTDCBus.dll_old") -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [FAKED] ipsec.sys : c:\windows\system32\drivers\ipsec.sys --> CANNOT FIX [FAKED] sermouse.sys : c:\windows\system32\drivers\sermouse.sys --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 22289581b6914a5ae432e3b904c3045c [bSP] 8d122f242c67815dbb8670c9ad0c8e60 : Standard MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] 8a2ba3c1b57b81ce0fe9502a492252ac [bSP] f97044ea4914e92f5ed3a3937f3c5c39 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40005 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81931500 | Size: 265237 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: +++++ --- User --- [MBR] 499d457da91959658856f03052e59be3 [bSP] 7fd259ac985bfcdc99527fac8c74535b : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: +++++ --- User --- [MBR] 9b6a6236cdf3be5d16f1b8eb60f87af8 [bSP] 355824eb8fd2c66d848d09d0d40a919b : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 476 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt 2nd Box Rootkit.0Access.H mbam-log Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 noneya :: NONEYA-BIDNESS [administrator] Protection: Enabled 4/14/2012 1:54:23 PM mbam-log-2012-04-14 (13-54-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 194363 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\WINDOWS\system32\LwUsbHid.dll (RootKit.0Access.H) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\system32\LwUsbHid.dll (RootKit.0Access.H) -> Delete on reboot. (end) 2nd Box Rootkit.0Access.H DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29 Run by noneya at 22:10:43 on 2012-04-14 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uLocal Page = hxxp://www.google.com/ uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://www.google.com/ mDefault_Search_URL = hxxp://www.google.com/ mSearch Page = hxxp://www.google.com/ mLocal Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ mSearchAssistant = hxxp://www.google.com/ mCustomizeSearch = hxxp://www.google.com/ BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 10\SnagitBHO.dll BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashg~1.7\jccatch.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 10\SnagitIEAddin.dll TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashg~1.7\fgiebar.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [skinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [RTHDCPL] RTHDCPL.EXE mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [spybotDeletingA1683] command.com /c del "c:\windows\system32\PTDCBus.dll_old" IE: Download All by FlashGet - c:\program files\flashget v1.7\jc_all.htm IE: Download using FlashGet - c:\program files\flashget v1.7\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashg~1.7\flashget.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CB4F91B0-FE02-4277-88E0-EA06018B1AA8} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F18074FD-2BE5-4EFB-99E2-BE12AD8A2B2F} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z171&form=ZGAADF&install_date=20110922&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: c:\documents and settings\noneya\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: YesScript: yesscript@userstyles.org - %profile%\extensions\yesscript@userstyles.org FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Flash Video Resources Downloader: max@subfighter.com - %profile%\extensions\max@subfighter.com FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Go2 proxy: go2appspot@gmail.com - %profile%\extensions\go2appspot@gmail.com FF - Ext: JSONView: jsonview@brh.numbera.com - %profile%\extensions\jsonview@brh.numbera.com FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-04-12 05:35:02 -------- d-----w- c:\program files\ImageShack Uploader 2012-04-05 21:47:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-19 20:03:03 -------- d-----w- c:\documents and settings\noneya\VirtualBox VMs 2012-03-19 20:02:32 -------- d-----w- c:\documents and settings\noneya\.VirtualBox 2012-03-19 10:22:23 -------- d-----w- c:\program files\Marvell 2012-03-19 07:45:58 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-19 07:45:51 1073741824 --sha-w- C:\zpagefile.sys 2012-03-19 05:10:57 39956 ----a-w- c:\windows\system32\ipsec.sys 2012-03-19 03:25:06 -------- d-----w- c:\program files\Defraggler 2012-03-19 00:52:22 12029 ----a-w- C:\Services_Backup_3182012.REG 2012-03-19 00:51:36 2133 ----a-w- C:\services_conf_backup.vbs 2012-03-19 00:03:27 -------- d-----w- c:\program files\CCleaner 2012-03-18 19:50:37 -------- d-----w- c:\program files\Partition Magic 8 Pro By Jack Docherty 2012-03-18 15:38:13 -------- d-----w- c:\documents and settings\noneya\application data\Malwarebytes 2012-03-18 15:34:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-18 15:34:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-18 15:34:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-03-18 13:44:56 38400 ----a-w- c:\windows\system32\USB3Sw32.dll 2012-03-18 13:34:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-03-18 04:42:54 3446 ----a-w- c:\windows\system32\drivers\ntpda.sys 2012-03-18 04:42:54 -------- d-----w- c:\program files\NTPDA 2012-03-18 04:42:20 299520 ----a-w- c:\windows\uninst.exe 2012-03-18 04:42:20 -------- d-----w- c:\documents and settings\noneya\WINDOWS 2012-03-18 04:41:48 -------- d-----w- C:\Temp 2012-03-18 04:05:01 14048 ------w- c:\windows\system32\spmsg2.dll 2012-03-17 21:12:43 -------- d-----w- C:\Downloads 2012-03-17 21:10:41 -------- d-----w- c:\program files\FlashGet v1.7 2012-03-17 06:25:05 -------- d-----w- c:\program files\damn nfo viewer 2012-03-17 06:24:41 -------- d-----w- c:\program files\imgburn 2012-03-17 04:32:40 -------- d-----w- c:\program files\foobar2000 2012-03-17 04:32:14 -------- d-----w- c:\program files\Armory . ==================== Find3M ==================== . 2012-04-05 21:47:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-22 04:05:26 90112 ----a-w- c:\windows\DUMP326a.tmp 2012-02-29 06:07:27 12319 ----a-w- C:\Services_Backup_2292012.REG 2012-02-21 05:40:45 6656 ----a-w- c:\windows\system32\lpcio.dll 2012-02-16 15:13:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-01-29 07:07:36 170080 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-12-23 06:36:27 61972 ----a-w- c:\program files\Zoom Player Settings.reg . ============= FINISH: 22:11:08.93 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.